Despite an especially volatile market for IT skills and certification pay in Q3 2009, pay figures for IT security certifications continued their steady climb.
IT security certification pay rose 0.4% in the third quarter, according to the new IT Skills and Certifications Pay Index
Even more astounding is the fact that, of all IT certifications measured by the Foote index, security certifications are the only ones that gained ground over the last 12 months -- up 1.7%.
So what's driving this steady uptick in security cert pay? A variety of factors, but it appears that many enterprises are working to boost employee retention, said David Foote, co-founder, CEO and chief research officer of Foote Partners.
"If somebody has a hot skill and you know if you lost [that person], you'd pretty much have to go out and bring [someone] in very high in the pay range, there's got to be some way [to keep that person]," Foote said. And, according to Foote, certification pay is the best way to do that.
"What comes up again and again is that companies seem to want to do a lot of their security in-house," Foote said. "These things together seem to be buttressing this market for [security] skills and people."
The four security certifications earning the highest pay premiums (in descending order) were the Certified Information Security Manager (CISM), the GIAC Security Expert (GSE), the Certified Information Security Auditor (CISA), and the Certified Information Systems Security Professional (CISSP). While the CISM and CISSP, and possibly even the GSE, may seem standard for the top of such a list, Foote pointed out that the CISA is a relative newcomer to the higher ranks.
Helping fuel the highest pay premiums is a continued emphasis on compliance initiatives, Foote said. To meet regulations such as the Payment Card Industry Data Security Standard (PCI DSS), many enterprises are investing security infrastructure and the personnel to deploy and maintain them, Foote said.
"There's a certain amount of security spending that will always exist because it's year-to-year, and that's risk assessment and compliance," Foote said. "You have to do it. You don't have a choice."
While pay has been stable for those with security certifications through the recession, Foote is confident that the continued market volatility won't have a major effect on security certifications pay.
"There are a whole lot of areas [in IT] where people don't require certification, but clearly one of those areas where people like to see them … is security," he said , "[and] the only way that [spending for] security is going to go away, is if companies stop doing business on the Internet … and that is not going to stop."