Below is a list of the top paying certs for 2014 (including average salary amount).
The list is based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton, completed in October 2013.
After the list, I offer a few comments on some of the certs and the salaries.
1. Certified in Risk and Information Systems Control (CRISC) – $118,253
2. Certified Information Security Manager (CISM) – $114,844
3. Certified Information Systems Auditor (CISA) – $112,040
4. Six Sigma Green Belt – $109,165
5. Project Management Professional (PMP®) – $108,525
6. Certified Scrum Master – $107,396
7. Citrix Certified Enterprise Engineer (CCEE) – $104,240
8. Citrix Certified Administrator (CCA) for Citrix NetScaler – $103,904
9. Certified Ethical Hacker (CEH) – $103,822
10. ITIL v3 Foundation – $97,682
11. Citrix Certified Administrator (CCA) for Citrix XenServer – $97,578
12. ITIL Expert Certification – $96,194
13. Cisco Certified Design Associate (CCDA) – $95,602
14. Microsoft Certified Systems Engineer (MCSE) – $95,276
15. Citrix Certified Administrator (CCA) for Citrix XenDesktop – $95,094
For survey details, go here.
Other Certs in the Top 25
The article also lists other certs that were in the top 25. Here’s the 2 that I found most interesting:
(A) CISSP: Certified Information Systems Security Professional $114,287
(B) RHCSA: Red Hat Certified System Administrator $94,802
I added (A) & (B) so I could reference the certs below.
A Few Comments
A couple thoughts, based on my first reactions to the survey, as well as thoughts based on my past experience…
- What does this survey really tell you? What certifications are in demand in the US (remember, this survey occurred in the United States). Ignore the salary portion, as most of us are making less, some more. Averages are interesting, but that’s about it.
- I only know 2 people with such certs making that kind of money: CISM (#2) and MCSE (#14). Salaries differ based on locale, type of company, how long you’ve been at that company, other certs, etc.
- Having the CISA come in third shows the rising interest in IT auditing, which I highlighted in Top 10 Reasons to be an IT Auditor. Before you know it, IT auditing will become cool (ha ha).
- I have the CISA (#3) and I’m not making quite that much. Also, I’ve had the CISSP (B) for 8+ years, and when I made that much, it wasn’t due to the CISSP, but my management responsibilities.
- I was surprised that the RHCSA (B) didn’t make the top 15.
- I don’t understand the value in CRISC (#1) and ITIL (#10). Somebody help me out with this….
- I was surprised by the CEH. I’ve never seen much respect for that cert.
If you have one of these certs and you make the specified salary for it, or more, tell me about it.
Compare this list to previous lists I’ve written about:
Top 10 Pay-Boosting Tech Certifications (2010, Dice.com)
Top 10 IT Jobs (2010)
Check out my other posts on certification, and don’t miss How to Pass Certification Exams.
ITauditSecurity 
Hi Mack,
I recently discovered your blog while searching for materials on everything IT Auditing and must say it has been a great source of education.
I’m pretty new in this field, as I only started my training only 3-4 months ago. The information I have amassed till date is amazing, and its only getting more and more interesting as I uncover more secrets in this field.
I hold a B.sc in Political Science, M.sc in Business Communication. I haven’t had any prior experience in the IT industry, but have almost 6 years management experience. I’m strongly considering taking the CISA examination. However, I don’t know if I’m qualified to apply for certification if I happen to pass the exam.
Your advice and counsel would be highly appreciated in this issue. If you have the time, you could email me privately here: (email deleted)
Best regards,
Pete
LikeLike
Pete,
I don’t generally do private emails, so I’ll answer here.
For CISA qualifications, see ISACA.org. Basically, you need 3 years of experience in auditing, compliance, security, or control work. For some of that, college education can be substituted. The qualifications are more than just passing the exam.
I’d suggest you go ahead and study and take the exam and then your work requirement will catch up with you. Passing the exam will help your career, even though you can’t call yourself a ‘CISA’.
LikeLike
Thank you Mack. I think that works for me. I would go on and sign up for the exam, and if I pass will wait until I’m qualified for certification.
I appreciate your concern.
Best
LikeLike
Agree. CRISC is not so important, in fact it is unknown by most IT organizations with implemented risk management strategies.
I read with pleasure the entire publication, but the following sentence made me want to hug you:
“Before you know it, IT auditing will become cool (ha ha).”
LikeLike
Vivi,
Glad I gave you a chuckle. During a tough meeting this week regarding whether an IT fix would remediate an audit issue, one of the IT guys said to me, “I appreciate that you don’t back down.”
To which I replied, “Why should I? Everyone already hates me.”
And it’s also my job.
Yeah, I’m still waiting for cool….
LikeLike
Most people I know with the CRISC make that or more and have 20+ years of experience in IT, more than many so called CIO’s I have worked with. Your “in fact it is unknown by most IT organizations with implemented risk management strategies” confirms my experience as a Auditor and risk consultant, that most IT organizations that Think they have a modern risk management strategy, don’t.
LikeLike
:)
LikeLike
Do these certificates count if you dont have a BSC or MSC in computers?
LikeLike
Kevin,
Not sure what you mean by “count.” If you meet the requirements and pass the exam, you get the cert. That doesn’t means that if you get a certain cert, you WILL make the salary noted above.
The salaries are averages, based on who was surveyed and who responded. Many variables are involved that vary by employee, employer, industry, and area of the US. It is meant to give you an idea of what some people make with that cert. That’s all–an idea, not a guarantee.
The original article notes in conclusion: “If you’re looking to improve your skills (and your pay!), consider adding one or more of the certifications above.”
LikeLike
Hello, thanks for your reply.
I understand what you are saying but even though the salary is not guaranteed, having one of those certificates will more likely get you higher income than one who doesn’t have them (logically speaking).
Its relative though!
LikeLike
Agreed on both points. However, they never hurt you. And even if your pay does not increase, you have gained valuable knowledge.
LikeLike
What is always interesting is that people usually review these certification lists as a causality on salaries. It is especially promoted that way by the companies controlling the certs. What would be more revealing is a summary of salaries for people who ONLY had specific certifications. For example, I would expect the data for the individuals having the CRISC shows that they also have a number of other certifications (probably multiple others on the list) to go along with the CRISC; so, its not the CRISC alone that does it, but all the experience and other education of the type of people would persue a CRISC.
Similarly, it would be interesting to see salaries averages for certifications excluding individuals who were required to get the certification to keep their job due to internal company, regulatory requirements, or federal mandates. For example, what is the CISSP average outside of DoD (due to DoDI 8570 requirements). In these regulatory driven situations, you end up with people who normally may not have pursed such certifications at the point in their career basically skewing the data one way or another.
LikeLike
S,
Good points. In the end, if you’re getting a cert only for a salary increase, you’re only hurting yourself. Also, the final determination of salary, regardless of certs, is a combination of who you work for (industry and company size) and your skill/reputation/work ethic.
Most people don’t understand that a poor performer or smooth talker with many certs will eventually be found out. Certs can only fool managers for so long.
LikeLike
“I would expect the data for the individuals having the CRISC shows that they also have a number of other certifications” Too true, my boss has his CRISC. But also has his CISM and CISA :p Top 3.
LikeLike