If you are an information security professional, your earnings outlook for 2014 looks positive. Security professionals, especially those at the executive level, earn salaries that compare favorably with many of their non-infosec colleagues and can expect pay increases that will outpace those of many coworkers.
Fifty percent of chief information security officers (CISOs) earn annual pay equivalent to the salaries earned by other C-level executives, according to a study from SecureWorld Insight, a partnership between the Ponemon Institute and SecureWorld. The trend is similar for infosec pros throughout an organization.
According to the recently-issued Robert Half Technology 2014 Salary Guide, CISOs will see an average pay increase of 5.9 percent this year, the biggest boost among C-level execs. Employers may expect more from their CISOs than they have in the past, though. As eSecurity Planet reported a few months ago, companies expect their CISOs to understand broader business issues such as privacy management, audits and strategic risk in addition to technical issues.
Other security pros will see healthy bumps as well, according to Robert Half Technology, ranging from an average 5.8 percent increase for data security analysts to a 6.8 percent increase for information systems security managers. (Those numbers are for the United States; the numbers are similar for Canada.)
The salaries are commensurate with the challenges infosec professionals face at work, however.
Infosec Not an Easy Job
Forty-three percent of information security professionals rate their job as the most difficult one in the organization, according to the SecureWorld Insight study. The greatest challenges cited by respondents were: lack of adequate funding, mentioned by 56 percent; IT complexity (42 percent) and lack of qualified personnel (41 percent).
The majority of respondents reported working in teams of six to 15 full-time security personnel. Just 8 percent said they worked on teams of 20 or more.
An advanced degree appeared to be one key to winning a higher salary. Those with such degrees were compensated at rates up to 35 percent higher than colleagues without the degrees.
Also, although relatively few CISOs report to the CEO, those who do enjoy a 36 percent increase in annual salary. Those who report to the CFO or COO also receive bigger increases than those who report to the CIO or CTO – perhaps emphasizing the desire for CISOs with broader business skills. SecureWorld Insight found that 46 percent of CISOs report to the CIO.
Some other interesting data points from the SecureWorld Insight study:
- While male security executives earned more than their female counterparts, the gap was just 5.5 percent.
- The communications sector leads in average annual salary, followed by financial services. Health/pharma vertical narrowly outranks defense as the industry vertical with the lowest salaries for infosec pros.
- Multi-national organizations pay their security pros more than organizations with only domestic offices.
Ann All is the editor of eSecurity Planet and Enterprise Apps Today. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.e