Salary Survey Extra: Deep Focus on ISACA CISM
Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
Most credit card users, over the past year or so, have probably noticed a change in the way their card is read at many, if not yet all, retail checkstands. Instead of swiping your card, you must now insert it into a reader that scans a security chip printed on the card itself. Why the change? In a word: theft.
Ongoing theft of cardholder data led to the enhanced security measures, which make it harder to copy and reproduce cardholder data to make illicit purchases. The increasingly digital world we live in is a battleground between thieves and security experts, and there are likely to be ongoing consumer protection efforts that affect our lives in small ways.
A notable faction of the information security professionals who resist the ever-escalating threat posed by hackers hold the Certified Information Security Manager (CISM) credential issued by security and governance association ISACA. Launched in 2002, the CISM is claimed by more than 27,000 individuals worldwide and is a staple of our Salary Survey 75 list.
On this year’s list, the CISM checked in at No. 12. Among CISM-certified individuals who responded to the survey, 70 percent are from the United States, with the remaining thirty percent spread through 27 countries around the world, including Argentina, Austria, Belgium, Bermuda, Brazil, Canada, Chile, China, Denmark, Germany, India, Indonesia, Ireland, Italy, Jamaica, Japan, Mexico, the Netherlands, New Zealand, Nigeria, Norway, Peru, Romania, Spain, Switzerland, Trinidad and Tobago, and the United Kingdom.
Among U.S. CISM holders, the average annual salary in 2016 was $135,350, with a medial annual salary of $130,500. The average annual salary across all countries outside the United States was $89,920, with a median annual salary of $91,110.
As with many security credentials, the global body of CISM holders is overwhelmingly male: 92.3 percent of all CISM holders surveyed are men. CISM-certified individuals also tend to be significantly older than is the norm for many IT certifications: A shade more than 67 percent of those surveyed are 45 or older, and of the remaining 33 percent, most (28.3 percent) are between the ages of 35 and 44, and not a single individual was younger than 25.
The highest level of education attained by most CISM holders is either a master’s degree (an eyebrow-raising 51.5 percent of those surveyed) or bachelor’s degree (26.8 percent). Despite a smattering of doctorates and professional degrees, most of the rest of those surveyed are either two-year college graduates (5.6 percent) or high school graduates with some degree of specialized technical training (7.6 percent).
A rock-solid 95.7 percent of CISM holders in our survey are employed full-time, versus just 1.8 percent who are unemployed. (Part-time employment, retirement and sabbatical account for the balance of the survey population.) Long hours are the norm for CISM holders, with nearly 65 percent at work either between 41 and 50 hours per week (50 percent), or more than 50 hours (14.1 percent). Nearly everyone else (26.8 percent of respondents) works a standard 40 hours per week, though we did hear from a small group (8/6 percent) who work between 31 and 39 hours per week.
Jobs for CISM-certified individuals are most prevalent in management, with more than 37 percent of respondents currently employed as either managers (16.9 percent) or senior managers (20.3 percent). Higher up the corporate ladder, there are also notable contingents of directors (17.4 percent) and executives (9.7 percent). Nearly everyone else surveyed (29.5 percent) is at the senior specialist level.
As hinted at by the age of survey respondents, most CISM holders are IT lifers. A notable 68 percent have worked in information security for more than 10 years, while 25 percent have been in the field either between 9 and 10 years (12.6 percent), or between 6 and 8 years (13 percent).
Finally, here’s the view of CISM holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 55.6 percent
Several times a week: 25.1 percent
Several times a month: 12.1 percent
Occasionally: 4.8 percent
Rarely: 2.4 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 44 percent
Agree: 39.1 percent
Neither Agree nor Disagree: 14 percent
Disagree: 1.9 percent
Strongly Disagree: 1
Becoming certified has increased my problem-solving skills.
Strongly agree: 21.3 percent
Agree: 41.5 percent
Neither Agree nor Disagree: 27 percent
Disagree: 6.8 percent
Strongly Disagree: 3.4 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 19.8 percent
Agree: 37.7 percent
Neither Agree nor Disagree: 33.8 percent
Disagree: 5.8 percent
Strongly Disagree: 2.9 percent