Source: Search Security @ Tech Target

Credentialed security specialists continue to enjoy higher wages than some of their IT brethren, according to the latest "Hot Technical Skills and Certifications Pay Index" released this week by IT research consultancy Foote Partners LLC, of New Canaan, Conn. The bonuses reflect a trend among employers to reward workers with specialized skills and to keep them from jumping ship.

The overall median wage for 62 certified skills grew 4% overall in 2004, compared to a 5.6% decline the year prior. In fact, much of the wage advancements were made the final quarter of 2004. Specific bonus figures that account for the promising percentage were not immediately available, but the data indicates companies again are willing to compensate workers moving beyond basic skill sets.

"There has been a renaissance in IT roles and a redefinition of IT jobs so pervasive that traditional job titles are becoming increasingly meaningless," David Foote, president and chief research officer, said in a statement. In general, pay for networking (11.6%), systems administration (9.2%) and programming and applications development (7.7%) skills grew the most in value, while beginning certifications (-21.1%), project management (-18.8%) and Web skills (-8.5%) dropped most dramatically.

Security skills rose 1.1% between 2003 and 2004. However, while overall security skills pay remained steady, certain security certifications continued to yield the highest payoffs among IT skills sets, according to 46,000 U.S. and European IT workers included in the study.

The highest paying security certs include:

    * Certified Information Systems Auditor (CISA);
    * Certified Information Systems Security Professional (CISSP);
    * Cisco Certified Security Professional (CCSP);
    * SANS/GIAC Security Expert (GSE)
    * GIAC Certified Forensic Analyst (GCFA)
    * GIAC Certified Windows Security Administrator (GCWN)

Security certified skills losing value in the last six months include the GIAC Incident Handler, which stagnated, and GIAC Security Essentials Certification, where skills pay dropped 20% from Q2 to Q4 2004. Certs that have lost significant value in the last two years include the GIAC Firewall Analyst, according to the report.

So what's behind the reversal of fortune for IT professionals? Essentially a revived talent war, where companies will do more to hire or retain A-list employees. "More attention is being paid to the risks of losing workers who stuck it out through years of workforce reductions, and for good reason," Foote said. These workers, who often took on additional responsibilities during lean times, also have acquired business skills that make them more marketable. These "hybrid jobs" could eventually become the norm, where everyone is required to understand operational and process skills to work in IT.

Also fueling the bigger bonuses are technology-driven regulations, such as HIPAA and the Sarbanes-Oxley Act. This is especially good news for consultants with data and network security skills. The mixed success of offshore outsourcing also is an influence. Though the trend to send IT work outside the U.S. is expected to continue at a slower pace, nearly "60% of offshoring initiatives have been failing to measure up to expectations, especially in cost savings," he said.

That's why I have both.

I didn't think you were being arrogant.  Just expressing your frustration with how our industry measures competency.  I have a 6 figure salary based mostly on the 15 years I have been in IT.  I also have a plethera of Certs.  Some were vendor requirements, some were simply to prove to those who won't or can't take the time to size up your skill sets what you are capable of when making a hiring decision. My pet peave on this whole situation is that there are some sectors of our industry that insist on a college degree.  As a veteran who never got to college that one gets my goat.  Not downplaying the importance of College, on the contrary, my daughter is going to college wether she wants to or not.  I don't want any doors to be closed to her for any reason.

For me, I look for a degree when I hire because it tells me that a person can stick with something longterm.

Hmm, I take the point you're making but this only gives an impression from a snapshot in time. A lot can happen over a 5-10 year period, people can become more apathetic or conversely more diligent in their application to work.

I agree that understanding the need to research that an academic course gives is of great use, but I feel that the overall benefit of a degree is often time-sensitive.

Vendor certs are too specialised and pretend to be something they're not (The CCSE harping on about how CCSE's should be able to conduct Pent/Vulnerability tests for example).

Security within academia in the UK appears to still be haphazard, with MSc's not fully giving valid direction about the application of security within the enterprise and standardisation is required across the industry to this regard.

Hmm, I take the point you're making but this only gives an impression from a snapshot in time. A lot can happen over a 5-10 year period, people can become more apathetic or conversely more diligent in their application to work.

I agree that understanding the need to research that an academic course gives is of great use, but I feel that the overall benefit of a degree is often time-sensitive.

Vendor certs are too specialised and pretend to be something they're not (The CCSE harping on about how CCSE's should be able to conduct Pent/Vulnerability tests for example).

Security within academia in the UK appears to still be haphazard, with MSc's not fully giving valid direction about the application of security within the enterprise and standardisation is required across the industry to this regard.

I cant wait i am a candidate for my cissp on 4/24/05 then I can too  can improve my salary and job leads

Well it is official I have my CISSP.