Position and profile. Another section of the survey asked respondents about their job within the company, including reporting level, staffing, geographical responsibilities, and budget. They were also asked about their experience, including years in the profession and years at their current company. In addition, profile questions asked about their certifications, academic credentials, and age.
Reporting level. Fully 35 percent of respondents indicated that they were the top-level security person in their organization. Those top-level people earned a median compensation of $84,000. Those who were not the top-level person reported a median income of $73,000.
Respondents were also asked what function or authority the department reported to. As might be expected, those whose reporting structure suggested responsibilities limited to general and physical security responsibilities—such as reporting to the facilities department—were among the lowest paid ($66,000). Higher on the scale were those reporting directly to the CEO ($84,000). Surprisingly, those reporting to the legal ($87,000) or IT ($85,000) departments reported median salaries higher even than those reporting to the CEO. A reason for that might be that they are in larger organizations.
Geographic responsibility. Previous surveys have shown a close correlation between the number of locations managed and compensation, and this continues to be a key indicator in the 2005 survey. The highest earners had responsibility for facilities in more than one country; they had a median income of $106,000.
Those charged with security for multiple facilities within one state reported a median compensation of just $68,000. Compensation levels rose predictably and regularly as the number of facilities and geographic dispersal of those facilities increased.
Staff. Neither the total number of security staff in an organization nor the total number of security staff directly managed appears to have great impact on the median compensation of security professionals. Staff size has traditionally been a poor predictor of compensation and continues to be so in the 2005 results.
Budget. The size of the security budget, unlike the size of the security staff, is a significant factor in compensation. For example, the median compensation for a security professional heading a department with a budget of $10 million or more was $93,000, 6 percent more than someone managing a budget between $5 million and $10 million. And those with a $5 million to $10 million security budget earned 10 percent more than those with a $1 million to $4 million budget.
Experience in the field. When it comes to experience, the news is encouraging: If you pay your dues and develop expertise, you are likely to be compensated for it. In other words, the greater the experience in the security field, the higher the compensation.
Those just starting out (with one to five years of experience) earn a median of $63,000, and that trends upward over the years until those at the other end, with 30 to 39 years of experience, earn $88,000. Those with more than 40 years of experience in the security profession have a median compensation ($87,000) slightly lower than the preceding group, however.
Years with company. There is a striking difference between this year’s survey and last yesr’s with regard to the number of years the respondent has been at his or her current organization. In the 2004 survey, respondents with the fewest years with their current employer had higher median salaries than those with 6 to 10 and 11 to 19 years on the job. Such an uptick, accompanied by a high percentage of the response being in that 1 to 5 year category, suggested that various trends—IT, globalization, regulatory changes, and 9-11—had created new opportunities for many in the profession and that these people were negotiating higher salaries with new employers. The trend has noticeably smoothed out in this year’s survey, with a clean trend line from fewest to most years with current employer.
It is difficult to know what has led to the change from last year’s survey, but a couple of possibilities present themselves. One is that employers are more willing to financially reward existing security staff in order to encourage continuity in the position, but since there has not been a great increase overall in salaries, that may not be the most likely explanation for the evening out of the trend line.
The second, and seemingly more likely, explanation is that new hires are having less success at the negotiating table. That conclusion is supported by the data: the median compensation in the 0-to-5-year range dropped $500 from the 2004 survey.
Years in management. In addition to asking about general security experience, the survey queried respondents about their time in management positions. A similar correlation was found, though the medians were all higher, as would be expected.
Median salaries were $66,000 for those with 1 to 5 years of management experience, and they topped out at $94,000 for those with 30 to 39 years of management experience. The dip in median for those in management the longest was pronounced; these professionals earned $76,000.
Age. Respondents’ age hewed closely to the trends that prevailed with regard to years of experience in the field and years in management. One noteworthy exception is that there is no dip in the uppermost age bracket, as was seen in the experience categories.
About 2 percent of respondents were 20 to 29, and 18 percent fell in the 30 to 39 age group. A little more than one-third were 40 to 49 and about another third were 50 to 59. The remainder were 60-plus.
Certifications. The Certified Protection Professional (CPP) designation was by far the most common in the sample, held by 849 respondents (38 percent). With a median compensation of $84,000, CPPs earned 16 percent more than respondents holding no certification. An analysis of the data also shows that this difference in pay is not attributable merely to the age of those holding CPPs; the median age of CPPs (50) was just three years older than the median age of those holding no certification (47).
Another ASIS certification, the Physical Security Professional (PSP) designation, introduced little more than a year ago, is making its mark, with 89 respondents (or 4 percent) currently holding the designation and earning a median compensation of $75,000.
Another designation, held by approximately 5 percent of respondents, was Certified Fraud Examiner (CFE). These specialists were well rewarded for their knowledge, with a median compensation of $100,000.
Also well-rewarded for their expertise were security professionals with infosec designations. While only accounting for a small percentage of our total sample, those respondents holding CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional) designations earned median salaries of $117,000 and $115,000, respectively.
Academic credentials. Respondents reported a high level of academic achievement, which the profession appears to reward. More than 40 percent of the sample reported holding an undergraduate degree, and more than 22 percent hold a master’s.
Though a small fraction of the sample, respondents holding Ph.Ds and juris doctorates were the most highly compensated, earning median salaries of $129,000 and $127,000 respectively. Those holding master’s degrees had a median of $89,000, while those with undergraduate degrees came in at $80,000.
For respondents holding either undergraduate or master’s degrees, median compensation was higher for those with degrees in a discipline other than one specific to the profession such as criminal justice, security management, or law enforcement.
Respondents holding a high school degree or equivalent only constituted 6 percent of the respondents, but were notable for a higher median compensation ($60,000) than occurs in most professions.
Bonuses. All forms of compensation, including performance bonuses, profit sharing, and stock options are included in the total compensation rates reported throughout this article. Of these, performance bonuses are the most common method employers use to enhance base salaries. Nearly half (49.4 percent) of respondents reported receiving a performance bonus in 2004, up from 46.7 percent in 2003. Performance bonuses were also the most lucrative enhancement, with a median bonus of $7,000 in 2004.
Just how likely you are to receive a performance bonus appears to depend nearly as much on the type of company you work for as it does on how well you perform. In publicly held companies, 64 percent of respondents got bonuses, with the median bonus being $9,000. In privately held companies, that rate dipped to 54 percent, with a median bonus of $7,000.
In the government and law enforcement sectors, performance bonuses are more rare, and grow rarer still as the jurisdiction narrows. Some 36 percent of respondents working at federal government and law enforcement agencies were awarded bonuses, while just 21 percent of those at state agencies had received bonuses. For those in local government and law enforcement, the level dropped to 13 percent.
There is, however, an interesting side to the scarcity of bonuses at some levels of government: Performance bonuses grow fatter as they grow fewer. Federal agencies, which spread the wealth to more than a third of respondents, gave out a median performance bonus of just $2,000. State agencies awarded a median performance bonus four times as large, or $8,000. Local agencies, channeling performance bonuses to the select few, were able to award a median bonus of $12,000, higher than the overall median and six times as large as that given at the federal level.
In the private sector, the most significant factor in bonus structures appear to be the type of industry. In the information (65 percent), financial (69 percent), and wholesale and retail trade (78 percent) sectors, performance bonuses were awarded at far higher rates than the average. In professional and business services (28 percent), such bonuses were less common, and in education (4 percent) they were quite rare.
The security department’s place within the corporate structure appears to have some relationship to performance bonuses, with persons working in security departments organized under the finance (65 percent) or legal (65 percent) departments being more likely to receive bonuses than those in departments structured independently or under other business units.
Performance bonuses appear to have little correlation to the size of the company. Similarly, years in the security profession or in security management, academic achievement, age, or years in current position seem to have no relationship to the likelihood of receiving performance bonuses.
As this overview of the 2005 survey data shows, security professionals who move into management, developing expertise and earning certifications in their field of specialization along the way, are likely to be well compensated for their efforts. But where they fall along the continuum will depend as well on the sector, size, and financial success of the companies in which they ply their trade.
Mike Moran, projects editor for the ASIS Security Management Publishing Department, conducts the annual salary survey and analyzes the results, only portions of which are highlighted in this article.
The year 2005 marked the second time the survey has been open to all members of ASIS International within the United States for whom the Society has a valid e-mail address.
The survey was conducted online, from February 1 to February 28, 2005, on a secure server with identity and password challenges. Notices were posted on both the Security Management Web site and in other member print and electronic communications. More than 20,000 members who had provided their e-mail to ASIS International were sent an e-mail with a personalized hyperlink.
Participation was up by 33 percent from 2004, with 2,205 responding fully, including providing compensation data for two consecutive years. It is this two-year data that is used to compute the increase from year to year, a far more meaningful number than the random comparison of two unrelated groups of survey respondents—the approach typical in most surveys.
In recognition of the degree of their participation and the value of the results for the industry and the Society, participants were awarded one recertification point toward any ASIS International certification program (CPP, PSP, PCI) in which they currently held a designation.
Meaning of the median. The median, which we use here instead of the average, is the compensation at the midpoint of the range of all salaries. The average (which is the sum of all respondent salaries divided by the number of respondents) will be pulled higher by top-tier earners and can be misleading. Thus, the median is a better representation of the compensation of the group as a whole, while the average is instructive as an indicator of the earning potential of security professionals with the most highly valued characteristics. All numbers are rounded to the nearest thousand dollars.