Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:24 PM
Sharon Gaudin
Sharon Gaudin

How Happy Are You With Your Salary?

I got an interesting piece of information last week. Alan Paller of the SANS Institute tells me people who see their salaries increasing each year are more satisfied with their salaries than those who are paid well but who don't see it getting any better.

I got an interesting piece of information last week. Alan Paller of the SANS Institute tells me people who see their salaries increasing each year are more satisfied with their salaries than those who are paid well but who don't see it getting any better.I was a little surprised when he told me that. I personally would like a holy-cow-that's-big kind of salary. Well, honestly now, I'd like a really big salary that gets still bigger every year. Who wouldn't?

But after I wrote a story about the SANS Institute's eight-year-long salary survey last week, I had dinner with some friends. And I asked them what would make them happier. Big salary? Yearly raises? They were quick to pick annual raises. They said it would make them feel like the company valued them. I can see that. Everyone wants to feel valued, no matter what job you're doing.

Paller also talked about the "leveling" that is going on with information security salaries across the country. For a long time, if you wanted to make big money in IT, you lived in Silicon Valley. Of course, it took a huge salary to be able to afford to live there, but that's where the big money was.

Now it looks like the rest of the country is getting to share the wealth. The SANS Institute's survey showed that the Midwest, the Northwest, and the Southeast all are on the salary fast track, bringing in at least 7.5% yearly increases. The Mid-Atlantic region, which includes Pennsylvania, Maryland, Virginia, and Washington, D.C., has the biggest paychecks for security professionals, coming in at a mean salary of $95,615 for 2006. The Northeast came in second with $92,452, while the West, which includes Silicon Valley, rang in with $86,368.

Looks like security professionals have a lot more options about where they can live and still make a very good living.

The SANS Institute is working on a new survey, though. This one will focus on the past year, as opposed to the last study which focused on an eight-year span.

Paller told me that with this survey, he's expecting to see a shift in emphasis. More technical employees will start to get bigger raises. For a while now, FISMA has forced companies to focus on reporting on their security efforts, instead of putting all their muscle behind their actual security efforts. The on-going string of data losses, security breaches, and a growing cyberthreat from China may have a lot of executives rethinking their security strategy. And that could be good news for the men and women in the security trenches.

They're looking for people to participate in the survey, so add your two cents by going to this Web site.

And I'm interested in your two cents, too. Tell me, how happy are you with your salary? Is it picking up or woefully stagnant? What would make you happier on the job?

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-14
fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.
PUBLISHED: 2019-11-14
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file.
PUBLISHED: 2019-11-14
Microstrategy Library in MicroStrategy before 2019 before 11.1.3 has reflected XSS.
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.