In fact, nearly three-quarters of survey respondents with security titles reported an increase in total compensation from a year ago, with an average bump of 6.2%. In comparison, 68% of all respondents reported that their total compensation had risen in the past year, and the average increase was 3.6%.
The trend is welcome news to Bobbi Jo Pickar, who has spent 27 years as an IT security professional, holding various technical and managerial roles. "In the past, management hasn't given us enough credit and they didn't realize how much a security organization could save a company or government by doing things right," says Pickar, who now serves as an information security specialist/computer systems security analyst at Lockheed Martin. "Now that they understand how much risk could cost, they are starting to take a much more proactive approach."
The pros and cons of constant change
The spotlight on security and the increasingly malicious nature of cyberattacks have created new opportunities for security pros, and those factors have helped turn security into a satisfying career, says Kevin Fred, a senior information security consultant who's now working as a principal security engineer for a large payment processing company in Cincinnati. Security has gained lots of new job descriptions, including C-level positions that didn't exist years ago, and security roles have increased in stature across the board.
"We're in an elevated spot -- in any company across every industry, infosec is held in higher esteem because we're the protectors of the crown jewels," he says. "There's a lot of prestige and satisfaction that comes along with that."
Also satisfying to Fred and other security professionals is the dynamic nature of the field: As threats evolve, there's an endless stream of new material to master. The constant change appeals to Tim Pospisil, IT security supervisor for Nebraska Public Power District, who has been in IT for eight years and has done security work for almost half of that time.
"I work in nuclear, which is the best of 1960s technology, and [security] is not," he says. "Security is definitely cutting-edge. You're always having to adapt to something new, whether it's new vulnerabilities or new ways hackers are exploiting the network. It forces you to constantly be on your toes, and it keeps you fresh."
However, Pospisil warns that the constant change can be a drawback. "You don't ever feel like you get downtime or get a chance to catch a breath," he says. "And there's always the fear that you're going to miss something and become a logical target."
Sign up for CIO Asia eNewsletters.