Research compiled exclusively for SearchSecurity.co.uk shows that salaries of information security professionals have stagnated during the last year. In most sectors, pay has dropped by a small amount, while top-end salary rates have fallen by much more. Only low-level roles in end-user companies have seen any sign of information security job salaries growing, and even then only marginally.
The figures were compiled by recruitment consultants Acumin Ltd., which specialises in the information security field. The numbers represent the salaries of information security professionals whom have actually changed jobs, rather than salaries that were advertised, which tend to be higher to attract candidates.
As such, the figures provide an accurate and authoritative picture of how actual pay scales are moving in the information security industry, ranging from the most junior roles up to the CISO level. Having set the benchmark, Acumin and SearchSecurity.co.uk will now produce regular quarterly updates tracking future pay trends.
"It's a very confused picture at the moment. Companies are making short-term decisions, and are trying to get more out of what they have," said Chris Batten, joint managing director of Acumin.
He said the banking sector was still trying to cut costs, and therefore doing little recruitment, while other sectors such as telecommunications have been taking on some new staff, notably for compliance roles.
The biggest change has come at the high end of the information security salary scale. "I have examples of very senior people who have taken a pay cut of £200,000 a year," he said. "One guy in a big consultancy didn't want to stick around watching his team being downsized, and so took a pay cut to go somewhere where he saw long-term opportunities to grow and develop the business. Sometimes people want to join an organisation that shows more commitment to security, or possibly is not going to drive them as hard."
With companies not wanting to increase their full-time headcount, contractors are still in demand, although their rates have come down somewhat. Batten said this is mainly a correction from the excessive rates that might have been paid two or three years ago.
"Good information security contractors are still doing well and are in demand," he said. "It's the middle-ground guys who are taking the hit, but they are prepared to accept £450 a day instead of the £600 they were getting. It's still good money, and more than they'd get in a permanent job."
The full analysis is shown in the information security salary (.pdf) below, and is split into three main sections -- consultancies, end users and systems integrators.
Since information security job titles vary so much between different organisations, a series of job roles and their specific responsibilities have been defined. Salary ranges are shown for this year, with 2008 levels shown in brackets. It is also indicated where there has been a rise or fall over the period, or if the range has remained unchanged.
SearchSecurity and Acumin will be tracking the levels of information security salaries every quarter.
View the exclusive information security salary (.pdf) research compiled by Acumin and SearchSecurity.co.uk.