Seven IT security skills certifications on the rise

A number of IT security skills certifications requiring candidates to pass exams have sharply gained in terms of demand and pay value, according to a new Foote Partners report.

A number of IT security skills certifications requiring candidates to pass exams have sharply gained in terms of demand and pay value, according to a new Foote Partners report.

The "2013 IT Skills Demand and Pay Trends Report" is based on the tracking of the demand for a wide range of IT skills at 2,496 private and public-sector U.S. and Canadian employers for a total of 151,864 IT professionals.

[QUIZ:Name That Hacker]

For the second quarter, seven IT security certifications gained 10% or more in market value in terms of demand from the previous quarter, according to Foote Partners. David Foote, chief analyst and research officer, says obtaining certifications in IT skills typically means the worker's pay gets a boost, often as a bonus for having been certified for certain skills through training and passing an exam of some type.

Foote Partners tracks 61 separate IT security certifications overall, and over the past three months five of the seven hottest are produced by the Global Information Assurance Certification (GIAC) organization, which is affiliated with SANS Institute for training.

The five GIAC certifications singled out are:

  • Certified Incident Handler, which spiked 22.2% in demand according to the companies reporting to Foote Partners.Foote says which typically translates into a 1% to 2% pay bonus to the employee holding the security certification.
  • Certified Firewall Analyst, rising 20%.
  • Certified Forensics Examiner, up 16.7%.
  • Certified Intrusion Analyst, up 10%.
  • Certified Forensics Analyst, up 10%.

Two other IT security certifications were also considered valuable in terms of boosting pay during the past three months.

One of them is the CWNP Certified Wireless Security Professional certification, up 16%, from the Certified Wireless Network Professional organization.

The other is the Infosys Security Engineering Professional certification, known as the as the ISSEP/CISSP certification, and which is up 10%. It recognizes advanced security engineering and was designed by the International Information Systems Security Certification Consortium (ISC2) in coordination with the U.S. National Security Agency.

Foote notes that while trends can show upward spikes in demand, they can also drop in a three- and six-month timeframe. He adds that security spending tends to be driven by corporate need to achieve regulatory compliance.The GIAC IT security certifications cited in the Foote Partners report were among those considered to provide "the highest pay premiums" along with non-security specific ones, such as the Open Group Master Architect and the EMC Cloud Architect Expert (IT-as-a-Service). "Cloud certifications haven't been around for a long time, so we're just starting to put in this data during the past year," Foote points out.

Other IT security certifications are also ranked among those earning the highest pay premiums, though they didn't necessarily show the three-month market-value jump. These include the IT security certifications known as the GIAC Security Leadership; Certified Information Systems Security Professional; Certified Information Security Manager; CyberSecurity Forensic Analyst; and the Information Systems Security Architecture Professional (ISSAP-CISSP).

The Foote Partners quarterly report also cited significant rise in market value in a number of non-security-specific certifications, including the CWNP/Certified Wireless Network Expert and CWNP/Certified Wireless Network Administrator certifications. Some HP systems administration certifications rose sharply in value as did some project management certifications. Three Oracle database administrator certifications jumped 10% or more in pay value. However, a number of Oracle certifications also declined 10% over the previous quarter. These decliners were: Oracle SOA Infrastructure Implementation Certified Expert; Oracle Certified Professional Java EE Web Services Developer and Oracle Certified Master, Java EE Enterprise Architect.

The only IT security certification seen as falling 10% or more in pay value in comparison to the previous quarter was the GIAC Certified Penetration Tester certification, which dropped by 33.3%.

The Foote Partners report points out that overall, IT certifications in general have actually been falling in value since 2007, so it's notable that 289 IT certifications increased last quarter, up 0.84% in value overall. Foote Partners also continuously tracks the demand for IT roles and responsibilities not based on IT certifications.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags AssuranceFoote PartnersSANS InstitutesecurityWide Area Network

More about CyberSecurityEMC CorporationFoote PartnersHPIDGInfosysInternational Information Systems Security Certification ConsortiumIntrusionISC2National Security AgencyOpen GroupOracleSANS Institute

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place