Certification - May 2008 - (Page 25) ity of respondents. The (ISC)2 respondents surveyed are well educated, with roughly half having obtained a bachelor’s degree (49 percent) and just more than a third having obtained a master’s degree (36 percent). Half of the respondents work in very large organizations (10,000-plus employees), and nearly 45 percent reported working for organizations with revenues between $500 million and $10 billion. The next largest segment of respondents (20 percent), however, reported working for small organizations (one to 499 employees). This contrast indicates a growing diversity within the field. The most common types of organizations for which (ISC)2 member respondents indicated they worked were information technology (18 percent), professional services (18 percent) and banking (11 percent). The most commonly held job titles are security consultant (19 percent), security manager (12 percent), security analyst (11 percent), IT director/manager (10 percent) and security systems engineer (10 percent). Despite the variety of job titles respondents hold, the overwhelming majority (70 percent) considers its current job function to fit under the umbrella of “information security professional,” as opposed to information technology professional. This differentiation is a positive trend for the industry, underscoring that information security is seen as a distinct field rather than simply an extension of IT or another technical profession. The average number of years of information security experience reported by (ISC)2 members was just more than 10, with about half (49 percent) actively involved with information security for six to 10 years. Those with more than 15 years of experience reported a current role that is mostly managerial, while those with fewer than six years of experience have a role that is mostly technical. What do these professionals spend their time doing on the job? Respondents indicated the most common job functions were researching new technologies (49 percent); developing internal security policies, standards and procedures (45 percent); meeting regulatory compliance (42 percent); internal and political issues (41 percent); and implementing new technologies (40 percent). In other words, information security professionals are busy fighting fires on all fronts. INSIDE CERTIFICATION continued on page 39 more than $100,000. (ISC)2 respondents in the Americas continued to lead the way in annual salary, with an average reported income of $100,967. Although APAC still trails the Americas and EMEA regions in terms of average salary at $63,181, this is still a significant increase from 2006’s findings of $52,912. Worldwide, the majority of non-(ISC)2 member respondents (69 percent) reported earning salaries of less than $79,999, with the largest segment (33 percent) earning $39,999 or less. Key Demographics If you are an information security professional, or if you’re responsible for hiring them, it’s good to have an understanding of how your peers are doing around the world. Following is a brief profile of the average professional from the GISWS. Although both (ISC)2 members and non-members were included in the survey, the following demographics will focus on members, since they comprised the major- May 2008 CERTIFICATION MAGAZINE 25
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.