Despite a weakened economy and a slowdown in IT spending, a recent report indicates that the average bonus for IT security employees in the U.S. -- bonuses usually tied to certain certifications and skills -- rose 14.8 percent in the third quarter to 8.3 percent of base salary.
But, according to the report by Foote Partners LLC, an IT salary research firm in New Canaan, Conn., the annual base salary for IT security workers has not risen as sharply. The report was based on interviews with 29,400 IT employees in the public and private sector.
In a Web conference Tuesday, David Foote, the firm's managing partner and research director, said that so far this year, the average annual salary for IT security employees had increased 2 percent to 3 percent. (Foote is a contributing columnist to Computerworld.) According to the report, a director of information security earned US$119,533 in the third quarter compared with $116,225 in the first quarter, and a manager of information security earned $105,249 in the third quarter, up from $103,257 in the first quarter.
The report found that the director of information security would earn a bonus of $19,125, or 16 percent of a $119,533 salary, while a manager of information security would earn a bonus of $16,314, or 15.5 percent of a $116,225 salary.
Foote said the most sought-after security skills were those associated with project assignments, such as data warehousing, customer relationship management, enterprise relationship management and e-business. He said the median bonus for security employees with those skills was equal to 18 percent of their base pay in the third quarter.
Foote said companies are, and will continue to be, reluctant to pay large security skills premiums to junior staff or inexperienced workers. "The available funds for security skills are going to top-tier, impact IT workers," he said.
Cape Coral, Fla.-based I.T. Search Professionals agreed with Foote's findings. The company specializes in the search and placement of the nation's top information technology professionals for permanent employment. "Bonuses, long a regular annual benefit for top executives, will accelerate in 2001 as a means both for retaining present staffs and for attracting and hiring high-demand new talent, with both 'stay-on' and 'sign-on' bonuses," the company said in information posted at its Web site.
According to I.T. Search Professionals, about 65 percent of CIOs and IT directors will receive bonuses in 2001 averaging approximately 22 percent of their base salaries, and 15 percent of middle managers will earn bonuses equal to about 10 percent to 15 percent of their base salaries. IT staff will earn bonuses this year equal to an estimated 4 percent to 5 percent of their base salaries.
Earlier this year, Computerworld's annual salary survey found that senior IT people received bonuses equal to approximately 22 percent if their base salaries, with middle management employees getting bonuses equal to about 15 percent of their base salaries.
Not everyone familiar with salary issues in the IT industry agreed with Foote's findings. Victor Janulaitis, CEO of Janco Associates Inc., a management consulting firm in Park City, Utah, said bonuses in all areas of IT, including security, are almost nonexistent. He said IT bonuses -- even in security -- have shrunk to about 4 percent or 5 percent of base salaries, if they exist at all.
"We're in the process of doing our survey and our numbers will be very different," Janulaitis said. "People are paying a premium for security and disaster recovery people, but bonuses for existing people do not exist. The CEO isn't even getting a bonus, and if the CEO isn't getting a bonus, then neither (is anyone else)."
According to Foote, companies in the next 12 to 24 months will be looking for IT security people with expertise in such areas as remote and wireless access, authorization and authentication mechanisms, business-to-business exchanges, risk management, user-awareness policy development, and privacy and denial-of-service attacks.
Foote said employers are paying top dollar for IT security employees who are adept at corporate politics, offer experience in enterprise project management and who have good relationship management and team skills, a questioning attitude and an ability to solve abstract problems.