sans salary survey [url]http://www.sans.org/salary2005/[/url]
Comments
-
JDMurray Admin Posts: 13,099 AdminLooks like I'd be taking a sizable pay cut if I moved from software engineering to information security. I'd better find a career that folds InfoSec into SoftEng and not visa versa.
And for all the people who keep asking "What's the best paying security certs?", your answer is in this survey. -
keatron Member Posts: 1,213 ■■■■■■□□□□I have a few issues with this survey as I do many I've seen published by SANS. They don't say how it was conducted, what the sampling population was or whether or not it was it a very small group of people who happen to be SANS certified people or was it really a selection at large.
SANS likes to tout that the CISSP, CISM, and CISA doesn't prove hands-on expertise. Of course they dont, because they are not hands on technical certifications, they are infosec management and auditing certifications. Furthermore,other than myself, I know 10 CISSP's personally, and I know for a fact they all make no less than 120k per year. Although 3 of them are self employed or consultants, my point is still valid. I'm always very careful with surveys conducted by companies who have an obvious conflict of interest as far as being non-bias.
Don't get me wrong, I have no problem with the SANS Institue and have much respect with what they have to offer. I've spent a lot of money over the last year sending people there, and will be doing much of the same this year. SANS has probably the best programs in the world for specialists in Infosec, but I wouldn't send a firewall specialists in to a client to do a total infosec consultation project. This is where the CISSP and CISM people come in. I met a person at a conference back in November who basically did large scale Cisco Pix configurations and roll outs. Basically he's done nothing but that for the last 3 or 4 years. He complained to me that he got his CISSP but his company failed to give him a raise (he went out on his own and got the CISSP). The flaw in his thinking was that the CISSP automatically meant more money for him; not so, and here's why. He hasn't any Cisco certifications other than CCNA. A smarter move would have been to be working towards his CCSP and CCIE Security. I always hear these things, and continue to preach this; get certifications that reflect your job and/or skill set first. An emerging and disturbing trend I've watched develop amongst new comers is reading surveys like this, then attending a ton of boot camps, spending a ton of money, then getting pissed because they don't walk into a company making 90k per year. Put these people in front of a firewall, a router, or in severe cases a server, and they have no clue where to start. It is my opinion that a large portion of the BS that us business owners and IT professionals have to deal with are direct results of mis-guided/slighted surveys and lazy HR people.
Keatron -
keatron Member Posts: 1,213 ■■■■■■□□□□jdmurray wrote:Looks like I'd be taking a sizable pay cut if I moved from software engineering to information security. I'd better find a career that folds InfoSec into SoftEng and not visa versa.
And for all the people who keep asking "What's the best paying security certs?", your answer is in this survey.
Every one I know in Infosec who came from a Software Engineering or Developing background demands top dollar. This is one portion of my projects and contracts I still sub-contract to others often. -
JDMurray Admin Posts: 13,099 Adminkeatron wrote:I have a few issues with this survey as I do many I've seen published by SANS.keatron wrote:I always hear these things, and continue to preach this; get certifications that reflect your job and/or skill set first.keatron wrote:then attending a ton of boot camps, spending a ton of money, then getting pissed because they don't walk into a company making 90k per year. [...] It is my opinion that a large portion of the BS that us business owners and IT professionals have to deal with are direct results of mis-guided/slighted surveys and lazy HR people.
-
darkuser Member Posts: 620 ■■■□□□□□□□It's a rather small sampling "more then 4250 people responded".
so i guess it's accurate as to the "sans friendly" people whom responded.
myself one of them. I 've taken one sans course "firewall and perimeter security" taught by chris bretton.
the one thing i realized is that I don't have the time to learn everything and become an expert in everything so I should focus myself.
I didn't take the giac (you have to write a pretty intense paper).
but I am continuing on the cisco track. r&s and security
I'm an engineer at heart. from the days of taking apart all of my electronic toys.rm -rf / -
JDMurray Admin Posts: 13,099 Admindarkuser wrote:I didn't take the giac (you have to write a pretty intense paper).
In short, if someone is willing to pay for your GIAC, don't be afraid to get it just because you have to write a short paper on a common InfoSec topic. Look through the SANS library of accepted practical assignments to get an idea of what you'd have to write.
SANS' Information Security Reading Room
http://www.sans.org/rr/
GIAC Honors Papers
http://www.sans.org/rr/whitepapers/honors/