Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Best-Paying IT Security Jobs of 2015

Posted by Soulskill on from the squeaky-wheel-gets-the-green dept.

Nerval's Lobster writes: It's no secret that tech pros with extensive IT security backgrounds are in high demand, especially in the wake of last year's high-profile hacks of major companies such as Sony and Home Depot. Which security-related job pays the most? According to a new analysis of Dice salary data, a lead software security engineer can expect to earn an average of $233,333 in 2015, followed by a director of security, who can expect to earn $200,000. Nor are those outliers: Chief information security officers, directors of information security, and IT security consultants can all expect to earn close to $200,000, if not more. While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros. Security analysts will make an average of $59,880 this year, for instance, while security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680. Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year. According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.

85 comments

  1. Umm, yeah? by fuzzyfuzzyfungus · · Score: 4, Insightful

    I know that smearing 'security' all over things is popular; but isn't this almost comically similar to non-security job descriptions?

    Suitably high level technical skill pays very well, 'Director of' and 'Chief Something Officer' pay well to very well, 'consultants' are either quite expensive or powerless peons who have been reclassified to avoid labor laws that apply to real employees; and installation technicians aren't quite below the poverty line.

    1. Re:Umm, yeah? by Anonymous Coward · · Score: 2

      our company got conned into hiring one of these "security consultants". all they did is plug their laptop in, type in server IPs, click a button, and then print out the report. which was all the unfixed items that were ultra-low priority along with several false positives. upper management was impressed and even had sales bragging to customers about our focus on security.

    2. Re:Umm, yeah? by IAMBatman · · Score: 0

      So, did you fire upper management? Why not?

    3. Re:Umm, yeah? by gatkinso · · Score: 4, Funny

      Hell at least he found something, even if all he did was fire up Metasploit. Many times you don't even get that.

      --
      I am very small, utmostly microscopic.
    4. Re:Umm, yeah? by bluefoxlucid · · Score: 4, Insightful

      It's industry fast-talk meant to muddle your minds. Look at this:

      Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year.

      In all stable markets, salaries rise. In the dot-com boom, IT people were getting $150k-$250k; they dropped to $60k, and have been on the rise since. Why did they drop? Because the bubble bust and because everyone went to school for IT; we have a STEM glut, especially in IT, so salaries are low. As long as we continue the narrative of climbing salaries for high-value IT professionals, people will go to college for IT, and will continue to contribute to the high candidate availability and relatively low salary. With such a stable market--constantly and continuously oversupplied with labor--salaries will climb at a slow pace, but they will always climb.

      Showing high average salaries, especially un-adjusted for high-cost areas where many technicians live, puts out golden dollar signs for people to chase. People imagine themselves one day as a Director of IA, a VP of InfoSec, a CISO, a big-name boss doing as little work as possible for a maximized salary. They don't consider that such positions are on the order of one per company, matched to the company's size (small business's Director of Information Security is going to get small-business salary), and actually a whole hell of a lot of work--and not just tech work, but work of a different nature you may find greatly rewarding or horrifyingly torturous. It doesn't matter; they go to get those degrees in IT and IT Security, imagining themselves rolling in money.

      Welcome to higher-education initiatives, where the Government facilitates college education. We've shifted social responsibility from businesses--who would normally experience pain from a lack of professionals and thus aggressively supply education and training to career entrants in order to maximize their profitable strategic market advantage--to individuals--who face higher risks and a greater chance of unemployment for the potential to garner lower salaries, but believe themselves advantaged by being able to independently acquire a certification of their skill in an area which they would have otherwise acquired by advancing their career and drawing income. The point of supplying free college education or government-backed loans is to transfer power and, ultimately, money away from the individual laborer and to the hands of large businesses in the most non-intuitive and unrecognizable way, so that people will cry out for more of this rather than recognizing how much harm it's doing to them.

      --
      Support my political activism on Patreon.
    5. Re:Umm, yeah? by Anonymous Coward · · Score: 1

      then what would the company do with all that unpaid bonus money?

    6. Re:Umm, yeah? by Opportunist · · Score: 3, Informative

      Why didn't your CISO step in?

      We had a company try to pull that one on us, too. They even had the chuzpah to just fire up Nessus, create a report and dump it on us. And that was certainly not what was agreed on in the contract. When asked to show what else they did, they came up with a list of things they actually could have done, of course with no findings because "our security is so good"... and they would even have gotten away with it if it wasn't for our internal team to find a security hole just that time, and one that is SO damn blatant that anyone not faking it would have had to find it.

      We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      people will go to college for IT, and will continue to contribute to the high candidate availability and relatively low salary

      Relative to what? The 2013 median income for a US household was $51,939.

    8. Re:Umm, yeah? by chispito · · Score: 1

      We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...

      Again, see OP. Scrub the word "security" out and you could have this problem with any consultant. You win some, you lose some, you typically pay either way.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    9. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      The median household income for college grads is not that low. See this. Note also that IT is a male-dominated field, so don't forget to add in the male gender pay bonus. IT workers typically make about what a person with a Professional degree makes. This is appropriate given the amount of education and certifications necessary to work in this field.

    10. Re:Umm, yeah? by Hevel-Varik · · Score: 1

      Excellent comment

    11. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      IT workers typically make about what a person with a Professional degree makes. This is appropriate given the amount of education and certifications necessary to work in this field.

      I can count on one hand the number of techs that I have worked along side that have had ANY certs.

    12. Re:Umm, yeah? by ranton · · Score: 1

      The median household income for college grads is not that low. See this. Note also that IT is a male-dominated field, so don't forget to add in the male gender pay bonus.

      Median male salary with a Bachelor's degree is $50,916 according to your own source. That is still much less than the average IT worker.

      IT workers typically make about what a person with a Professional degree makes. This is appropriate given the amount of education and certifications necessary to work in this field.

      IT workers typically do not make what a person with a Professional degree makes, because the amount of education and certifications is not similar at all. A professional degree is essential a doctorate. That is not universally true, but the vast majority of professional degrees are doctorates. They are also almost universally licensed as a requirement to practice in their field. That is not the same thing as an A+/CCNA/MSCE/etc certification.

      Comparing average IT workers with doctors and lawyers is disingenuous. There are many highly skilled IT workers who do have a similar level of education and training as professional degree holders, and they tend to make similar salaries as professional degree holders. The vast majority of IT workers fall into the same level of education as average Bachelor degree holders.

      --
      -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
    13. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      IT workers typically make about what a person with a Professional degree makes. This is appropriate given the amount of education and certifications necessary to work in this field.

      I can count on one hand the number of techs that I have worked along side that have had ANY certs.

      Very few of them that I've ever worked with had any, they were too busy doing actual work and learning stuff on their own to be concerned with finding time to take cert courses/tests. And, in fact, most of the people we hired with a pile of certs on their resumes had zero real experience and couldn't answer 1/2 the questions about things they had their "certs" in.

    14. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      Sounds like your employer doesn't like paying for pieces of paper. Most do.

    15. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      It's industry fast-talk meant to muddle your minds. Look at this:

      Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year.

      In all stable markets, salaries rise. In the dot-com boom, IT people were getting $150k-$250k; they dropped to $60k, and have been on the rise since. Why did they drop? Because the bubble bust and because everyone went to school for IT; we have a STEM glut, especially in IT, so salaries are low. As long as we continue the narrative of climbing salaries for high-value IT professionals, people will go to college for IT, and will continue to contribute to the high candidate availability...

      I'll just stop you right there.

      Ask any seasoned IT professional who has been doing this long enough. One thing seems to always ring true. You find individuals in the IT field either capable or not.

      And I'm not talking about book smarts or degrees either. We've got enough paper diplomas and we were forced to create the acronym Must Consult Someone Experienced when referring to the paper MCSEs that were churned out in droves years ago.

      The bottom line is we will end up with more people that go to college for IT. We will end up with more paper degrees and hollow certifications. But that hardly translates to a quality talent pool of people who are cut out for the job.

      A respect for live production systems. An intuitive logical thought process for troubleshooting. A true capability to listen and learn from others outside of a classroom. A calm demeanor and able to maintain professionalism regardless of the IT crisis de jour.

      These are the valued traits of someone who will succeed in IT. And these aren't taught in a classroom, nor do they come naturally for many people regardless of the acronym soup in their signature.

    16. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      You *cannot* mix individual and household income and somehow treat them as equivalent. They are not. I was refuting the "51K median HH income" BS.

      No on strives for "median". Half the population lack college degrees. Median income means no/some college. And half the population with college degrees have worthless paper in English or Psychology or Communications or some economically equivalent worthless crap.

      Once you have a degree in a field that requires intelligence, education and skill, and produces value, then you can start making comparisons. Compare IT salaries with others in the STEM fields. We still do OK, but we are not making out brilliantly.

    17. Re:Umm, yeah? by Anonymous Coward · · Score: 1

      Hire more security consultants, of course!

    18. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      Nevermind that the majority of security auditing work is in preparation, research, creation of plugins/scripts/applications/processes (would you really trust a technology professional that doesn't automate anything they can) and in creation of reports. The rest is, in order, sales, explanation, creation of reports, and answering any questions asked.

    19. Re:Umm, yeah? by Anonymous Coward · · Score: 0

      This link is also interesting: List of countries by life expectancy

      Shows life expectancy by gender for each country. In summary, men die significantly earlier than women.
      And yet more funding is poured into, for example, female-specific cancers versus male-specific cancers. (?!)

      Just thought I'd also throw out a random rant so that your rant wasn't lonely.

    20. Re:Umm, yeah? by ranton · · Score: 1

      You *cannot* mix individual and household income and somehow treat them as equivalent. They are not. I was refuting the "51K median HH income" BS.

      This thread was already mixing individual income ($89k average tech-pro salary) and median income ($51k median HH income) so I was merely following the convention. I agree that we shouldn't be looking at HH income at all though, and should focus on average college grads making $51k and average tech-pro workers making $89k. These stats are slightly different since one is median and one is the mean, but I doubt there are many 1%-ers skewing the tech-pro salaries.

      No on strives for "median". Half the population lack college degrees. Median income means no/some college. And half the population with college degrees have worthless paper in English or Psychology or Communications or some economically equivalent worthless crap.

      We are already ignoring the population that lack college degrees since the $51k/yr figure only includes college grads. And while many people have fairly useless college degrees, many IT workers not qualified for much more than tier-2 help desk support.

      Once you have a degree in a field that requires intelligence, education and skill, and produces value, then you can start making comparisons. Compare IT salaries with others in the STEM fields. We still do OK, but we are not making out brilliantly.

      IT salaries should probably be fairly mediocre compared to STEM fields as a whole. It is on the very low end of necessary training / skills except in some very specialized sub-fields where workers do average six digit salaries.

      --
      -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
    21. Re:Umm, yeah? by bluefoxlucid · · Score: 1

      What's different about it this time? People normally balk at this argument. It's one I've begun to think I need to avoid politically--I have political initiatives for a far better welfare system (supplies stronger social safety nets without the constantly rising proportional costs our current system suffers from) and for K-12 education improvement (no fixed plan yet; lots of concepts to glue together, but I need to find someone with real understanding of K-12 education to translate those to classroom management), and may need to completely step away from the college education problem because nobody will accept that the public initiative to get everyone an independently-gained college education is actively harmful to the individual and most greatly damaging to the least-advantaged (poor, minorities).

      The only plans I'm firm on are economics plans; public support of college education is an economic problem, concerning the market interactions with the supply and demand of skilled labor from multiple angles. What of my comment do you find excellent, that I may improve on it so as to convey my concern with those market behaviors and, hopefully, bring understanding of the college education problem?

      --
      Support my political activism on Patreon.
    22. Re:Umm, yeah? by Opportunist · · Score: 1

      There are certain things that are very dependent on what your customer's setup is like.

      But I hope we can agree on saying that charging 15 days for collecting information about the client's infrastructure (essentially no cost, since that's expected from the client to deliver, but let's say 4 hours), configuring Nessus (~20 minutes) and eventually copy/pasting the result into a prepared document that supposedly constitutes a report is a wee bit off, yes?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Meh by Anonymous Coward · · Score: 1

    More dice clickbait/advertising.

  3. funny by Anonymous Coward · · Score: 0

    What's funny is that most of these company who hires big security guns are the same making all the holes afterwards for the management because it.'s toot tight, companies are paying big bucks to these people who in turn cant do their jobs because PORN must be enable for the CEO

  4. Ummm..... by Anonymous Coward · · Score: 2, Funny

    Hello!

    I am a security engineer at the biggest cloud platform company in the world... 8 years... I seem to need an adjustment =P

    I seem to be missing out on a nice chunk =P

    1. Re:Ummm..... by grimmjeeper · · Score: 4, Insightful

      That's because they already have you. The only way to really keep your salary up to average or better is to jump companies every once in a while.

    2. Re:Ummm..... by Anonymous Coward · · Score: 0

      This is the truth.

      Here's my breakdown
      2008 - 45k - fresh out of college as a C programmer
      2011 - 57k new job
      2013 - 65 k - new job, asked for more
      2014 - 75 k - asked for a lot more
      2015 - 80k - asked for 85k, but i do get a bonus which should put me at 92k

    3. Re:Ummm..... by AuMatar · · Score: 1

      You were underpaid from the start, and its perpetuated. Laughably so. Here's what my progression looked like

      01-05 70-72K (I got a small raise in there) in San Diego
      05-08 82K+equity in Seattle
      08-10 90K+equity startup
      10-12 90K-120K+equity at another startup (salaries went up from startup scale to full scale when we knew we'd be bought)
      12-13 $75/hr contracting while on vacation then moving to Baltimore. I was underpaid here, should have asked for more but did it to move to Baltimore for personal reasons
      13-14 120K+equity at a startup
      14-15 172K+lots of equity at the company that bought the startup (expect over 300K/yr total probably around 350K. May be more after my performance review which is likely to be very good) in the Valley

      Even if we assume you live somewhere far cheaper than the valley you were criminally underpaid to start and still underpaid now.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    4. Re:Ummm..... by Anonymous Coward · · Score: 1

      Notice his career started in 08?

      "Even if we assume you live somewhere far cheaper than the valley you were criminally underpaid to start and still underpaid now."

      Congratulations, you just described most of the first graduating class of the "lost generation". You were born 7 years earlier: do you want a medal?

    5. Re:Ummm..... by Bengie · · Score: 1

      What's the living cost where you were? All of that sounds like a lot until you hear that pre-housing crash, I could get a new 2500 sq-ft house on a 1-4 acre plot with access to high quality fiber Internet for about $150k. $72k would put you in the top about 10% around here. housing is cheap, internet is cheap, education is cheap, but we have some of the best housing, lowest crime, fastest internet, and best education.

    6. Re:Ummm..... by AuMatar · · Score: 1

      Mine started in 01- the year of the dot com crash. He's still underpaid, the problem is he doesn't have the balls to demand more or leave.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    7. Re:Ummm..... by grimmjeeper · · Score: 1

      I started out in the middle of the recession in the early 90's where it was hard to buy a job and the internet wasn't a big thing yet. My salary now is 5x what it was then.

    8. Re:Ummm..... by grimmjeeper · · Score: 1

      Given the cost of living in the Valley, $170K isn't all that much, even if your expectations aren't just internet bluffing. I can have a much better life in areas that aren't so hideously crowded and still take home more real disposable income after paying for housing and transportation, not to mention all of the intangible benefits of having a short commute, while having a gross salary that's 2/3 of what you're bragging about. All I have to do is live almost anywhere else in the country.

      Big salary numbers aren't impressive when you're paying 2-3x or more for your housing and you have a long commute that takes hours out of your day.

    9. Re:Ummm..... by AuMatar · · Score: 1

      I mentioned the city in several cases- assume that until I mention another city its the same as the previous one. But cost of living numbers tend to be really overstated- other than housing the remainder is basically flat anywhere in the US, the 2-3% difference doesn't matter if you aren't living paycheck to paycheck. Subtract out the difference in housing yourself, I have no idea what your base is.

      We'll disagree on you having the best housing- for me the best housing means fun things in walking distance with minimal square feet, more room means more work and I hate housework and yardwork. I'd pay extra on a house not to have a yard. The thought of mowing 4 acres all summer makes me physically ill. You'd have to pay me retirement level money per year to live somewhere rural.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    10. Re:Ummm..... by Bengie · · Score: 1
      I guess I should have asked what the prices were like where you lived in the city. I'm sure prices can vary a lot depending on where you are.

      other than housing the remainder is basically flat anywhere

      Housing is a large portion of many people's incomes. Going from $500/m for a 2 bedroom 3 level duplex with a 2 stall garage where I live, to who knows what in a big city, is probably a big difference. Not to mention getting to/from anywhere in the city is about 5-10 minutes no matter what time of the day.

      I understand not having a yard because mowing does suck, but I hate small places. Most people who have two kids and a wife probably think differently about having a small place to live, unless you want your kid's play room in your living room, which spills into your kitchen, then you invite friends over and they bring their kids.

      I hate going out. Not much intellectually stimulating at most "fun" places. A lot more challenges my mind on the Internet.

      Different people, different priorities I guess.

    11. Re:Ummm..... by AuMatar · · Score: 1

      My expectations aren't internet bluffing, its taking my RSUs by the current stock price, and adding in my expected bonus. Although if the stock market crashes in the next 6 months it could seriously decrease, its not a 0 risk supposition.

      I think you have a lot of wrong information about real cost of living in the valley. My commute is 20-25 minutes each way, and could easily be much lower at the same housing price. This morning it was 35 due to an accident, first time its been over 30 in 6 months. That's lower than most people's commutes are in other places I've lived. Housing is truly disgusting, but even then its a difference of 24K/yr over what I was paying in other cities. Subtract that from the salary. As for hideously crowded- you'd have to pay me 10 times what I make now to live in a less crowded area, what the fuck do you even do all day on weekends in a rural area? No museums, no galleries, no street musicians, no festivals, no events. No thanks. Its not even all that crowded, its just a giant spread out suburb. Crowded would be like Manhattan, which would probably be more fun

      --
      I still have more fans than freaks. WTF is wrong with you people?
    12. Re:Ummm..... by Anonymous Coward · · Score: 0

      It was my experience that in the early 90's there were an abundance of IT jobs if you possessed the right skill set which usually included C\C++. My career started in 89 and I have been able to experience the entire evolution from mainframe/mid-range dominance, desktops, client/server, and distributive networking architecture. Experienced the online evolution all the way from BBS's, Kermit, and 2400 baud modems right up to the Internet we have today. And people may pay well for the people implementing system security measures such as configuring firewalls but I have some serious doubts about wasting money and resources on anyone calling themselves a top security researcher because I have yet to see any of the big time "security experts". All the top companies and noteworthy individuals in the field seem to do more postmortem work than come up with any pro-active solutions.

    13. Re:Ummm..... by Anonymous Coward · · Score: 0

      This is normal. You've mostly worked at startups and contracting while jumping ship quite often. This might indicate above-average performance and/or experience. You might not realize it, but most normal IT jobs are not very spectacular.

      We can't everybody be above average. If the dude was doing the same thing at the same kind of places and nothing out of the ordinary, don't expect more than average. The best way to rise in paygrade is find another job. So what value does he offer? Asking for raises?

    14. Re:Ummm..... by Anonymous Coward · · Score: 0

      Contact NetSuite please.

  5. Woah, stop the presses by Anonymous Coward · · Score: 3, Funny

    "While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros."

    Wait, so some people earn ABOVE average and some earn BELOW? Stop the freaking presses people.

    1. Re:Woah, stop the presses by grimmjeeper · · Score: 2

      A full half of the population is below average.

    2. Re:Woah, stop the presses by Anonymous Coward · · Score: 5, Funny

      Not true - 99.999% of the population have above average number of fingers

    3. Re:Woah, stop the presses by grimmjeeper · · Score: 1

      https://www.youtube.com/watch?...

    4. Re:Woah, stop the presses by Bob+the+Super+Hamste · · Score: 1

      Probably not that many. Granted farm and factory injuries have gone down but I'm sure more than 1 out of 10,000 is missing 1 or more fingers.

      --
      Time to offend someone
    5. Re:Woah, stop the presses by ShanghaiBill · · Score: 2

      A full half of the population is below average.

      You are thinking of "median", but "average" generally refers to the mean. More than 90% of households earn less than the mean.

    6. Re:Woah, stop the presses by Anonymous Coward · · Score: 0

      You do realize that average (mean) and median are not the same thing, right? In any case, half the population is below the median, since that's the definition of the concept. But for the average, given the increasing inequality in every industrialized society that is more and more away from the truth.

      Imagine reducing the population to a group of 7 people. 6 make 1 dollar a day. The last one makes 10 thousand dollars/day. The average is a very comfortable salary for everyone. However, substantially more than half of the population is below the average (which is more than 1400 dollars a day). Granted, this exercise is a bit absurd, but the principle holds. You can't simply say that half of the people live below average and the other half above. While it works for the median, the math doesn't add up for the mean.

    7. Re:Woah, stop the presses by grimmjeeper · · Score: 1

      Ah yes. I forgot to point out that it was a joke before the overly pedantic nit-pickers showed up.

      It's a joke. Laugh. It's funny. Trust me.

    8. Re:Woah, stop the presses by grimmjeeper · · Score: 1

      https://www.youtube.com/watch?...

    9. Re:Woah, stop the presses by Anonymous Coward · · Score: 0
      From Wikipedia:

      In colloquial language, an average is the sum of a list of numbers divided by the number of numbers in the list. In mathematics and statistics, this would be called the arithmetic mean. However, the word average may also refer to the median, mode, or other central or typical value. In statistics, these are all known as measures of central tendency.

  6. left out the the security "outplacement" manager by turkeydance · · Score: 1

    you know, George Clooney.

  7. This article brought to you by certifications. by Anonymous Coward · · Score: 0

    CRISC, CISM, and CISA. Get them! They cost money though, but it's so worth it! Just give us your money and then you'll get 6 figures, promise!

  8. Vague details by sjbe · · Score: 1

    security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680

    That's because there is no actual skill involved. Any idiot with a drill and a screwdriver can mount a camera to a wall. Doesn't require any special training or skills. This is the sort of thing that people with work documents of questionable origin tend to get hired to do.

    According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.

    Umm, great. Living where? $100K in Silicon Valley or Manhattan won't get you much. Same amount in the mid-west is pretty comfortable living.

    1. Re:Vague details by fuzzyfuzzyfungus · · Score: 1

      Most security-related hardware is also (and probably largely for this purpose) kept low-voltage/data cabling only, so you can usually do it without getting a full electrician involved.

      Especially if you want outdoor mounts, there are still any number of mistakes that can lead to moisture problems, compromise insulation, damage fire barriers, and so on, so you don't want to scrape the bottom of the barrel too hard; but there aren't too many formal requirements compared to mains voltage work or structural modifications.

  9. $31K? by deadweight · · Score: 4, Interesting

    That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.

    1. Re:$31K? by Anonymous Coward · · Score: 0

      That's horrible that you'd think we cave over stuff that cheap. However, I had a camera removed from the secretaries office for a blowjob. So worth it!

    2. Re:$31K? by xxxJonBoyxxx · · Score: 1

      >> they could be bribed with things like free movie tickets or a Big Mac

      I'm comfortably in the six figures and I can STILL be bribed by these things. Even a smile if it comes from the right person. There's a reason good managers, influencers and salespeople are good at what they do - they use everything they have to make other people feel appreciated, and the world turns around them.

  10. Dicey by Anonymous Coward · · Score: 0

    This story is way too Dicey for my taste.

  11. salaries seem low by Anonymous Coward · · Score: 0

    the startup i'm at (non-security), the engineers make well north of 150k

    1. Re:salaries seem low by Anonymous Coward · · Score: 0

      I help my mum cooking patties. Tons of them. We make way more than that.

      Captcha: obscene

    2. Re:salaries seem low by fluffernutter · · Score: 1

      You should cook 50% more patties so that you can earn 50% more.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
  12. Cheap labor by sjbe · · Score: 1

    That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.

    What it means is that they hired some Mexicans or other foreigners to do the grunt work of attaching things to walls so they wouldn't have to pay much. Any time you have hard grunt labor where you want to pay as little as possible (picking in fields, construction, etc) chances are non-trivial that they are paying someone who was born in another country to do it.

    1. Re:Cheap labor by Anonymous Coward · · Score: 0

      What it means is that they hired some Mexicans or other foreigners to do the grunt work of attaching things to walls so they wouldn't have to pay much. Any time you have hard grunt labor where you want to pay as little as possible (picking in fields, construction, etc) chances are non-trivial that they are paying someone who was born in another country to do it

      in order to offset the privileged $200,000 club that were born into those roles

  13. In what market? by Anonymous Coward · · Score: 0

    Where are these salaries being paid? If they're in silicon valley, that's actually not that impressive. It's high, sure, but not so much that it should merit an article sensationalizing it. If it's in say, Detroit? That's 2-3 times what a decently senior IT gig pays in just about any field, so it'd be noteworthy. I'd imagine if you check the salary survey, these numbers are only really applicable to a small number of markets, where the cost of living takes quite a bit of shine off of the numbers.

  14. Most security people are wankers by Anonymous Coward · · Score: 0

    Gibberish like 'best practices' and 'CISSP' and 'CVE' and 'process' and 'compensating controls' - and not a lot about fixing shit.

  15. This figure must include high end consultants by ErichTheRed · · Score: 1

    My experience, having worked with security "consultants" in the past, is that many of them are of the same stripe as the management consultants from Accenture, KPMG, etc. and just fly around the country giving PowerPoint presentations to scared executives trying to sell them a packaged appliance/solution. If these guys are part of the survey, I can easily see $200K+ -- their firm is billing them out at at least twice that. I know lots of young grads with zero or little experience routinely get jobs with the big consulting firms if they went to the right school, and are immediately put into service at large companies in positions of relatively high authority for their actual skill level. As long as they don't mind traveling 50 weeks a year, it can be a very lucrative first job for an Ivy League grad. I doubt their business model is any different with IT security.

    People actually working on real day to day security see a lot less than that in most organizations, simply because most places don't care about security. If you're a retailer, your insurance company just pays out when you get hacked as long as you checked the PCI DSS auditing box. (That's another stripe of "security experts" who pull in the higher levels of salary.)

    I'm not sure what it's like in places that actually need real security (intelligence, banking, etc.)

    1. Re:This figure must include high end consultants by LDAPMAN · · Score: 1

      None of those companies are paying recent grads 200K. Even their more senior folks (non-partners) will not be making the big money. The guys with the experience and the credentials will be making 200K+ but they will be with small boutique consulting firms.

      Very Very few folks who are not consultants will be making that kind of money. Companies will bring in the expertise when they need it but won't pay an employee that well.

      I know this because I've been doing IAM/Security consulting for over 20 years. I know what I have to pay for talented resources.

    2. Re:This figure must include high end consultants by rwa2 · · Score: 1

      Yeah, those high end consultants are people that companies hire to "help" them get through their annual security / PCI audit. They know what to say to the auditors to prevent further digging, and know what not to say to help hide the actual deficiencies. I bet they do little to actually improve security practices, though. OTOH, you will have your anti-virus definitions reporting in as updated, though!

      Places that need (to pass) real security audits will have the requirements baked in to the design phase early on enough. Everyone will need to change their passwords every 90 days, and the thing will actually enforce length and entropy policies. All laptops will have whole-disk encryption. They might actually bother to set up email encryption using two-factor authentication with your ID badge... maybe. IT will come after you if you postpone rebooting for OS updates for more than 30 days. It's pretty simple stuff. But it's also pretty easy stuff to slack off on if no one is auditing.

  16. Pasting sensors on walls by Anonymous Coward · · Score: 0

    Well does anyone want to do that really? Mounting cams on walls.

  17. The best paying IT security jobs in 2015 by ArhcAngel · · Score: 4, Insightful

    Heh, the best paying IT security jobs in 2015 are in a bunker in Russia writing viruses. Followed closely by phishing experts in Europe posing as African royalty.

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  18. Stagnant pay for IT by msobkow · · Score: 2

    I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:Stagnant pay for IT by Anonymous Coward · · Score: 0

      Minimum wage in IT back in the late 90's was like $75K. Now the bubble has burst and fallen back to Earth as employers have realized that IT skills are not as elite as they once were during the Internet boom

    2. Re:Stagnant pay for IT by ranton · · Score: 1

      I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.

      IT workers need to stop using salaries in the 90's as evidence that IT salaries have stagnated. Pay in the 90's was bloated, and there was a massive correction after the bubble burst.

      The S&P 500 finally reached its 2000 peak in April 2015. Considering the tech sector was a major contributor to the stock market crashing in 2000, it makes sense that IT wages would not be much higher than they were 20 years ago.

      Also, most IT sector workers have their salaries stagnate at around $100k per year because they have trouble transitioning their career into a senior level / management role. If you don't have more responsibilities than you did 10 years ago, you shouldn't make more money other than cost of living raises.

      --
      -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
    3. Re:Stagnant pay for IT by Anonymous Coward · · Score: 0

      Thank FWD.us, Zuck, Gates, and other oligarchs for lobbying to keep your pay artificially subdued.

      Captch: Bogeymen

    4. Re:Stagnant pay for IT by msobkow · · Score: 1

      No. '90s. As in 1990. Ten YEARS before the Y2K "bubble".

      --
      I do not fail; I succeed at finding out what does not work.
  19. Security personnel deserve every penny they get. by Anonymous Coward · · Score: 0

    They're the last line of defense against having users installing useful tools like vi, gimp, gnu tools, etc.

    Weren't for them and people could start being productive without M$ wonders like Acce$$... also, they install antivirus which is essential, but unfortunately eats up all memory and make users' life miserable -- just like the virus... tsk!

  20. Fad skill of the year, but long-term? by Anonymous Coward · · Score: 0

    Security
    Big data
    Mobile apps
    OOP
    Client/server

    Every year there's a new fad skill that people make a bazillion dollars if they know it. What do these people make 5 years and 3 fads later? Are there any longitudinal studies of what people make over a longer period of time?

  21. Re:Security personnel deserve every penny they get by Anonymous Coward · · Score: 0

    Have you ever used a computer that wasn't built in 1998?

  22. So much money, so little return by Anonymous Coward · · Score: 0

    Companies need to start paying these folks pennies. That's pretty much what their worth.

    Just ask yourself this - do you think things have gotten better? And if you do, think about all that goes on that you know nothing about. Then ask yourself again.

    Of course, they don't want you to think that. Their making much more than all of us!

  23. Re:Security personnel deserve every penny they get by Anonymous Coward · · Score: 0

    They're the last line of defense against having users installing useful tools like vi, gimp, gnu tools, etc.

    Aren't those all part of systemd now?

  24. Another dice ad by Anonymous Coward · · Score: 0

    slashdot has been reduced to dice ads and theodp's clickbait

  25. Re:Security personnel deserve every penny they get by Anonymous Coward · · Score: 0

    > Have you ever used a computer that wasn't built in 1998?

    I have news for you: the command line is back in fashion and M$ wants you to use their version. I hope you remember how to use those things from 1998 or else you'll need some retraining to get on par with what already existed 30 years ago.

    Also, for the guy who mentioned systemd: I don't have a horse in that race -- maybe I will, just not yet. I understand you had to try, though.

  26. Can US citizens have those jobs? by Anonymous Coward · · Score: 0

    or will only H1B visa holders be permitted to have them?

  27. Sounds like good job security by Dishwasha · · Score: 1

    *ba doom ching*