Does security really make that much more than everyone else?

atippett

So right now I'm working in networking. I just got hired on from intern to full time as a network engineer. The pay is very nice, and I'm at the low end of the spectrum since I'm still in college about to graduate in May. Talking to the network team, their pay is very good as well, especially the senior guys of course. But I always see people on here saying "I work in [some type of security role], I get to set my own salary."

Does security roles really make that much more than other IT roles? If so, then I need to get into some type of network security role ASAP . I work in an environment where there are around 60 network engineers, so I don't get to really talk to anyone in security at all.

jeremywatts2005

The answer is a yes in many cases. Security has a higher pay scale for most companies or at least the ones I have seen. Even entry level roles are pretty high paying. I know tier one SOC analyst in the 50 to 60K range out of college in DC. I know I am making the most I ever have made in security. Do some checking on glassdoor and other salary sites and see what I mean.

mbarrett

People with the right qualifications are in demand.

DatabaseHead

Been wondering this myself. Good insight, thanks for the heads up.

LeBroke

Not really. At a similar experience level, devs make more.

chrisone

mbarrett wrote: »

People with the right qualifications are in demand.

+Infinity

Danielm7

mbarrett wrote: »

People with the right qualifications are in demand.

Yep, supply and demand, it's a hot topic right now and there is a lot of demand but not a lot of qualified people to fill it, so they're likely to spend more to get the people they want.

EANx

"More than everyone else"? No. They are a large segment of the industry where the employees are definitely in control but there are other (smaller) groups that pretty consistently make more and a lot depends on the area you live in. Pay-wise, it's a pretty good segment to be in at the entry-level and mid-tier but for real engineering, the ones who can make serious bank include virtualization networking engineer or a storage engineer. People who can make changes that directly improve the bottom-line almost always get paid more.

networker050184

It really just depends on the company, but in my experience no they aren't paid more than any similar skilled person in any other high demand field. Cloud, dev ops, networking, virtualization etc.

gespenstern

Certainly less than medical doctors. MUCH less.

OctalDump

EANx wrote: »

People who can make changes that directly improve the bottom-line almost always get paid more.

I'd slightly change that to "People who can demonstrate that their changes directly improve the bottom-line, almost always get paid more". And demonstrating that is often easier with hands on infrastructure roles where you can say "we've cut our server operating costs by 23% by virtualising".

Security is often about framing that in a more abstracted way "the risk we were carrying before the changes was $25,000 per year, and now it is $2400", but since no one was actually paying out that risk, the only people who tend to understand is risk managers and accountants.

So you need to get good at understanding how what you are doing is benefiting the business, and then being able to explain that simply to management (and anyone who will listen). This is how consultants make bank. They do esoteric and abstracted things, and then give a nice story to go along with it.

atippett

gespenstern wrote: »

Certainly less than medical doctors. MUCH less.

Maybe you should trade in them certs for an English degree, apparently you can't read. Who knew somebody in the IT field can become a medical doctor?

OctalDump

atippett wrote: »

Maybe you should trade in them certs for an English degree, apparently you can't read. Who knew somebody in the IT field can become a medical doctor?

Well, John Halamka, has had parallel IT and medical careers.

BlackBeret

No, people in security do not make more than everyone else with equivalent experience in their area. It appears people in security make more because even a low level security position requires several years of experience in other related areas. Someone with 7 years of networking experience and someone with 5 years of networking experience + 2 years of security are typically making around the same pay. Also, because security is specialized you typically find people that are more dedicated to learning, practicing, and growing to get to where they want to be. Anyone who puts that much dedication in to any IT field can make good money, sometimes better. I'd bet a 10 year CCIE is making more than a 10 year security analyst. Senior project lead on a dev team? Bank.

All anyone looks at is "oh, the security guy has only been doing that for 2 years, look at how much he's making". They forget how long he's worked in other areas before moving in to security. Of course there are always variances based on locality, demand, company hoping, etc, but in general there's not much difference.

kristankelsch87

The answer is yes

Danielm7

atippett wrote: »

Maybe you should trade in them certs for an English degree, apparently you can't read. Who knew somebody in the IT field can become a medical doctor?

Or maybe he was just being funny?

mbarrett

If you have the right experience, skillset, and education/certs then you will be competitive for a well-paying job. Assuming you have the background that a specific employer is looking for.
To put it another way, the need for security skills & knowledge is not going away anytime soon. If you bring something to the table that employers want, then you are more likely to get hired.

mudflaps

Security makes good money, but I see lots of people in security that don't know much about the underlying systems they are trying to secure - this is an issue for me. When i see someone with a pile of certs and cannot locate Services or open a command prompt on a Windows OS, to me this completely negates their credentials. If you are one of these people, you will be quickly identified.

Cyberscum

Where I work, yes.

Cyberscum

mudflaps wrote: »

Security makes good money, but I see lots of people in security that don't know much about the underlying systems they are trying to secure - this is an issue for me. When i see someone with a pile of certs and cannot locate Services or open a command prompt on a Windows OS, to me this completely negates their credentials. If you are one of these people, you will be quickly identified.

On the flip, I see a lot of net, app and admins that no little to nothing about security....some of them even circumvent security controls.

mudflaps

Cyberscum wrote: »

On the flip, I see a lot of net, app and admins that no little to nothing about security....some of them even circumvent security controls.

It is definitely a two way road.

jcundiff

Cyberscum wrote: »

On the flip, I see a lot of net, app and admins that no little to nothing about security....some of them even circumvent security controls.

On a daily basis

powerfool

gespenstern wrote: »

Certainly less than medical doctors. MUCH less.

That also varies greatly. Surgeons and specialists make a ton of money, but family practice doctors are on the low end with many hanging right around the $100k mark. This is starting to change, however, as many doctors [in the US] are switching to no insurance models where they do a subscription.

All of these things are relative though.

LeBroke

They should move to Canada.

Fixed rates significantly benefit family GPs as opposed to higher-end specialists (who often take longer with clients).

A typical family doctor in BC makes like $200-300k because there's a severe shortage of them.

UnixGuy

Couple friends of mine in Australia are doctors, and they are OVER worked and not paid that much more than IT folks (with experience). Emphasis on the 'overworked', it takes over their life

winona_ryder

atippett wrote: »

But I always see people on here saying "I work in [some type of security role], I get to set my own salary."

Does security roles really make that much more than other IT roles? If so, then I need to get into some type of network security role ASAP . I work in an environment where there are around 60 network engineers, so I don't get to really talk to anyone in security at all.

I think the setting your own salary is a bridge too far. All companies have budgets.

It appears that there is a big demand currently within Info Sec for people with the right mix of qualifications, experience, and communication skills. Someone with a few security certs can't set their own salary. But someone suitably qualified and a lot of experience, who is articulate and can communicate up and down, will be able to negotiate an increase and justify it.

It's no different from any other field where people with good skills are in high demand.

beads

This comes up on this board way to often and has been answered enough times it should be compiled and listed as a sticky.

Answer is no but if you need actual information concerning my view I suggest you 'Google': IT pay rates or security pay followed by '2016' or '2017' for up to date information. Likewise, go look at any 'comp table' for your area and expertise and do a little actual research on the topic.

:cheers*Poe's Law ALERT!*)

/s Now for the low information Tech-Exams poster answer is the following: Unequivocally YES! IT SECURITY makes twice the money of other IT analysts for half the work, maybe a single certification like Security+, will help you loose weight, make you more attractive to the opposite sex and demand the love and attention your parents deprived you of a child. Your peers and upper management will swoon as you walk in the door in the mornings knowing that YOU the InfoSec guardian of the organization is there and ready to conquer the toughest of challenges without the slightest of effort. Here's to you Mr. or Mrs. Security 'pro'! /s

I have to make it terribly apparent or someone will take me as being completely serious and post some rant about me below.

High end developers, network engineers and IT leadership all come in well ahead of InfoSec but those people don't get many stories on CNN these days. Hence the InfoSec hype.

Do your research.

- b/eads

atippett

beads wrote: »

This comes up on this board way to often and has been answered enough times it should be compiled and listed as a sticky.

Answer is no but if you need actual information concerning my view I suggest you 'Google': IT pay rates or security pay followed by '2016' or '2017' for up to date information. Likewise, go look at any 'comp table' for your area and expertise and do a little actual research on the topic.

:cheers*Poe's Law ALERT!*)

/s Now for the low information Tech-Exams poster answer is the following: Unequivocally YES! IT SECURITY makes twice the money of other IT analysts for half the work, maybe a single certification like Security+, will help you loose weight, make you more attractive to the opposite sex and demand the love and attention your parents deprived you of a child. Your peers and upper management will swoon as you walk in the door in the mornings knowing that YOU the InfoSec guardian of the organization is there and ready to conquer the toughest of challenges without the slightest of effort. Here's to you Mr. or Mrs. Security 'pro'! /s

I have to make it terribly apparent or someone will take me as being completely serious and post some rant about me below.

High end developers, network engineers and IT leadership all come in well ahead of InfoSec but those people don't get many stories on CNN these days. Hence the InfoSec hype.

Do your research.

- b/eads

Well you just lost all credibility by citing CNN as a reputable news source. Nobody that has any intelligence keeps up with CNN. If you're going to comment something sarcastic, don't make yourself look like a fool by quoting CNN, jeez.

atippett

beads wrote: »

This comes up on this board way to often and has been answered enough times it should be compiled and listed as a sticky.

Answer is no but if you need actual information concerning my view I suggest you 'Google': IT pay rates or security pay followed by '2016' or '2017' for up to date information. Likewise, go look at any 'comp table' for your area and expertise and do a little actual research on the topic.

:cheers*Poe's Law ALERT!*)

/s Now for the low information Tech-Exams poster answer is the following: Unequivocally YES! IT SECURITY makes twice the money of other IT analysts for half the work, maybe a single certification like Security+, will help you loose weight, make you more attractive to the opposite sex and demand the love and attention your parents deprived you of a child. Your peers and upper management will swoon as you walk in the door in the mornings knowing that YOU the InfoSec guardian of the organization is there and ready to conquer the toughest of challenges without the slightest of effort. Here's to you Mr. or Mrs. Security 'pro'! /s

I have to make it terribly apparent or someone will take me as being completely serious and post some rant about me below.

High end developers, network engineers and IT leadership all come in well ahead of InfoSec but those people don't get many stories on CNN these days. Hence the InfoSec hype.

Do your research.

- b/eads

Also, if you would've read the whole post and not just the title, you would've known I'm a network engineer.

atippett

beads wrote: »

Do your research.

- b/eads

Let's do some research, guys.

https://www.glassdoor.com/Salaries/senior-network-engineer-salary-SRCH_KO0,23.htm Senior Network Engineer, $104K

https://www.glassdoor.com/Salaries/senior-developer-salary-SRCH_KO0,16.htm Senior Developer, $100K


https://www.glassdoor.com/Salaries/it-senior-manager-salary-SRCH_KO0,17.htm IT Senior Manager, $140K

https://www.glassdoor.com/Salaries/senior-security-engineer-salary-SRCH_KO0,24.htm?bcsi-ac-cde40c890bd19f3d=2719301D00000002/KpSjp9EAQ30lE8fK0VwWZXA7/klBgAAAgAAAIIVFwCEAwAADwAAANF3AQA= Senior Security Engineer, $113K


So beads was right, only 1 out of 3. I don't think a 33% is passing any exam, dang. Sorry man, "do your research."

RHEL

I wouldn't say that security makes more than system/network/storage engineers or DBAs at my company.

Level I Security Analyst is the same paygrade as the above, except for DBAs start at a grade higher for level I. However, they all tap out at the same pay.

ie, system engineer I-V = ranges 206-210
security analyst I-V = ranges 206-210
DBA I-IV = ranges 207-210

As far as where they start in the range, it's the typical HR *wanting* to get you in at the bottom of the grade but ultimately settling for up to mid.