Security Certifications Take a Slight Dip in Pay Value

Certifications in IT security took a value dip in pay for the first time since 2006, but it does not mean security skills or security jobs are not in demand. Non-certified skills in Web services, SOA, networking, application development and database are all hot commodities over the last three months.

Certifications in security may have jumped the shark a bit. Supply is catching up with demand as the pay value of security certifications has taken a slight dip over the last quarter, reported one research analyst group that intimately tracks IT skills, certifications and pay.

Security careers have been on the rise with expanding social network threats, major data breach news, dangers in mobile computing, insecurity of web application and commerce platforms and a spectrum of IT management concerns from compliance issues to threat detection competencies. Security is a technology and IT management migraine headache that isn't getting easier or less costly to fix. In the past few years, many technology workers concerned about the economy have turned toward security jobs and have obtained industry certifications, shared David Foote, Chief Research Officer and founder of technology research analyst company Foote Partners based in Vero Beach, Fla.

"The volatility we are seeing in security certifications has not been the trend for the last four years," Foote told eWEEK in an interview. "In the past, the value of security certifications was steadily rising and consistently outperforming all other IT certifications. Whereas companies had been very lean in the people part of security, they started to increase staffing aggressively in the past 2 years as disparate threats from many technology sources took hold."

Some companies went internal and converted systems and network administrators in to security professionals as most companies had been reluctant to outsource security. But that appears to be changing some. Many enterprises are experimenting with managed security services in a host of intrusion, access control and threat monitoring product offerings. Research estimates from technology analysts like Forrester and Infonetics peg the managed security services sector to be between a $4 billion to $9 billion a year market.

"[A] new comfort level for managed security services in large enterprises as a legitimate strategic and tactical option," said Foote in an Oct. 29 statement. "It's hard to build a security organization or increase in-house capabilities without the ability to hire and pay competitive wages and sufficiently invest in internal training and retention of skilled security talent. And to do it at an accelerated pace to make up for years of inadequate commitment to, and funding of, information security functions has put many organizations in a deep hole..."

Yet, from a careers perspective, Foote told eWEEK security is a "can't miss" direction for an IT worker. Foote shared that it takes about 2 years of technical competency to gain traction in this segment, and he believes that while there has been a dip in certification values in terms of pay, it's not because the certifications themselves are devalued; it is that more and more IT workers are heading toward security and increasing the supply of certified security professionals in a time of slower hiring--except in the Federal government who is hiring IT security people regularly.

This isn't to say all security certification are doing poorly in the last quarter. Cyber-security forensic analysts, the SANS Institute's Incident Intrusion Analyst, and ISC squared certs are performing well.

If you are looking for security work, there are many companies in the managed security space to target, and target them you should, suggests Foote. The market includes big names in IT and telecommunications to smaller, security-only firms. Here are most of them who offer managed security services globally according to Forrester Research: IBM, SecureWorks, Trustwave, AT&T, Symantec, HP, Wipro, CSC, Verizon Business, BT Global Services, Unisys, CGI, Infosys, Fujitsu, HCL, Integralis, Savvis, Solutionary, and Tata Communications.