Why pay for tech certifications is declining

New highly-validated data from 3,305 employers reveals that the average cash market value for hundreds of tech certifications is at its lowest point since 2015.

downward trend hot and cold up and down crash man with graph
Thinkstock

There’s always been a tug of war within employers about hiring tech people with skill certifications versus those who have learned by experience on the job. Eventually the question of comparable pay arises, shining a light on whether certification is a valid factor when measuring a worker’s value or potential on the job. And if it isn’t, then how should employers be assessing skills competence?  

Historic pay disparities between certified and non-certified tech skills  

The fact is, employers have for many years been willing to cash pay premiums for both certified and non-certified skills typically above and beyond base salary. Foote Partners has been surveying and reporting this data since 2000. Until 2007 certified skills were earning more on average than non-certified skills, but beginning in mid-2007 this trend reversed. The gap in pay premiums between the two since then has widened with 551 non-certified skills now earning, on average, the equivalent of nearly 2% of base salary more than 446 tech certifications the firms tracks on a quarterly basis from data collected regularly from 3,305 employers.

Certifications had a very long run of consistently losing overall value from late 2006 to 2012. These were dark years marked by charges of fraud in the certifications testing business and a prevailing opinion by many that certifications were simply too easy to attain, in particular those that vendors offer to support their product lines. Technology vendors and vendor-independent certifying organizations fought back by adding real-time labs, peer review panels, and prerequisites to their qualifications.

It seemed to work, as certifications pay began to rise although not nearly to the level of non-certified skills premiums, often for the same technologies. More and more management, process, and methodology skills and certifications gained popularity in the growth years for both intermediate and advanced skill levels, and pay continued to rise for both segments until about two years ago. 

pay for tech certifications is declining Foote Partners LLC

Declining certification market value       

Average pay premiums for tech certifications recorded in the long running IT Skills and Certifications Pay IndexTM (ITSCPI) decreased in the last quarter of 2018, down 1.8 percent overall. They’ve lost 2.4 percent of their value in calendar year 2018 and nearly 3 percent over the last two years. In the last three months of 2018 alone, 57 certifications recorded cash pay premium losses against only 17 gaining value.

Meanwhile cash pay premiums for non-certified skills increased 0.6% overall in October/November/December with 87 recorded pay premium gains while 72 non-certified skills list  market value. Pay gains have been consistently higher in most quarters in each of the past three years.

The marketplace for certifications may decline for a number of obvious and not so obvious reasons. Pay premiums will diminish as certifications expire, are retired, or when they’re replaced with more appropriate certifications as technology evolves. Also, there remains a lingering bias that passing a proctored exam does not necessarily confer onto the test taker expertise in a subject, especially when the pass rate is only 70 percent correct answers. Adding laboratory requirements only works if the labs are sufficient tests of a candidate’s capabilities in the real world.

But in a counter intuitive twist, it’s just as often their popularity that drives down pay premiums. As interest in a certification escalates and more people attain the certification the gap between supply and demand for the certification narrows, driving down its market value as the laws of scarcity would dictate. This has been documented in the case of dozens of certifications over the almost two decades of Foote Partners tracking and reporting their market values.

Perhaps the most common reason for certification values falling is a fundamental weakness that persists in the certification industry: a vast number of popular tech skills simply do not have a certification available. No vendor owns the particular tech with products that are supported by certification training necessary to ensure sales and upgrade investments.

Certifications have traditionally been attached to infrastructure (networking, systems, security), architecture, and processes (e.g., project management, frameworks and methodologies). Non-certified skills are found in greater numbers than certifications in programming and applications development, web, database, and also in management, process, and methodology segments. Employers can arguably more easily devise their own ways to judge proficiency in these areas such as coding testing, past experience, consulting-to-hire staffing practices, and robust internal training and development programs.  

And what about so-called ‘soft’ skills?  Employers are often just willing as recognize their value with pay premiums if not via salary, especially if they are combined with hard tech skills and industry, domain, or customer knowledge and experience.

High flying tech certifications losing the most value in 2018

Below are tech certifications that meet two criteria: currently earning well above-average pay but recording substantial declines in market value in the last six months of 2018. Unless otherwise indicated these certifications are adjusting to market forces as explained above.

INFO / CYBERSECURITY CERTIFICATIONS

GIAC Security Leadership Certification (GSLC)
Average Pay Premium: 12 percent of base salary equivalent
Market Value Decrease: -29.4 percent (in the past six months through January 1, 2019)          

The GSLC targets security professionals with managerial or supervisory responsibility for information security staff. Certification holders’ knowledge includes have an understanding of risks of 802.11 wireless networks and how to secure them, access control and password management, building a security awareness program, and cryptography applications, VPNs and IPSec. This certification is awarded with a passing score of 68% on a 115-question proctored exam. We believe employers require a lot more than an exam to assess leadership abilities in today’s info/cybersecurity field and this is contributing to not only losses in market value in this certification but management-level security solutions certifications such as the ISSAP and ISSMP below.

Information Systems Security Architecture Professional (ISSAP/CISSP)
Information Systems Security Management Professional (ISSMP/CISSP)

Average Pay Premium: 12 percent of base salary equivalent
Market Value Decrease: -14.3 percent (in the past six months through January 1, 2019)         

The ISSAP allows Certified Information Systems Security Professionals (CISSPs) to concentrate further in information security architecture and stresses the following elements of the CBK: Access control systems and methodologies;

telecommunications and network security; cryptography; requirements analysis and security standards, guidelines and criteria; technology-related business continuity and disaster recovery planning (BCP and DRP); physical security integration. 

The ISSMP lets CISSPs concentrate further in security management areas and stresses the following elements of the CBK: Enterprise security management practices; enterprise-wide system development security; overseeing compliance of operations security; understanding BCP, DRP and continuity of operations planning (COOP); law, investigations, forensics and ethics.

EC-Council Computer Hacking Forensic Investigator (CHFI)
Average Pay Premium: 11 percent of base salary equivalent
Market Value Decrease: -26.7 percent (in the past six months through January 1, 2019)          

Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Such techniques have become ubiquitous in law enforcement, defense, military, information technology, law, banking and insurance, among others. as computer forensic investigators draw on an array of methods for discovering data that reside in a computer system or recovering deleted, encrypted, or damaged file information known as computer data recovery.

The Computer Hacking Forensic Investigator is one of the oldest, most popular of these certifications, attracting a lot of certificants to the program which has narrowed the supply/demand gap. Also putting pressure on demand for the CHFI has been competing certifications   Certified Forensic Computer Examiner, Certified Computer Examiner, GIAC Certified Forensic Analyst, and GIAC Certified Forensic Examiner.

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Average Pay Premium: 10 percent of base salary equivalent
Market Value Decrease: -23.1 percent (in the past six months through January 1, 2019)

The GIAC Exploit Researcher and Advanced Penetration Tester targets security personnel whose job duties involve assessing target networks, systems and applications to find vulnerabilities. It certifies that candidates have the knowledge, skills, and ability to conduct advanced penetration tests, how to model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws.

Certified Healthcare Information Security and Privacy Practitioner (HCISPP- ISC)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -18.2 percent (in the past six months through January 1, 2019)

The healthcare industry is expected to be one of the fastest growing employment sectors for the next decade. Protecting networked systems and devices and securing patient information are already tough enough challenges but they will get even more intense as regulation evolves and the aging population demographics create more demand for services. Right now, healthcare employers are desperately searching for experienced healthcare tech professionals and eagerly investing in training and development. For those employers convinced that certifications are useful for qualifying talent, there are a few vendor-independent healthcare certifications they can turn to:

  • Certified Associate/Professional in Healthcare Information & Management Systems (CAHIMS, CPHIMS)
  • Certified Healthcare Technology Specialist (CHTS)
  • Registered Health Information Administrator (RHIA)
  • Registered Health Information Technician (RHIT)

For healthcare security skills the clear winner has been the Certified Healthcare Information Security and Privacy Practitioner certification from (ISC)² which experienced a spike in market value with initial demand that has now begun to level off in our compensation surveys. This certification combines cybersecurity skills with privacy best practices and techniques. It identifies people with the knowledge and ability to implement, manage and assess security and privacy controls to protect healthcare organizations using policies and procedures established by (ISC)². There are work experience prerequisites and an endorsement process that must be met to sit for a three-hour exam but answering at least 70% of the questions correctly will secure the certification. The exam tests six domains including third-party risk management, information governance, and healthcare regulatory environment.

The HCISPP is appropriate for several job functions including: Risk Analyst; Privacy Officer; Privacy and Security Consultant; Practice Manager; Medical Records Supervisor; Information Technology Manager; Information Security Manager; Health Information Manager; Compliance Officer; Compliance auditor.

Check Point Certified Security Administrator (CCSA)
Average Pay Premium:
 9 percent of base salary equivalent
Market Value Decrease:
 -18.2 percent (in the past six months through January 1, 2019)         

The Check Point Certified Security Administrator certification is for individuals who maintain day-to-day operation of Check Point security solutions and ensure secure access to information across the network. Proficiencies include creating and installing security policies, using logging and reporting features, and managing anti-spoofing, Network Address Translation (NAT), and OPSEC applications.  It validates the ability to install, configure, and manage Check Point Security Gateway and Management Software Blade systems on the GAiA operating system.

ARCHITECTURE CERTIFICATIONS:

Open Group Certified IT Specialist (Open CITS)
Average Pay Premium: 11 percent of base salary equivalent
Market Value Decrease: -26.7 percent (in the past six months through January 1, 2019)          

Open Group Certified Architect (Open CA)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -30.8 percent (in the past six months through January 1, 2019)          

1 2 Page 1
Page 1 of 2
Survey says! Share your insights in our 19th annual State of the CIO study