1. PMP: Project Management Professional – $105,750
2. CISSP: Certified Information Systems Security Professional – $103,299
3. MCSD: Microsoft Certified Solutions Developer – $97,849
4. MCDBA: Microsoft Certified Database Administrator – $95,950
5. CCDA®: Cisco Certified Design Associate – $94,799
6. MCAD: Microsoft Certified Application Developer – $93,349
7. VCP-DV: VMware Certified Professional Datacenter Virtualization – $92,400
8. CNE: Certified Novell Engineer – $91,350
9. ITIL v3 Foundation – $90,900
10. CCA: Citrix Certified Administrator – Citrix XenServer 6 – $90,850
11. MCITP: Database Administrator – $90,200
12. MCTS: SQL Server 2005 – $90,100
13. MCT: Microsoft Certified Trainer – $89,949
14. CCNP®: Cisco Certified Network Professional – $89,749
15. CCA: Citrix Certified Administrator – Citrix XenDesktop 5 – $89,499

So, the above figures are what certification holders have reported to be making this year. And here’s another set of certifications, which Techrepublic had projected in the beginning of the 2013:

1. MCSA (Microsoft Certified Solutions Associate) – Salary Range: $52,000 to $115,000
2. MCSE: Private Cloud – Salary Range: $52,000 to $102,000
3. PMP (Project Management Professional) – Salary Range: $65,000 to $93,000
4. VCP (VMware Certified Professional) – Salary Range: $59,000 to $80,000
5. CISSP (Certified Information Systems Security Professional) – Salary Range: $65,000 to $111,000

 Now, what conclusions can we draw out of 2013?

First of all, ITIL, CISSP, PMP, fancy upper level Microsoft certifications and cloud-based certifications are definitely worth looking into. If you are building your Cisco career, be prepared that your hard-earned CCNA certification won’t pay as high as you could hope for. Yet, your salary will grow as you keep moving up the Cisco ladder. And, given the fact that Cisco has given a massive revamp its certifications this year and stepped up the CCENT/CCNA exam difficulty, we expect the salary level for these candidates to grow next year.

If you are looking at these certifications and paths trying to figure out the direction to take your IT career in 2014, we suggest that besides looking at figures and trends (which are no doubt important), you listen to yourself and do your best focusing on something you really like, the area that is close to your heart and your mindset. And may this be our wish to you for 2014 and beyond:

According to Techrepublic.com, CISSP was one of top 5 in-demand IT certifications for 2013, with salary ranging from $65,000 to $111,000. Another source states CISSP the second most paid IT certification this year, with average salary being $103,299. In case you haven’t heard much about the CISSP, let’s shed some light on it. Who knows, it may be your next step towards a rewarding career in the information security.

(ISC)² is a not-for-profit  organization that focuses on educating and certifying information security professionals throughout their careers, and its certifications are considered to be the gold standard of information security. To put it short, they’ve got the history and the experience to back their reputation of information security knowledge leaders.

CISSP is a professional level certification. To quality for it, you possess at least five years of direct full-time security work experience in two or more of the ten (ISC)² information security domains (CBK). For those holding either a four-year college degree, a Master’s degree in Information Security, or for possessing one of a number of other certifications from other organizations, one year of professional experience can be waived.

You’ll have to pass a 6-hour written exam at a Pearson Vue training center. So succeed, candidates need to reach a minimum scaled score of 700 points out of 1000 possible points. With the total of 250 multiple choice questions, the exam includes 25 experimental questions that aren’t graded.

ISC’s CISSP exam covers the following domains:

• Access control
• Telecommunications and network security
• Information security governance and risk management
• Software development security
• Cryptography
• Security architecture and design
• Operations security
• Business continuity and disaster recovery planning
• Legal, regulations, investigations and compliance
• Physical (environmental) security

Full exam outline (over 40 page PDF) is available for free from the ISC website.

Are you interested? Take a look at the ISC website, and we’ll go into more detail about this 6 hour written exam next week.

So, let’s look at it closer

To make sure we’re on the same page, let’s start with the definitions. Ethical hacker is a qualified individual, usually hired by an organization to discover its online security vulnerabilities and threats by trying to penetrate networks and computer systems. By using the same methods as hackers, which are now more and more commonly called ‘Black Hat Hackers’ to make the distinction, ethical hackers ensure the system is free of vulnerabilities and potential threats. Ethical hackers’ jobs are on all times high now, with everyone from the White House and Ministry of Defense to your local bank striving to ensure stability of their computer systems and security of their data.

So, how do you become an ethical hacker?

Needless to say that hacking your high school’s online system is far from being enough to get the job. Moreover, unethical practices can close these doors for you forever (we’ll talk about unethical hacking later). Yet, officially your career would start with passing a CEH (Certified Ethical Hacker) exam. To acquire the necessary knowledge, you may choose to either attend training at an accredited training center or self-study.

Should you opt for the latter, you will need to prove at least 2 years of information security work experience. If you don’t have the experience, your application may still be considered on the ad-hoc basis, yet, let’s face it: how can you be an ethical hacker with no infosec/IT experience? We strongly advise that you take a job in this field just to get some experience if you feel that being an ethical hacker is your calling.

Experienced professionals also recommend that candidates hold at least some basic IT Certifications: A+ and, preferably, Network+ or CCNA once you acquire more hands-on experience. Ideal candidates would also have a Security+ or a CISSP Certification under their belt.

Now back to the exam. The CEH Exam (with the currently used version being EC Council’s exam 312-50), has 125 multiple choice question, with the passing score being 70%. You’ll be given 4 hours to complete the exam. In the US, the exam is administered at EC-Council Accredited Training Centers, Pearson VUE, or Prometric testing centers.

Even if you do not see yourself as a full-time Ethical Hacker in the future and prefer to stick to a conventional information security career, taking the CEH exam may still be a smart career step for you. This certification helps professionals like you take an out-of-the-box look at the dark side of computer network security by unveiling the mindset, methodologies, and tools of a hacker.

What to keep in mind while you’re on your way…

If you do envision yourself as an Ethical Hacker, you are most likely tempted to go and ‘do it ‘ – hack something, get past some security levels, etc. – ethically or not. While this drive definitely proves that you have made a right career choice, resist the temptation of any illegal activity. Even small and seemingly innocent hacks can prevent you from pursuing your dream.

You can definitely play around with hacking your own website or a wifi network, but if you want to test your skills on someone else’s systems, be sure to get their written permission.

While you are on the way to your White Hat Hacker career, where you are staying on the light side, we trust, you may want to consider studying the hackers’ mindset. As exciting, fun and challenging as an Ethical Hacker’s job may seem to be, it’s still a job. And after a while, people tend to fall into pattern, keep doing what they do well… and lose their edge. The ‘Black Hat Hackers’, however, never lose their edge as they have a strong motivation of breaking in. So, you need to learn to think the way they think, to predict their steps, and… wear your white hat of Ethical Hacker with dignity and success.