New research into information security industry pay scales indicates that while pay rates have slipped for those just beginning their information security careers, security professionals with good technical skills are in strong demand as organisations strive to rationalise their security infrastructures.
|Click here for full stats (.pdf)|
The figures come in the latest security salary survey analysis by Acumin Consulting Ltd., and confirm that information security professionals’ pay continues to rise steadily since the slump of the 2008 recession. Acumin and SearchSecurity.co.UK have been collaborating since 2008 to track infosec salary levels.
The security salary survey figures, broken down by job type and activity type (end user, service provider or vendor), are based on actual salaries achieved by new placements, rather than the advertised salary levels for vacancies. The latest figures are based on placements in the three months to January 2011.
“We continue to see a demand for security professionals across the board,” said Chris Batten, managing director of Acumin. “But demand is especially strong for people with good technical skills. Their salaries have risen during the last quarter.”
Batten said many user organisations faced with limited budgets are working to optimise the performance of their existing technologies, or simplify their technologies to use fewer products and fewer vendors. “It was fine to buy lots of products when budgets were there, but now [companies] are having to stop and make the best of what they have,” Batten said.
For this reason, organisations need staff who can work at a detailed level with the technology to get the best performance out of it. At the same time, pay for non-technical staff -- for instance, those conducting risk assessments or writing policies -- has slipped back.
The figures also show that public sector cuts are beginning to take effect. For example, CLAS consultants who specialise in government work saw a reduction in their rates, and some pay grades in consultancies have dropped as well, in line with weakening demand.
Another group to see a drop in demand are new M.Sc. graduates in information security. During the second half of 2010, graduates might have expected to earn between £30,000 and £40,000 as a starting salary, but this year, their pay has slipped back to between £28,000 and £35,000.
“It’s not looking good for new graduates,” Batten said. “It seems that organisations maybe don’t have the training budgets any more, so they are mainly looking for people with between two and five years of experience.”