Security Skills Command Premiums in Tight Market

  /     /     /  
Publicated : 23/11/2024   Category : security


Security Skills Command Premiums in Tight Market


Recession fears notwithstanding, cybersecurity skills — both credentialed and noncredentialed — continue to attract higher pay and more job security.



Company executives continue to voice concerns that a recession is likely in 2023, but cybersecurity professionals — along with IT workers and developers with cybersecurity knowledge — appear well-positioned to weather an economic downturn, according to technology-job experts.
Overall, professional certifications have provided declining salary premiums since 2018, but information security certifications continue to command significantly above-average pay premiums, according to an analysis of more than 4,000 employers in the US and Canada by Foote Partners LLC. Cybersecurity-related skills — such as AWS Certified Security, GIAC Certified Incident Handler, and Okta Certified Developer — make up more than half of the winner skills, those that have attracted the most pay and have gained the most in market value.
Noncertified security skills — such as cryptography, DevSecOps, and risk analytics — also attract high premiums, says Bill Reynolds, research director at Foote Partners.
Obviously, security skills and certs are still commanding cash premiums beyond salary at the 4,057 employers [we surveyed] in the US and Canada, he says. That’s a pretty large sample for a survey, so it’s quite meaningful.
The robustness of the cybersecurity job market comes as company executives continue to worry about a recession in 2023. The
vast majority of company executives (83%) expect a recession
in 2023 — as do 82% of investors,
according to another online survey
— and about half of organizations are pre-emptively cutting expenses. In many cases,
that means layoffs
. In the cybersecurity industry, nearly a score of companies have cut workers in the last three months, according to
tracking site Layoffs.fyi
.
The fears of a downturn
have even affected the valuations
of startup companies in the cybersecurity industry.
Because of the difficulty in hiring and retaining knowledgeable cybersecurity workers, however, layoffs will likely come from less-technical groups, leaving knowledgeable cybersecurity workers. In fact, the majority of companies (60%) still planned to increase the head count of their IT departments as of July 2022, according to
the
IT Spending and Staffing Benchmarks 2022/2023
report
published by Computer Economics.
Expected growth is modest, but this is an indication that IT organizations cannot simply rely on increased efficiency from the cloud and virtualization for growth, the report stated. Some hiring will still need to be done.
Overall, cybersecurity workers remain in demand, with 770,000 positions currently unfilled, compared with a cybersecurity workforce of 1.1 million — a 69% shortfall in workers, according to
data from the CyberSeek project
. The gap between supply and demand is much greater than the 7.4% for the Businesses and Professional Services industry and the 6.9% gap in the Information sector,
according to the US Bureau of Labor Statistics
.
Workers with specific cybersecurity skills will continue to see opportunities, according to
Foote Partners 2022 Tech Compensation Survey Reports
. Ten of the 17 skills listed on the firms IT Winners list, which includes skills that command an above-average premium and which have seen those premiums accelerate in the past few months, are security-related. The same criteria for noncertified IT skills show that 10 of 39 are security-related.
GIAC Certified Forensics Analyst (GCFA), InfoSys Security Engineering Professional, and Okta Certified Developers each have an average pay premium of 12% over base pay, according to Footes data. For noncertification-based skills, security auditing, cryptography, and identity and access management each had an 18% premium over base pay.
What else is important? Soft skills, says Footes Reynolds. A workers ability to collaborate, deal with stress, manage time, have passion for the work, ability to listen, and include others all matter a great deal, he says.
These are things that have nothing to do with certifications and this appears to be gaining in importance, he says.
Workers should take care to not collect certifications, as hiring managers and recruiters are wary of an alphabet soup of certifications on applicants resumes,
according to a recent Axios brief
.
Footes Reynolds agrees. Just because workers with a particular certificate get a pay premium isnt the right reason to get the certificate.
Its like the argument of whether a college degree is mandatory for job consideration, he says. Just because you have a college degree doesnt mean youre qualified for a particular job. Its more about what youve done with that college degree on the job. Tangible, measurable experience matters a lot.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Security Skills Command Premiums in Tight Market