Salary Survey Extra: Deep Focus on (ISC)²’s CISSP
Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
Here we are deep in the heart of National Cyber Security Awareness Month (NCSAM). This feels like the perfect time to zoom in on one of the best-known and most widely respected cybersecurity certifications of them all, the Certified Information Systems Security Practitioner (CISSP) credential from (ISC)².
Since its first appearance almost 25 years ago in 1994, CISSP has turned heads among the ranks of hiring managers charged with seeking out skilled information security professionals. A reliable presence on our Salary Survey 75 lists, CISSP checked in this year at No. 20.
Here’s what the salary picture looks like for CISSP holders who responded to the Salary Survey:
All U.S. Respondents
Average Annual Salary: $131,030
Median Annual Salary: $126,770
How satisfied are you with your current salary?
Completely Satisfied: 11.1 percent
Very Satisfied: 22.2 percent
Satisfied: 45.5 percent
Not Very Satisfied: 17.7 percent
Not At All Satisfied: 3.5 percent
All Non-U.S. Respondents
Average Annual Salary: $90,640
Median Annual Salary: $88,790
How satisfied are you with your current salary?
Completely Satisfied: 5.7 percent
Very Satisfied: 19.8 percent
Satisfied: 39.7 percent
Not Very Satisfied: 27.3 percent
Not At All Satisfied: 7.5 percent
Somewhat overwhelmingly, the largest single body of CISSP holders to participate in the survey is made up of U.S. residents: 83 percent of those surveyed. (ISC)² has a strong global brand, however, and we also heard from credential holders in 31 other countries: Australia, Bahrain, Barbados, Belgium, Brazil, Canada, China, Finland, France, Germany, India, Italy, Japan, Jordan, South Korea, Mexico, Morocco, Netherlands, New Zealand, Nigeria, Norway, Portugal, Romania, Saudi Arabia, Singapore, Spain, Switzerland, Thailand, Trinidad and Tobago, the United Arab Emirates, and the United Kingdom.
At least by one measure, CISSP is notably more progressive than most comparable cybersecurity certifications: 10.2 percent of CISSP holders who responded to the survey are women. Most CISSP holders tend to be established working professionals, at least in terms of age. An imposing 89 percent of respondents are either between the ages of 35 and 44 (25.1 percent), between the ages of 45 and 54 (39.1 percent), or between the ages of 55 and 64 (29.1 percent). The outliers are either 18 or younger (0.2 percent of respondents), between the ages 19 and 24 (0.3 percent), between the ages of 25 and 34 (7.1 percent), or between the ages of 65 and 74 (3.4 percent).
On the formal education front, the highest level of education completed by most CISSP holders is some level of university degree, either a master’s degree (41.8 percent of respondents), bachelor’s degree (33.2 percent), associate’s degree (7.8 percent), doctorate (3.4 percent), or professional degree (1.8 percent). The only CISSP holders to not claim some level of university education are those who climbed no higher than a high school diploma (2.9 percent of those surveyed), those who completed some level of technical training after high school (7.6 percent), or those who are currently students and whose peak educational achievement is therefore still in limbo (1.9 percent).
A very healthy 94.2 percent of CISSP holders who responded to the survey are employed full-time, with 2.6 percent claiming part-time employment, and 2.1 percent currently out of work, while 0.5 percent are on sabbatical and 0.6 percent are recently retired. Among those who have full-time jobs, most are on the clock either between 41 and 50 hours per week (50.2 percent of respondents) or for the standard 40 hours (28.9 percent). The outliers are those who put in more than 50 hours per week (14.9 percent of respondents) or who work between 31 and 39 hours per week (5.5 percent), with a tiny group who somehow maintain full-time employment status while working either between 20 and 30 hours per week (0.3 percent) or fewer than 20 hours per week (0.2 percent).
In terms of workplace standing, the largest single group of CISSP holders are senior specialists (42.7 percent of respondents). The rest, in descending order, are either managers (16.4 percent of respondents), directors (11.8 percent), senior managers (11.5 percent) , executives (7.7 percent), specialists (7.1 percent), or rank-and-file employees (2.8 percent).
An impressive 70 percent of all CISSP holders to participate in the survey are veterans, having worked in a role that directly utilizes one or more of their certified skills for more than a decade. The rest have been plying their certified skills for either between zero years (1 to 11 months) and 2 years (3.3 percent of respondents), between 3 and 5 years (7 percent), between 6 and 8 years (10.4 percent), or between 9 and 10 years (9.3 percent).
Finally, here’s the view of CISSP holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 56.2 percent
Several times a week: 25.1 percent
Several times a month: 7.8 percent
Occasionally: 9.3 percent
Rarely: 1.6 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 42.2 percent percent
Agree: 38.2 percent
Neither Agree nor Disagree: 15.1 percent
Disagree: 2.9 percent
Strongly Disagree: 1.6 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 23.2 percent
Agree: 39.8 percent
Neither Agree nor Disagree: 25.3 percent
Disagree: 7.8 percent
Strongly Disagree: 3.9 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 22.1 percent
Agree: 37.6 percent
Neither Agree nor Disagree: 29.6 percent
Disagree: 7.5 percent
Strongly Disagree: 3.2 percent