How the Pandemic Has Boosted Some Tech Skills and Certifications

David Foote
Author: David Foote, Chief Analyst and Co-Founder, Foote Partners, LLC and ISACA conference speaker
Date Published: 24 February 2021

With the annus horribilus of 2020 now behind us, have tech certifications been affected by all the sturm und drang brought on by the double whammy of a pandemic and economic recession? The answer may surprise you.

New highly-validated data from 3,700 employers in our long-running IT Skills and Certifications Pay IndexTM (ITSCPI) reveals that the average cash pay premiums for 525 tech certifications remains at its lowest point in seven years, losing another 7% in market value in 2020. Faring better were 625 non-certified tech skills, which increased in average pay premiums last year despite stumbling in the second half of the year.

Recent events have clearly affected pay for tech professionals, and not just for skills and certifications: salaries on a national basis declined in 2020 for a full one-third of the job titles in our firm’s IT Professional Salary Survey - U.S. (40% of titles in the Canadian version). This has never occurred in our 26-year history of publishing these quarterly-updated IT salary surveys.

ISACA certifications also took a hit last year premium pay-wise but, interestingly, not during the summer and fall dog days of the COVID pandemic: the CGEIT and CRISC both bucked the trend, each showing impressive market value gains in the second half of the year.

COVID boosts demand for IT governance and risk management expertise
The performance of these two certifications and others is representative of a larger insight into how the pandemic and recession has suddenly propelled companies into fresh examinations of their IT governance structures and risk management at a critical time. In other words, there have been many positive impacts of this pandemic for businesses, and specifically for those now engaging in much-needed, long-overdue adjustments to their business models and operations driven by disruptive technologies.

In addition to the CGEIT certification earning lucky recipients of pay premium bonuses the equivalent of another 3% of base pay in the last half of 2020 (according to the ITSCPI), cash pay premiums for non-certified SAP GRC (Governance, Risk, and Compliance) skills increased 28.6%. A cluster of “IT governance” skills in our survey gained 14.3 percent in market value in the same period.

This is not an accident.

At its essence, IT governance provides a structure for aligning IT strategy with business strategy. And by following a formal framework, organizations can produce measurable results which, today, is de rigueur for businesses in transition. In the big picture, taking as gospel that in practical terms all companies have become tech companies, IT governance is an integral and critical part of overall enterprise governance..

What else is driving popularity in IT governance? More and more, it is regulations governing the protection of confidential information, financial accountability, data retention and disaster recovery, among others. Plus, during the pandemic and recession, companies are generally under more pressure than usual from shareholders, stakeholders and customers. This applies to both public- and private-sector organizations.

A formal, up-to-date IT governance program must be on the radar of any organization in any industry that needs to comply with regulations related to financial and technological accountability. It requires a lot of time, effort and especially expertise to implement a comprehensive IT governance program, and for that workers will continue to be rewarded with related skills and certifications pay premiums. 

There’s also GRC (governance, risk and compliance), which also incorporates security domains. While GRC is the parent program, what determines which framework is used is often the placement of the CISO and the scope of the security program. For example, when a CISO reports to the CIO, the scope of GRC is often IT-focused. When security reports outside of IT, GRC can cover more business risks beyond IT.

This is just one reason why risk management skills gained nearly 7% in market value in 2020 according to ITSCPI data, now averaging the equivalent of 16% of base salary in cash pay premium. Evaluating and managing risk is an obsession for most businesses; for others it is something to ignore at great peril to their future success. The field of risk analytics and evaluation has entered its prime: recent projections put the global fraud detection and prevention market at US$106.71 billion by 2027, up from $19.82 billion in 2019.

The spike in interest for non-certified skills in our survey is, in part, motivated by the prevention of misappropriation of assets, bribery and corruption, fraud, data theft or money laundering in financial services, government, and public utilities. Many employers are rewarding people who can incorporate data and insights from many sources to better identify, measure, and mitigate risk.

But there’s more to this growth in risk management skills demand: it’s the way the pandemic has accelerated business investment and development in artificial intelligence/machine learning, advanced data analytics, distributed cloud, edge computing, mobile computing, Internet of Everything, blockchain, and all manner of disruptive digital transformation.

Most of these technologies are exposing companies to an astronomically higher level of cyber risk, especially the surge in cloud computing. Without the cloud, businesses could not have sent millions of workers home, maintained global supply chains, or shifted entire industry business models in a matter of weeks as COVID quickly spread.

To secure their companies’ ability to work remotely, many IT teams have expedited the move to the cloud and SaaS applications with less reliance on on-premise infrastructure. Transitioning to cloud platforms also opens organizations up to new compliance hurdles. Enterprises can work around these compliance and data protection challenges through innovations like ;microsharding across multiple cloud locations and strengthening their encryption practices. Equally important is to consider adopting the DevSecOps development methodology as cloud applications and employers transition from siloed teams to cross-functional DevOps teams.

Therefore, it’s no wonder that in the most recent ITSCPI quarterly data update, the CRISC certification is earning some recipients premium pay amounting to the equivalent of between 8 and 13% percent of base salary, gaining 10% in market value in the last half of 2020. Professionals holding this certification have a greater understanding of information technology risks and how they impact an entire organization; can help their employers devise plans and strategies for mitigating those risks; and are able to facilitate communication and understanding between their IT groups and stakeholders.

More hot certifications for 2021
Interviews with hundreds of employers plus growth vector data in our IT Skills and Certifications Pay IndexTM also point to the following security-related certifications as good job and career investments for 2021:

  • Certified Information Systems Auditor
  • Certified Scrum Product Owner
  • Cisco Certified CyberOps Associate
  • Cisco Certified Network Associate (Routing and Switching)
  • Cisco Certified Network Associate (Cloud)
  • Citrix Certified Expert - Networking
  • CompTIA Cybersecurity Analyst+
  • EC-Council Certified Encryption Specialist
  • EC-Council Certified Security Analyst
  • GIAC Certified Forensics Analyst
  • GIAC Certified Incident Handler
  • GIAC Certified Intrusion Analyst
  • GIAC Certified Penetration Tester
  • Linux Professional Institute certifications
  • PMI Certified Associate in Project Management
  • Red Hat Certified Systems Administrator
  • Six Sigma Master Black Belt

We are in a pandemic that has dramatically altered the business and tech landscape, and stressed business and operating models to the point of breaking in some cases. As we come out of the pandemic, and depending on the macroeconomic shape of things, these landscapes will be altered again, all rolling up to still another new normal as yet not fully known. One thing that is certain: Never before have IT governance, risk management and cybersecurity skills, knowledge, and expertise been more valuable and in-demand.