Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Best-Paying IT Security Jobs of 2015

Posted by Soulskill on from the squeaky-wheel-gets-the-green dept.

Nerval's Lobster writes: It's no secret that tech pros with extensive IT security backgrounds are in high demand, especially in the wake of last year's high-profile hacks of major companies such as Sony and Home Depot. Which security-related job pays the most? According to a new analysis of Dice salary data, a lead software security engineer can expect to earn an average of $233,333 in 2015, followed by a director of security, who can expect to earn $200,000. Nor are those outliers: Chief information security officers, directors of information security, and IT security consultants can all expect to earn close to $200,000, if not more. While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros. Security analysts will make an average of $59,880 this year, for instance, while security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680. Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year. According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.

48 of 85 comments (clear)

  1. Umm, yeah? by fuzzyfuzzyfungus · · Score: 4, Insightful

    I know that smearing 'security' all over things is popular; but isn't this almost comically similar to non-security job descriptions?

    Suitably high level technical skill pays very well, 'Director of' and 'Chief Something Officer' pay well to very well, 'consultants' are either quite expensive or powerless peons who have been reclassified to avoid labor laws that apply to real employees; and installation technicians aren't quite below the poverty line.

    1. Re:Umm, yeah? by Anonymous Coward · · Score: 2

      our company got conned into hiring one of these "security consultants". all they did is plug their laptop in, type in server IPs, click a button, and then print out the report. which was all the unfixed items that were ultra-low priority along with several false positives. upper management was impressed and even had sales bragging to customers about our focus on security.

    2. Re:Umm, yeah? by gatkinso · · Score: 4, Funny

      Hell at least he found something, even if all he did was fire up Metasploit. Many times you don't even get that.

      --
      I am very small, utmostly microscopic.
    3. Re:Umm, yeah? by bluefoxlucid · · Score: 4, Insightful

      It's industry fast-talk meant to muddle your minds. Look at this:

      Compare that to the average tech-pro salary of $89,450 in 2014, which is only expected to rise this year.

      In all stable markets, salaries rise. In the dot-com boom, IT people were getting $150k-$250k; they dropped to $60k, and have been on the rise since. Why did they drop? Because the bubble bust and because everyone went to school for IT; we have a STEM glut, especially in IT, so salaries are low. As long as we continue the narrative of climbing salaries for high-value IT professionals, people will go to college for IT, and will continue to contribute to the high candidate availability and relatively low salary. With such a stable market--constantly and continuously oversupplied with labor--salaries will climb at a slow pace, but they will always climb.

      Showing high average salaries, especially un-adjusted for high-cost areas where many technicians live, puts out golden dollar signs for people to chase. People imagine themselves one day as a Director of IA, a VP of InfoSec, a CISO, a big-name boss doing as little work as possible for a maximized salary. They don't consider that such positions are on the order of one per company, matched to the company's size (small business's Director of Information Security is going to get small-business salary), and actually a whole hell of a lot of work--and not just tech work, but work of a different nature you may find greatly rewarding or horrifyingly torturous. It doesn't matter; they go to get those degrees in IT and IT Security, imagining themselves rolling in money.

      Welcome to higher-education initiatives, where the Government facilitates college education. We've shifted social responsibility from businesses--who would normally experience pain from a lack of professionals and thus aggressively supply education and training to career entrants in order to maximize their profitable strategic market advantage--to individuals--who face higher risks and a greater chance of unemployment for the potential to garner lower salaries, but believe themselves advantaged by being able to independently acquire a certification of their skill in an area which they would have otherwise acquired by advancing their career and drawing income. The point of supplying free college education or government-backed loans is to transfer power and, ultimately, money away from the individual laborer and to the hands of large businesses in the most non-intuitive and unrecognizable way, so that people will cry out for more of this rather than recognizing how much harm it's doing to them.

      --
      Support my political activism on Patreon.
    4. Re:Umm, yeah? by Anonymous Coward · · Score: 1

      then what would the company do with all that unpaid bonus money?

    5. Re:Umm, yeah? by Opportunist · · Score: 3, Informative

      Why didn't your CISO step in?

      We had a company try to pull that one on us, too. They even had the chuzpah to just fire up Nessus, create a report and dump it on us. And that was certainly not what was agreed on in the contract. When asked to show what else they did, they came up with a list of things they actually could have done, of course with no findings because "our security is so good"... and they would even have gotten away with it if it wasn't for our internal team to find a security hole just that time, and one that is SO damn blatant that anyone not faking it would have had to find it.

      We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    6. Re:Umm, yeah? by chispito · · Score: 1

      We still paid. It's horribly difficult to prove something like that in court. But I have a hunch that they are having a hard time getting more contracts. You see, word travels...

      Again, see OP. Scrub the word "security" out and you could have this problem with any consultant. You win some, you lose some, you typically pay either way.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    7. Re:Umm, yeah? by Hevel-Varik · · Score: 1

      Excellent comment

    8. Re:Umm, yeah? by ranton · · Score: 1

      The median household income for college grads is not that low. See this. Note also that IT is a male-dominated field, so don't forget to add in the male gender pay bonus.

      Median male salary with a Bachelor's degree is $50,916 according to your own source. That is still much less than the average IT worker.

      IT workers typically make about what a person with a Professional degree makes. This is appropriate given the amount of education and certifications necessary to work in this field.

      IT workers typically do not make what a person with a Professional degree makes, because the amount of education and certifications is not similar at all. A professional degree is essential a doctorate. That is not universally true, but the vast majority of professional degrees are doctorates. They are also almost universally licensed as a requirement to practice in their field. That is not the same thing as an A+/CCNA/MSCE/etc certification.

      Comparing average IT workers with doctors and lawyers is disingenuous. There are many highly skilled IT workers who do have a similar level of education and training as professional degree holders, and they tend to make similar salaries as professional degree holders. The vast majority of IT workers fall into the same level of education as average Bachelor degree holders.

      --
      -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
    9. Re:Umm, yeah? by Anonymous Coward · · Score: 1

      Hire more security consultants, of course!

    10. Re:Umm, yeah? by ranton · · Score: 1

      You *cannot* mix individual and household income and somehow treat them as equivalent. They are not. I was refuting the "51K median HH income" BS.

      This thread was already mixing individual income ($89k average tech-pro salary) and median income ($51k median HH income) so I was merely following the convention. I agree that we shouldn't be looking at HH income at all though, and should focus on average college grads making $51k and average tech-pro workers making $89k. These stats are slightly different since one is median and one is the mean, but I doubt there are many 1%-ers skewing the tech-pro salaries.

      No on strives for "median". Half the population lack college degrees. Median income means no/some college. And half the population with college degrees have worthless paper in English or Psychology or Communications or some economically equivalent worthless crap.

      We are already ignoring the population that lack college degrees since the $51k/yr figure only includes college grads. And while many people have fairly useless college degrees, many IT workers not qualified for much more than tier-2 help desk support.

      Once you have a degree in a field that requires intelligence, education and skill, and produces value, then you can start making comparisons. Compare IT salaries with others in the STEM fields. We still do OK, but we are not making out brilliantly.

      IT salaries should probably be fairly mediocre compared to STEM fields as a whole. It is on the very low end of necessary training / skills except in some very specialized sub-fields where workers do average six digit salaries.

      --
      -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
    11. Re:Umm, yeah? by bluefoxlucid · · Score: 1

      What's different about it this time? People normally balk at this argument. It's one I've begun to think I need to avoid politically--I have political initiatives for a far better welfare system (supplies stronger social safety nets without the constantly rising proportional costs our current system suffers from) and for K-12 education improvement (no fixed plan yet; lots of concepts to glue together, but I need to find someone with real understanding of K-12 education to translate those to classroom management), and may need to completely step away from the college education problem because nobody will accept that the public initiative to get everyone an independently-gained college education is actively harmful to the individual and most greatly damaging to the least-advantaged (poor, minorities).

      The only plans I'm firm on are economics plans; public support of college education is an economic problem, concerning the market interactions with the supply and demand of skilled labor from multiple angles. What of my comment do you find excellent, that I may improve on it so as to convey my concern with those market behaviors and, hopefully, bring understanding of the college education problem?

      --
      Support my political activism on Patreon.
    12. Re:Umm, yeah? by Opportunist · · Score: 1

      There are certain things that are very dependent on what your customer's setup is like.

      But I hope we can agree on saying that charging 15 days for collecting information about the client's infrastructure (essentially no cost, since that's expected from the client to deliver, but let's say 4 hours), configuring Nessus (~20 minutes) and eventually copy/pasting the result into a prepared document that supposedly constitutes a report is a wee bit off, yes?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Meh by Anonymous Coward · · Score: 1

    More dice clickbait/advertising.

  3. Ummm..... by Anonymous Coward · · Score: 2, Funny

    Hello!

    I am a security engineer at the biggest cloud platform company in the world... 8 years... I seem to need an adjustment =P

    I seem to be missing out on a nice chunk =P

    1. Re:Ummm..... by grimmjeeper · · Score: 4, Insightful

      That's because they already have you. The only way to really keep your salary up to average or better is to jump companies every once in a while.

    2. Re:Ummm..... by AuMatar · · Score: 1

      You were underpaid from the start, and its perpetuated. Laughably so. Here's what my progression looked like

      01-05 70-72K (I got a small raise in there) in San Diego
      05-08 82K+equity in Seattle
      08-10 90K+equity startup
      10-12 90K-120K+equity at another startup (salaries went up from startup scale to full scale when we knew we'd be bought)
      12-13 $75/hr contracting while on vacation then moving to Baltimore. I was underpaid here, should have asked for more but did it to move to Baltimore for personal reasons
      13-14 120K+equity at a startup
      14-15 172K+lots of equity at the company that bought the startup (expect over 300K/yr total probably around 350K. May be more after my performance review which is likely to be very good) in the Valley

      Even if we assume you live somewhere far cheaper than the valley you were criminally underpaid to start and still underpaid now.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    3. Re:Ummm..... by Anonymous Coward · · Score: 1

      Notice his career started in 08?

      "Even if we assume you live somewhere far cheaper than the valley you were criminally underpaid to start and still underpaid now."

      Congratulations, you just described most of the first graduating class of the "lost generation". You were born 7 years earlier: do you want a medal?

    4. Re:Ummm..... by Bengie · · Score: 1

      What's the living cost where you were? All of that sounds like a lot until you hear that pre-housing crash, I could get a new 2500 sq-ft house on a 1-4 acre plot with access to high quality fiber Internet for about $150k. $72k would put you in the top about 10% around here. housing is cheap, internet is cheap, education is cheap, but we have some of the best housing, lowest crime, fastest internet, and best education.

    5. Re:Ummm..... by AuMatar · · Score: 1

      Mine started in 01- the year of the dot com crash. He's still underpaid, the problem is he doesn't have the balls to demand more or leave.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    6. Re:Ummm..... by grimmjeeper · · Score: 1

      I started out in the middle of the recession in the early 90's where it was hard to buy a job and the internet wasn't a big thing yet. My salary now is 5x what it was then.

    7. Re:Ummm..... by grimmjeeper · · Score: 1

      Given the cost of living in the Valley, $170K isn't all that much, even if your expectations aren't just internet bluffing. I can have a much better life in areas that aren't so hideously crowded and still take home more real disposable income after paying for housing and transportation, not to mention all of the intangible benefits of having a short commute, while having a gross salary that's 2/3 of what you're bragging about. All I have to do is live almost anywhere else in the country.

      Big salary numbers aren't impressive when you're paying 2-3x or more for your housing and you have a long commute that takes hours out of your day.

    8. Re:Ummm..... by AuMatar · · Score: 1

      I mentioned the city in several cases- assume that until I mention another city its the same as the previous one. But cost of living numbers tend to be really overstated- other than housing the remainder is basically flat anywhere in the US, the 2-3% difference doesn't matter if you aren't living paycheck to paycheck. Subtract out the difference in housing yourself, I have no idea what your base is.

      We'll disagree on you having the best housing- for me the best housing means fun things in walking distance with minimal square feet, more room means more work and I hate housework and yardwork. I'd pay extra on a house not to have a yard. The thought of mowing 4 acres all summer makes me physically ill. You'd have to pay me retirement level money per year to live somewhere rural.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    9. Re:Ummm..... by Bengie · · Score: 1
      I guess I should have asked what the prices were like where you lived in the city. I'm sure prices can vary a lot depending on where you are.

      other than housing the remainder is basically flat anywhere

      Housing is a large portion of many people's incomes. Going from $500/m for a 2 bedroom 3 level duplex with a 2 stall garage where I live, to who knows what in a big city, is probably a big difference. Not to mention getting to/from anywhere in the city is about 5-10 minutes no matter what time of the day.

      I understand not having a yard because mowing does suck, but I hate small places. Most people who have two kids and a wife probably think differently about having a small place to live, unless you want your kid's play room in your living room, which spills into your kitchen, then you invite friends over and they bring their kids.

      I hate going out. Not much intellectually stimulating at most "fun" places. A lot more challenges my mind on the Internet.

      Different people, different priorities I guess.

    10. Re:Ummm..... by AuMatar · · Score: 1

      My expectations aren't internet bluffing, its taking my RSUs by the current stock price, and adding in my expected bonus. Although if the stock market crashes in the next 6 months it could seriously decrease, its not a 0 risk supposition.

      I think you have a lot of wrong information about real cost of living in the valley. My commute is 20-25 minutes each way, and could easily be much lower at the same housing price. This morning it was 35 due to an accident, first time its been over 30 in 6 months. That's lower than most people's commutes are in other places I've lived. Housing is truly disgusting, but even then its a difference of 24K/yr over what I was paying in other cities. Subtract that from the salary. As for hideously crowded- you'd have to pay me 10 times what I make now to live in a less crowded area, what the fuck do you even do all day on weekends in a rural area? No museums, no galleries, no street musicians, no festivals, no events. No thanks. Its not even all that crowded, its just a giant spread out suburb. Crowded would be like Manhattan, which would probably be more fun

      --
      I still have more fans than freaks. WTF is wrong with you people?
  4. Woah, stop the presses by Anonymous Coward · · Score: 3, Funny

    "While many subfields of IT security prove quite lucrative, there are also other jobs that earn below the average for tech pros."

    Wait, so some people earn ABOVE average and some earn BELOW? Stop the freaking presses people.

    1. Re:Woah, stop the presses by grimmjeeper · · Score: 2

      A full half of the population is below average.

    2. Re:Woah, stop the presses by Anonymous Coward · · Score: 5, Funny

      Not true - 99.999% of the population have above average number of fingers

    3. Re:Woah, stop the presses by grimmjeeper · · Score: 1

      https://www.youtube.com/watch?...

    4. Re:Woah, stop the presses by Bob+the+Super+Hamste · · Score: 1

      Probably not that many. Granted farm and factory injuries have gone down but I'm sure more than 1 out of 10,000 is missing 1 or more fingers.

      --
      Time to offend someone
    5. Re:Woah, stop the presses by ShanghaiBill · · Score: 2

      A full half of the population is below average.

      You are thinking of "median", but "average" generally refers to the mean. More than 90% of households earn less than the mean.

    6. Re:Woah, stop the presses by grimmjeeper · · Score: 1

      Ah yes. I forgot to point out that it was a joke before the overly pedantic nit-pickers showed up.

      It's a joke. Laugh. It's funny. Trust me.

    7. Re:Woah, stop the presses by grimmjeeper · · Score: 1

      https://www.youtube.com/watch?...

  5. left out the the security "outplacement" manager by turkeydance · · Score: 1

    you know, George Clooney.

  6. Vague details by sjbe · · Score: 1

    security installation technicians—because somebody needs to install the cameras and sensors—can expect to earn $31,680

    That's because there is no actual skill involved. Any idiot with a drill and a screwdriver can mount a camera to a wall. Doesn't require any special training or skills. This is the sort of thing that people with work documents of questionable origin tend to get hired to do.

    According to a 2014 report from Global Knowledge and Penton, those armed with certifications such as CRISC, CISM, and CISA can expect to earn a healthy six figures a year.

    Umm, great. Living where? $100K in Silicon Valley or Manhattan won't get you much. Same amount in the mid-west is pretty comfortable living.

    1. Re:Vague details by fuzzyfuzzyfungus · · Score: 1

      Most security-related hardware is also (and probably largely for this purpose) kept low-voltage/data cabling only, so you can usually do it without getting a full electrician involved.

      Especially if you want outdoor mounts, there are still any number of mistakes that can lead to moisture problems, compromise insulation, damage fire barriers, and so on, so you don't want to scrape the bottom of the barrel too hard; but there aren't too many formal requirements compared to mains voltage work or structural modifications.

  7. $31K? by deadweight · · Score: 4, Interesting

    That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.

    1. Re:$31K? by xxxJonBoyxxx · · Score: 1

      >> they could be bribed with things like free movie tickets or a Big Mac

      I'm comfortably in the six figures and I can STILL be bribed by these things. Even a smile if it comes from the right person. There's a reason good managers, influencers and salespeople are good at what they do - they use everything they have to make other people feel appreciated, and the world turns around them.

  8. Cheap labor by sjbe · · Score: 1

    That is $15/hr. I hope no one thinks paying that for any kuind of critical security infrastructure is a good idea. They could be bribed with things like free movie tickets or a Big Mac.

    What it means is that they hired some Mexicans or other foreigners to do the grunt work of attaching things to walls so they wouldn't have to pay much. Any time you have hard grunt labor where you want to pay as little as possible (picking in fields, construction, etc) chances are non-trivial that they are paying someone who was born in another country to do it.

  9. This figure must include high end consultants by ErichTheRed · · Score: 1

    My experience, having worked with security "consultants" in the past, is that many of them are of the same stripe as the management consultants from Accenture, KPMG, etc. and just fly around the country giving PowerPoint presentations to scared executives trying to sell them a packaged appliance/solution. If these guys are part of the survey, I can easily see $200K+ -- their firm is billing them out at at least twice that. I know lots of young grads with zero or little experience routinely get jobs with the big consulting firms if they went to the right school, and are immediately put into service at large companies in positions of relatively high authority for their actual skill level. As long as they don't mind traveling 50 weeks a year, it can be a very lucrative first job for an Ivy League grad. I doubt their business model is any different with IT security.

    People actually working on real day to day security see a lot less than that in most organizations, simply because most places don't care about security. If you're a retailer, your insurance company just pays out when you get hacked as long as you checked the PCI DSS auditing box. (That's another stripe of "security experts" who pull in the higher levels of salary.)

    I'm not sure what it's like in places that actually need real security (intelligence, banking, etc.)

    1. Re:This figure must include high end consultants by LDAPMAN · · Score: 1

      None of those companies are paying recent grads 200K. Even their more senior folks (non-partners) will not be making the big money. The guys with the experience and the credentials will be making 200K+ but they will be with small boutique consulting firms.

      Very Very few folks who are not consultants will be making that kind of money. Companies will bring in the expertise when they need it but won't pay an employee that well.

      I know this because I've been doing IAM/Security consulting for over 20 years. I know what I have to pay for talented resources.

    2. Re:This figure must include high end consultants by rwa2 · · Score: 1

      Yeah, those high end consultants are people that companies hire to "help" them get through their annual security / PCI audit. They know what to say to the auditors to prevent further digging, and know what not to say to help hide the actual deficiencies. I bet they do little to actually improve security practices, though. OTOH, you will have your anti-virus definitions reporting in as updated, though!

      Places that need (to pass) real security audits will have the requirements baked in to the design phase early on enough. Everyone will need to change their passwords every 90 days, and the thing will actually enforce length and entropy policies. All laptops will have whole-disk encryption. They might actually bother to set up email encryption using two-factor authentication with your ID badge... maybe. IT will come after you if you postpone rebooting for OS updates for more than 30 days. It's pretty simple stuff. But it's also pretty easy stuff to slack off on if no one is auditing.

  10. The best paying IT security jobs in 2015 by ArhcAngel · · Score: 4, Insightful

    Heh, the best paying IT security jobs in 2015 are in a bunker in Russia writing viruses. Followed closely by phishing experts in Europe posing as African royalty.

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  11. Stagnant pay for IT by msobkow · · Score: 2

    I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.

    --
    I do not fail; I succeed at finding out what does not work.
    1. Re:Stagnant pay for IT by ranton · · Score: 1

      I was making $85,000/yr in the '90s in IT. Bumping that by only $15,000 in 25 years seems kind of insulting.

      IT workers need to stop using salaries in the 90's as evidence that IT salaries have stagnated. Pay in the 90's was bloated, and there was a massive correction after the bubble burst.

      The S&P 500 finally reached its 2000 peak in April 2015. Considering the tech sector was a major contributor to the stock market crashing in 2000, it makes sense that IT wages would not be much higher than they were 20 years ago.

      Also, most IT sector workers have their salaries stagnate at around $100k per year because they have trouble transitioning their career into a senior level / management role. If you don't have more responsibilities than you did 10 years ago, you shouldn't make more money other than cost of living raises.

      --
      -- All that is necessary for the triumph of evil is that good men do nothing. -- Edmund Burke
    2. Re:Stagnant pay for IT by msobkow · · Score: 1

      No. '90s. As in 1990. Ten YEARS before the Y2K "bubble".

      --
      I do not fail; I succeed at finding out what does not work.
  12. Sounds like good job security by Dishwasha · · Score: 1

    *ba doom ching*

  13. Re:salaries seem low by fluffernutter · · Score: 1

    You should cook 50% more patties so that you can earn 50% more.

    --
    Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.