When asked to choose the best part of an IT security job, nearly 28 percent of respondents said "trust" was a major positive aspect of their occupation. Nearly 12 percent chose "working hours and a balance between work and other parts of life" and 11 percent emphasized compensation.
"Compensation for information security jobs is strong and growing," the organization said. "The median income, including salary and bonus, for all U.S. information security professionals is $81,558. Other nations pay less. The worldwide median is $77,050. Great Britain's median is $76,389. Canada's median is $67,982. The median for the rest of the world is $51,250."
When asked to pick their job's main irritant, more than 20 percent said they dislike "problems in management and leadership, including a lack of vision and micromanagement." Almost 10 percent chose long or undesirable working hours, and more than 8 percent cited "low compensation."
More than 4,250 security pros participated in the 2005 Information Security Salary and Career Advancement Survey, according to the organization. The poll was taken between Oct. 20 and Nov. 18, 2005.
Asked to cite critical skills necessary for advancement, more than 65 percent of respondents said verbal and written communication, technical knowledge and critical thinking and judgment were very important.
Alan Paller, SANS director, was pleased with that response.
"These highly technical people understand that their speaking and writing skills are more important than their technical skills for career advancement," he said. "Hooray!"
Surprisingly, more than 34 percent of those asked about the value and impact of professional certifications said they have "no impact" on their professional lives. Nearly 28 percent said they "helped me make our systems better defended against penetrations."
Twenty-four percent said they helped them get a new job, and nearly 20 percent said it helped them get a raise.The survey has shown that, in most cases, the certifications do not benefit the enterprise, Paller said.
"Basically that says most of the certifications benefit the cert holder but not the employer," he said. "The exceptions are the Global Information Assurance Certification and vendor specific security certifications. They help both the employee and the employer."