Security professionals with formal industry certifications are commanding among the highest salaries in the IT industry, peak security body ISACA has argued as it commemorates the certification of its 25,000th Certified Information Security Manager (CISM) since 2002.
The milestone reflects the growing importance of formal industry certifications to security professionals, ISACA noted, despite recent research showing that many security positions remain unfilled and nearly two-thirds of companies have not increased their security training budgets this year.
CISM, one of four certifications from ISACA, has been accredited under the ISO/IEC 17024:2003 standard and feeds ongoing industry demand that made it one of the highest-paying certifications in the latest Foote Partners IT Skills Demand and Pay Trends Report.
Senior executives' “insistence on security for customers whose sensitive information flows across enterprise networks...has put tremendous pressure on IT leadership to execute flawlessly and predictably,” the Foote report states.
“For many companies, this can only be achieved with a dramatic transformation of the IT organisation and everyone who works in it. They have to architect their human capital, not just their systems and applications.”
The ISACA 2014 Advanced Persistent Threat (APT) Awareness Study found that, despite the growing recognition of the threat APTs pose, 62 percent of companies did not spend more on security training this year to match.
With estimates suggesting nearly 1 million security-related positions remain unfilled, ISACA has recently ramped up its efforts to encourage investment in industry certifications and training. Last month it launched Cybersecurity Nexus (CSX), an online education program designed as “a single, central location where security professionals and their enterprises can find cybersecurity research, guidance, certificates and certifications,” and other resources.
CISM isn't the only certification attracting the big bucks: specialised certifications such as Certified in Risk and Information Systems Control (CRISC), EC-Council Certified Ethical Hacker (CEH), Information Systems Security Engineering Professional (ISSEP/CISSP) and Information Systems Security Management Professional (ISSMP/CISSP) were all singled out in the Foote analysis as being among those certifications attracting “above average pay premiums” now – and expected to continue to do so in the next three to six months.
“Information security managers are being recognised for the value they bring to enterprises,” ISACA international vice president Allan Boardman said in a statement. “The CISM designation verifies the knowledge and experience needed by a successful information security manager.”
CISM exams are offered three times a year around the world, and include four domains including information security governance; risk management and compliance; security program development and management; and incident management. They also require evidence of relevant work experience.
ISACA, which recently marked its 45th anniversary, also recently launched the first five of what will be more than 30 COBIT-aligned audit and assurance programs to be released in 2014. It also recently began offering digital 'badges' that allow certification holders to attest to their security expertise within online resources.