Salary Survey Extra: Deep Focus on CISSP
Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
Every other weekend in summer there’s a new blockbuster movie in theaters with this or that sneering evil mastermind preparing to take over the world. In 2017, however, taking over the world isn’t really about having a secret base inside a volcano, or finding an ancient artifact that grants supreme power to people in silly costumes.
Information is the currency of world domination, and stealing, manipulating, erasing, or otherwise disrupting computerized caches and networks that handle information is the real aim of actual supervillains. One of the best tools we all have in the fight against such real-world threats is certified information security professionals, and few (if any) security certifications are as widely established or respected as the Certified Information Systems Security Professional (CISSP) credential from (ISC)², No. 25 on this year’s Salary Survey 75 list.
The CISSP holders who responded to our 2016 Salary Survey are mostly from the United States (about 81 percent). CISSP is a truly global credential, on the other hand, and the one-fifth of respondent to come from outside the United States are an impressively diverse bunch, hailing from 42 different countries: Albania, Argentina, Australia, Austria, Bahrain, Barbados, Belgium, Bermuda, Brazil, Canada, Chile, China, Colombia, Denmark, France, Germany, Indonesia, Ireland, Italy, Jamaica, Japan, Malaysia, Mexico, Netherlands, New Zealand, Norway, Pakistan, Panama, Philippines, Russia, Singapore, South Africa, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Trinidad and Tobago, the United Arab Emirates, the United Kingdom, and Uruguay.
Among CISSP holders in the United States, the average annual salary in 2016 was $126,770, with a medial annual salary of $123,090. The comparable figure among respondents from outside the United States is $88,440, with a median annual salary of $82,920.
As is typical of the cybersecurity realm, most of those we surveyed are men (90.2 percent), though women accounting for roughly 10 percent of all CISSP holders in the survey is noteworthy. CISSP certification requires defined periods of work experience, which may be one reason that there aren’t very many spring chickens in the group: Just 6.6 percent of those surveyed are between the ages of 25 and 34, and not a single individual was younger than 25 in 2016. Most CISSP holders in the survey are between the ages of 35 and retirement, with 28.5 percent between the ages of 35 and 44, 37.4 percent between the ages of 45 and 54, and 23.8 percent between the ages of 55 and 64.
The highest level of education attained by most CISSP holders is either a master’s degree (41.8 percent of those surveyed) or bachelor’s degree (35 percent of those surveyed). The rest of our respondents are spread across the remaining educational spectrum in small pockets. A miniscule 1 percent are currently in school, 4.9 percent never pursued formal education beyond a high school diploma, 6.9 percent rose no higher than technical training (without college), 6.7 percent stopped after getting an associate’s degree, 2.4 percent hold doctorates, and 1.3 percent have a professional degree (such as a juris doctor) of some sort.
Slightly more than 95 percent of CISSP holders are employed full-time, versus just 1.3 percent who are unemployed. (Part-time jobs, retirement, and sabbaticals account for the balance of respondents.) Among those who have full-time jobs, roughly half (49.7 percent) work between 41 and 50 hours per week, while 13 percent put in more than 50 hours per week. Just 28.3 percent put in a standard 40 hours, while 7.2 percent work between 31 and 39 hours per week.
CISSP certification skews much more heavily toward management roles than most IT certs do. While the biggest single group of CISSP holders in the survey are at the senior specialist level (42.5 percent of those surveyed), there are numerous managers (17 percent), senior managers (12.9 percent), directors (13.4 percent), and executives (6 percent). Only a select few are either specialists (5.7 percent) or rank-and-file employees (2.5 percent).
We saw just a few paragraphs back that most CISSP holders tend to be 35 or older, and so it’s not surprising that most are information security veterans. An impressive 67.3 percent of all respondents have worked in a security role for more than 10 years, and an additional 23 percent have worked in security either between 9 and 10 years (10.1 percent) or between 6 and 8 years (12.6 percent). A notable 8.2 percent have worked in security for between 3 and 5 years, but almost no one (1.8 percent) has been in the game between zero years (1 to 11 months) and 2 years.
Finally, here’s the view of CISSP holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 49.7 percent
Several times a week: 28.6 percent
Several times a month: 10.9 percent
Occasionally: 8 percent
Rarely: 2.8 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 39 percent
Agree: 40 percent
Neither Agree nor Disagree: 16 percent
Disagree: 3.8 percent
Strongly Disagree: 1.2 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 18 percent
Agree: 38.7 percent
Neither Agree nor Disagree: 30.2 percent
Disagree: 9.4 percent
Strongly Disagree: 3.7 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 15.1 percent
Agree: 37.6 percent
Neither Agree nor Disagree: 34.3 percent
Disagree: 9.4 percent
Strongly Disagree: 3.6 percent