I don’t trust salary surveys because they don’t take into account all of the variables that go into a persons salary. These variables include location, experience, education, certifications, and the company. Most salary surveys only take into account one or two variables and completely ignore the others. While these other variables do get included within an “average” this average can be so much different than your salary range that it doesn’t do any good to know it.
Will a CISSP in West Virginia make the same salary as a CISSP that lives in Chicago? Of course not. If you are a new security analyst that just obtained a CISSP, you probably won’t make as much money as a senior CISO that has had the CISSP for years. Likewise, some consulting businesses offer high reward salaries, while also offering high risk (and more travel). Will a high school dropout make as much as a CISSP with a doctorate? You can see how these wildly different scenarios make for a wildly inaccurate salary survey.
Salary surveys aren’t all bad. They do a reasonably good job at showing trends about the one variable they analyze. For example, in 2005 CertMag published a salary survey that said CISSP’s make and average of $94,070 per year. Should you expect this salary after passing the CISSP? Maybe, maybe not. The survey just isn’t helpful in that regard.
What the survey can do is compare this one variable (certifications) against one another to develop trends. Using this survey we can see that the CISSP, CISM, and CISA are among the highest trending security surveys. The ISSMP and ISSAP concentrations throw a different wrench into the analysis because you can’t obtain those without first getting the CISSP. Here is a short list of comparable certification from that survey:
- CISSP-ISSAP $114,210
- CISM $112,490
- CISSP-ISSMP $111,280
- CISA $99,040
- CISSP $94,070
- SSCP $78,430
- Security+ $68,280
You shouldn’t have unrealistic expectations about your salary based on a salary survey. However, the CISSP is regularly among the top of the list among certifications on any salary survey and its commonly listed as a requirement or “good to have” in job postings.
Image courtesy sushiina
No related posts.
Follow us on Twitter
Follow us on Facebook
Subscribe to RSS Feed
I don’t understand how the CISA and CISM has a higher salary average than the CISSP. They are both difficult, but not as hard as the CISSP.
Vick,
I’m willing to bet that the CISA and CISM salaries are higher only because these certifications are held primarily by CISSP holders. So it is not the CISA or CISM certification themselves that is more valuable, but rather the seasoned CISSP holder whome also obtained a secondary certification to further qualify them within the specialized slots of 8570.
That is an excellent observation shared.
Another reason I don’t think salary surveys are too reliable is that often, people have multiple certifications. A person with CISSP, CISM, and CEH certs probably makes a more than somebody with just a CISSP, but the statistics don’t break that out. And also, a lot of very high-ranking folks have some of these certs – if you have 100 respondents to a salary survey and 15 of them are CIOs, then the total average base pay isn’t going to be too realistic.
I got my CISSP-ISSEP in March 2012. I am at $113,000 annual salary. I’ve been at the same job for about 10 years, and I believe that my salary comes from a reputation for excellent work and extensive knowledge in the field. The cert is important as a qualifier, but the experience and knowledge define your value to an organization. I have been offered well over $125k for other positions, however I have a great team that works for me and I am employed by a great company close to home….. Why ruin a good thing?