Salary levels for information security professionals have started to rise again. A new quarterly pay snapshot shows that, for the first time since the credit crunch of the last two years, companies are prepared to pay considerably more to get the right people.
With a few exceptions, pay for most information security professionals has improved, either by way of new employers or from existing employers who are eager to retain them.
The big management consultancies are now paying up to £40,000 for an entry-level consultant with an MSc, and CLAS consultants (certified to work on government projects) can command up to £85,000, compared with around £70,000 six months ago.
The figures come in the latest survey of salaries produced for SearchSecurity.co.uk by Acumn Ltd., a recruitment company specializing in the security field.
"Salaries have moved up significantly in the last quarter," said Chris Batten, joint manager and director at Acumin. "We've seen a visible difference, particularly in consulting and large end user environments. SMEs and smaller organisations, however, seem to be stable, if not down slightly, perhaps indicating that those organisations are still being battered by recession."
The previous information security salary survey, published in March, showed that the number of job vacancies had risen sharply, but pay had only risen slightly. Now the findings suggest companies are conceding that they must pay more to get the people they need.
While previously employers would have waited to find the right person at a lower salary, said Batten, they are now prepared to pay to get people sooner. "During the last 18 months, they have been very selective -- they want soft skills, policy skills, industry skills -- but they didn't wanted to pay a lot. They are still picky, but now they understand they need to pay," he said.
That is also forcing some companies to offer pay raises to existing employees to stop them leaving. "In eight out of 10 cases where someone is offered a job elsewhere, we are seeing counteroffers from that person's current employer," Batten said. "I have never seen it this high before. Companies can't afford to lose people."
The big consultancies are responsible for some of the biggest increases, paying up to 20% more for junior staff than they would have done earlier in the year. Sales jobs in the reseller channel also rose sharply.
The only people missing out on the resurgence seem to be the most senior CISOs who lost their jobs during the recession. "They were people who took redundancy thinking they'd walk into another job, but they haven't. They've got significant challenges. Companies are not recruiting at that level," Batten said.
View this chart for the full analysis of salaries (.pdf).