[Infowarrior] - Security salaries hold up during economic gloom

Richard Forno rforno at infowarrior.org
Wed Apr 29 12:46:48 UTC 2009 

Security salaries hold up during economic gloom
By John Leyden • Get more from this author

Posted in InfoSec, 29th April 2009 12:21 GMT

http://www.theregister.co.uk/2009/04/29/security_salary_survey/

Information security salaries are holding up well during the economic  
downturn but capital spending projects are feeling the axe, according  
to a pair of surveys from training organisation (ISC)2 and specialist  
recruitment consultant ISS.

The survey of more than 600 respondents, contractors and permanent  
employees based in the UK, found that more than half (56 per cent)  
received a pay rise in the last 12 months. Respondents were members of  
organisations representing professionals in the field, including:  
(ISC)2, ISACA, British Computer Society, Business Continuity  
Institute, Council of Registered Ethical Security Testers (CREST), and  
MIS Training Institute.

Nearly three quarters of survey participants (73 per cent) indicated  
their role to be senior professional, with seven or more years of  
experience. Almost a half were in charge of managing teams.

John Colley, managing director of (ISC)2, told El Reg that contractors  
who saw their salaries cut and who struggled for work in the early  
stages of the credit crunch have subsequently been rehired. Jobs and  
prospects in the financial services industry, traditionally a major  
source of employment, have been hard hit, but this has been offset by  
work in the government sector. However, there continues to be big  
salary gaps between the public and private sectors. This is  
particularly true for those who work for local authorities, who earn  
about a third less than their counterparts in finance and telecoms.

Day rates for contractors ranged from £100 to £1150 (with an average  
£548). None of the contractor respondents had more than 40 unpaid days  
off in the last year.

Traditionally London has always been the regional location with the  
highest salaries, but this has changed due to cut-backs in the city,  
leaving the South East as the location with the highest wages for  
security workers.

The salary survey - which is designed to serve as a reference for  
information security pros and hiring managers - found that the average  
salary for the 566 permanent employees who responded was £53,600.  
Nearly two thirds earned more than £50,000, while nearly half received  
bonuses that contributed an average of £10,000 to their basic salary.  
Benefits received by half contributed £10,000 to their remuneration  
package. "Despite the doom and gloom of the economic situation,  
security continues to be a highly valued as a profession, and they  
continue to be paid well," said Iain Sutherland, founder of ISS. "The  
operational and administrative roles that used to be considered  
specialist to information security appear to be moving into IT," he  
added.

While security salaries might be holding up well it's a different  
story in terms of capital expenditure. Seventy-two percent of more  
than 2,500 information security pros quizzed said their budgets were  
reduced the past six months due to the economic downturn. However half  
said they did not expect any additional cuts for the remainder of the  
year.

Around a third of survey respondents occupied hiring roles. Two in  
five (43 per cent) of this sample expected to hire additional  
information security staff this year. Sought-after areas of expertise  
included information risk management, operations security, access  
control systems and methodology, security management practices, and  
applications and systems development security.

The recruitment and spending findings are part of a web based survey  
by (ISC)2. The survey remains open to information security pros until  
May 15, when final results will be published.

"While we are being affected, generally Information Security is a  
profession that is weathering the recession well, as companies  
continue to recognise that security competency is both a business  
imperative and a means to achieving cost –cutting operational  
changes," said John Colley, managing director of (ISC)2 Europe.

“Budget cuts are definitely here and security isn't immune,” Colley  
said. “ But what we're seeing is projects are sacrificed in favour of  
people. Firms need to align security plans to biz strategy,” he added.

The release of the two (ISC)2 surveys on Wednesday coincided with the  
Infosec conference in London. (ISC)2 is sponsoring Job Market Cafes  
for members and attendees of Infosec 2009. Representatives of three  
specialist recruiting firms – Barclay Simpson, Acumin and Information  
Security Solutions – will take part in the seminar on Wednesday  
afternoon. The Job Market Cafes form the London leg of workshops  
(ISC)2 is planning around the world to assist information security  
pros during the global downturn. ®

More information about the Infowarrior mailing list