Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
It's almost poetic that the biggest, still-unfolding information security incident of 2023 to date appears to have been triggered by a vulnerability in MOVEit ... a secure file transfer product that allows organizations to encrypt and safely transmit data. Except when it allows hackers to, you know, steal that data. If businesses and organizations can't put their trust in the, er, security of security solutions, then where can they put their trust?
It takes perspective and an ironclad sense of humor just to survive in the professional cybersecurity realm. It also takes expertise — and one way to verify that expertise is the Certified Information Security Manager (CISM) credential (No. 3 on our most recent Salary Survey 75 list) managed by cybersecurity and IT governance professional association ISACA.
Here's what the salary picture looks like for CISM holders who responded to the Salary Survey:
All U.S. Respondents
Average Annual Salary: $148,680
Median Annual Salary: $148,530
How satisfied are you with your current salary?
Completely Satisfied: 10 percent
Very Satisfied: 27.4 percent
Satisfied: 40.9 percent
Not Very Satisfied: 19.1 percent
Not At All Satisfied: 2.6 percent
All Non-U.S. Respondents
Average Annual Salary: $83,310
Median Annual Salary: $76,720
How satisfied are you with your current salary?
Completely Satisfied: 5.8 percent
Very Satisfied: 16.5 percent
Satisfied: 41.6 percent
Not Very Satisfied: 27.5 percent
Not At All Satisfied: 8.6 percent
ISACA certifications are popular around the world, so while 44.1 percent of CISM holders who participated in the survey live and work in the United States, it's no surprise that we also heard from credential holders in 66 other countries: Albania, Australia, Bangladesh, Belgium, Bermuda, Brazil, Bulgaria, Canada, Chile, China, Colombia, Cote d'Ivoire, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Ecuador, Egypt, El Salvador, Finland, France, Germany, Ghana, Greece, Hungary, India, Indonesia, Ireland, Israel, Italy, Jamaica, Japan, Jordan, Kenya, Kuwait, Latvia, Malaysia, Mexico, Netherlands, New Zealand, Nigeria, Oman, Pakistan, Peru, Philippines, Poland, Qatar, Romania, Saudi Arabia, Serbia, Singapore, Slovenia, South Africa, Spain, Sri Lanka, Sweden, Switzerland, Taiwan, Thailand, Trinidad and Tobago, Turkey, Uganda, United Arab Emirates, United Kingdom, and Vietnam.
The cybesecurity profession tends to be dominated by men, and there's clear evidence of that here: 83.7 percent of the CISM holders we heard from are men, compared to 13.1 percent who are women, 2.5 percent who chose not to idenfity their gender, 0.2 percent who are transgender female, and 0.5 percent who are gender variant/nonconforming. Also in keeping with prevailing IT trends, most CISM holders are solidly middle-aged, either between the ages of 35 and 44 (34 percent of respondents) or between the ages of 45 and 54 (38.4 percent). There are outliers at both ends of the age spectrum, with roughly 10 percent of those surveyed either between the ages of 19 and 24 (0.2 percent) or between the ages of 25 and 34 (10 percent), and the remaining 17 percent either between the ages of 55 and 64 (16.5 percent) or between the ages of 65 and 74 (0.9 percent).
Almost exactly 90 percent of the CISM holders who responded to the survey have an educational background that includes time spent at a college or university. The highest level of formal education completed by most CISM holders is either a bachelor's degree (35.3 percent of those surveyed), master's degree (50.5 percent), associate's degree (2.7 percent), doctorate (2.1 percent), or professional degree (2.1 percent). That leaves the roughly 10 percent of respondents who never set foot across the threshold of an ivy tower, either topping out with some form of post-high school technical training (5 percent), exiting the realm of formal education after completing high school (1.3 percent), or diving into the workforce with no formal education whatsoever (0.6 percent). (The remaining 0.2 percent of those surveyed are currently in the process of furthering their education.)
All but a handful of the CISM holders we heard from are employed full-time — 93.5 percent of respondents — with 2 percent holding part-time employment, 1.3 percent out of work altogether, 2 percent on sabbatical, and 1.2 percent who are currently students. Among those who have full-time jobs, most are at work either for the standard 40 hours per week (32.8 percent of those surveyed) or put in between 41 and 50 hours per week (39.9 percent). The rest are either working super hard, putting in more than 50 hours per week (14.4 percent of respondents), or are getting off easy, putting in either between 31 and 39 hours per week (10.4 percent), between 20 and 30 hours per week (1.2 percent), or fewer than 20 hours per week (1.3 percent).
Nearly 65 percent of CISM holders who participated in the survey enjoy the freedom to wear sweatpants for more than half the work week, working from home either between 21 and 30 hours per week (14.3 percent), between 31 and 39 hours per week (14.1 percent), 40 hours per week (15.8 percent), or more than 40 hours per week (20.3 percent). The remaining 35 percent respondents work from home either fewer than 10 hours per week (20 percent) or between 10 and 20 hours per week (15.5 percent).
In terms of workplace standing, the largest single group of CISM holders who participated in the survey, 22.3 percent of those surveyed, are employed at that senior manager level. The rest, in descending order, are either managers (21.9 percent), senior specialists (21.5 percent), directors (19.4 percent), executives (7.2 percent), specialists (6.1 percent), or rank-and-file employees (1.6 percent).
More than half (58.4 percent) of the CISM holders who responded to the survey are IT veterans, having worked in a role that directly utilizes one or more of their certified skills for more than a decade. The rest have been plying their certified skills for either between zero years (1 to 11 months) and 2 years (2.5 percent), between 3 and 5 years (13.5 percent), between 6 and 8 years (15.6 percent), or between 9 and 10 years (10 percent).
Finally, here's the view of CISM holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 49.4 percent
Several times a week: 30.7 percent
Several times a month: 10.8 percent
Occasionally: 6.6 percent
Rarely: 2.5 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 42 percent
Agree: 37.9 percent
Neither Agree nor Disagree: 14.9 percent
Disagree: 2.7 percent
Strongly Disagree: 2.5 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 27.6 percent
Agree: 45.8 percent
Neither Agree nor Disagree: 18.5 percent
Disagree: 5 percent
Strongly Disagree: 3.1 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 25.5 percent
Agree: 41.8 percent
Neither Agree nor Disagree: 25.3 percent
Disagree: 3.6 percent
Strongly Disagree: 3.8 percent
PAST CISM DEEP FOCUS FEATURES