This feature first appeared in the Fall 2015 issue of Certification Magazine. Click here to get your own print or digital copy.
For the third season of the reality competition show Survivor in 2001, producers took contestants to Shaba National Reserve, a sweaty, dusty semi-desert in the rugged interior of the coastal African nation of Kenya. For 39 days, as their number dwindled from 16 to 2 following the long-running show's prescribed elimination format, the contestants spent most of their time seeking shade in the close confines of their protected camp, rarely straying outside the thick encircling ring of densely packed brush and branches covered in thorns and brambles: Shaba is also home to large free-roaming predators
In 2015, the internet probably feels a little like being trapped in a never-ending loop of Survivor: Africa. There are more than 180 million active websites, and about 2 billion people who regularly use the internet. Studies have indicated, however, that a little more than half of all users actually visit just a handful of sites on a regular basis: six or fewer. Maybe it's because most people can only think of six or fewer interesting things to do online. And maybe it's because we've learned to be afraid of what's out there. The internet, like Shaba National Reserve, is prowled by stalking beasts, and it feels safer just to squat within the protective ring of a dozen or half-dozen known and trusted websites. The lions can't eat you if you stay inside the fence.
People suspect that information technology — for all the knowledge it grants, for all the luxuries it bestows, for all the time that it passes in exhilarating, often enlightening ways, for all it gives back to us in the form of a thousand daily conveniences — is a bit of a ticking clock counting down to the next stolen bank card number or data-corrupting viral infection. Businesses know that we're wary, particularly given that a new story about a major data breach seems to crop up every few weeks.
And that's what makes IT security such a challenging and hotly demanded realm of expertise. Consumers want to feel safe. Businesses want to feel safe. Governments want to feel safe. If you know how to provide that feeling, then there's a potentially lucrative career path open to you. Especially since there aren't nearly enough of you out there: Recent estimates project that, by 2019, there will be more than 1.5 million unfilled IT security jobs worldwide.
Certification offers a nice double benefit here: Rapid and comprehensive training for aspiring security professionals, and reassurance for hiring managers who want to pay a lot of money to the right person, with the right skills and knowledge.
IT security pros definitely get paid. Our survey of more than 600 certified professionals revealed a median annual income of $92,500 in 2014, which jumped up to $97,500 in 2015.
What's more, the upper echelon of IT security earners is actually expanding. A shade less than 40 percent of those surveyed claimed an annual income of $100,000 or more in 2014, but 46 percent were in the six-figure club for 2015. If you've put in the time to build up your store of cybersecurity knowledge and keep it current, then quite a few employers, it would seem, are willing to pay quite handsomely for your expertise.
There was an interesting regression that popped up in our salary data. While 73 percent of those surveyed received bonus or incentive pay in 2014, just 57 percent said the same has either already happened, or that they expect it to happen, in 2015. Perhaps some who were left out this year have an unforeseen surprise coming at the company Christmas party.
Getting a security certification doesn't necessarily mean that you'll immediately make more money, but it does appear to have that affect for some. Roughly 48 percent of survey respondents said that they got a raise in the first year after earning their most recent security cert.
The jump in pay was modest for most, with 68.5 percent of those cashing in reporting an increase of 5 percent or less, but some made a bigger score. The pay hike was between 10 and 20 percent for 25 percent of those who got a raise, while a lucky 6.5 percent climbed even higher, getting an increase of 25 percent or better.
Cybercrime is doubtless a profitable endeavor for some. But is your average digital bandito really taking home the level of booty that's being shelled out to the people who defend against his cyber-depredations? It's simple economics, fellas — come join the good fight.
TABLE TALK Employers are offering big money to certified cybersecurity professionals. Here's the proof:
We learned a few other things, too. It's all available right now in our latest quarterly issue, or you can pull up a virtual chair and settle in here at CertMag.com for the big (and gradual) reveal.