SANS Institute to Conduct Security Study

Posted on
Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone

The SANS Institute, which runs the well-known SANS GIAC certification program, announced it would be conducting a career development survey for security professionals this week and is seeking out participants. The study will cover issues like job tasks, industries, region of employment, education and certification, said Alan Paller, director of research at the SANS Institute.


There are two primary objectives for the survey, Paller explained. “There are two goals, and they’re really completely independent. One is to provide the hard data that security people can use to assess their salaries and how they compare with others in their industry and region. That’s the primary purpose. Secondly, it’s to provide illumination to those secondary questions that drive people crazy, like what do they need to do to get a raise? What do they need to do to get a promotion?”


The study, which went live last Friday and will run through Sunday, is something of a change for the SANS Institute. The organization’s surveys typically are limited to compensation issues. “We’ve done salary surveys before,” Paller said. “We’ve never done one that got into certification. We focus this time on questions about certification and what role it plays in people’s minds, and also how employees and supervisors differ over what professional characteristics are important.”


Although the study’s findings aren’t in yet, Paller expects a few results that might come as a surprise to participants. “I think we’re going to find effective communications skills are more valued by the employer than the employee,” he said. “Many technical people don’t know how much that alters their career opportunities. They’re comfortable learning new technical capabilities and uncomfortable moving people to action.”


Paller also predicted some interesting findings around security credentials like those offered by organizations like CompTIA, ISACA, (ISC)2 and his own SANS Institute. “I think the conventional wisdom about security certifications will get a leveling. What I mean by leveling is people think this certification is good for this and that one is good for that. I think you’re going to find that there are more similarities between what people think the certifications reflect than what proponents of certification like to say. An example is management. Which one prepares you best for management?”


Those interested in participating in this brief study can do so at the SANS Institute Web site. Be prepared to provide personal information, though, as the organization eschews anonymity from survey participants.


For more information, see

Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone


Posted in Archive|