All 2024 compensation surveys updated on JANUARY 1, APRIL 1, JULY 1, AND OCTOBER 1

Why pay for tech certifications is declining

New highly-validated data from 3,305 employers reveals that the average cash market value for hundreds of tech certifications is at its lowest point since 2015.

Vero Beach, FL - January 28, 2019 - There’s always been a tug of war within employers about hiring tech people with skill certifications versus those who have learned by experience on the job. Eventually the question of comparable pay arises, shining a light on whether certification is a valid factor when measuring a worker’s value or potential on the job. And if it isn’t, then how should employers be assessing skills competence?  

Historic pay disparities between certified and non-certified tech skills  

The fact is, employers have for many years been willing to cash pay premiums for both certified and non-certified skills typically above and beyond base salary. Foote Partners has been surveying and reporting this data since 2000. Until 2007 certified skills were earning more on average than non-certified skills, but beginning in mid-2007 this trend reversed. The gap in pay premiums between the two since then has widened with 551 non-certified skills now earning, on average, the equivalent of nearly 2% of base salary more than 446 tech certifications the firms tracks on a quarterly basis from data collected regularly from 3,305 employers.

Certifications had a very long run of consistently losing overall value from late 2006 to 2012. These were dark years marked by charges of fraud in the certifications testing business and a prevailing opinion by many that certifications were simply too easy to attain, in particular those that vendors offer to support their product lines. Technology vendors and vendor-independent certifying organizations fought back by adding real-time labs, peer review panels, and prerequisites to their qualifications.

It seemed to work, as certifications pay began to rise although not nearly to the level of non-certified skills premiums, often for the same technologies. More and more management, process, and methodology skills and certifications gained popularity in the growth years for both intermediate and advanced skill levels, and pay continued to rise for both segments until about two years ago. 

Declining certification market value       

Average pay premiums for tech certifications recorded in the long running IT Skills and Certifications Pay IndexTM (ITSCPI) decreased in the last quarter of 2018, down 1.8 percent overall. They’ve lost 2.4 percent of their value in calendar year 2018 and nearly 3 percent over the last two years. In the last three months of 2018 alone, 57 certifications recorded cash pay premium losses against only 17 gaining value.

Meanwhile cash pay premiums for non-certified skills increased 0.6% overall in October/November/December with 87 recorded pay premium gains while 72 non-certified skills list  market value. Pay gains have been consistently higher in most quarters in each of the past three years.

The marketplace for certifications may decline for a number of obvious and not so obvious reasons. Pay premiums will diminish as certifications expire, are retired, or when they’re replaced with more appropriate certifications as technology evolves. Also, there remains a lingering bias that passing a proctored exam does not necessarily confer onto the test taker expertise in a subject, especially when the pass rate is only 70 percent correct answers. Adding laboratory requirements only works if the labs are sufficient tests of a candidate’s capabilities in the real world.

But in a counter intuitive twist, it’s just as often their popularity that drives down pay premiums. As interest in a certification escalates and more people attain the certification the gap between supply and demand for the certification narrows, driving down its market value as the laws of scarcity would dictate. This has been documented in the case of dozens of certifications over the almost two decades of Foote Partners tracking and reporting their market values.

Perhaps the most common reason for certification values falling is a fundamental weakness that persists in the certification industry: a vast number of popular tech skills simply do not have a certification available. No vendor owns the particular tech with products that are supported by certification training necessary to ensure sales and upgrade investments.

Certifications have traditionally been attached to infrastructure (networking, systems, security), architecture, and processes (e.g., project management, frameworks and methodologies). Non-certified skills are found in greater numbers than certifications in programming and applications development, web, database, and also in management, process, and methodology segments. Employers can arguably more easily devise their own ways to judge proficiency in these areas such as coding testing, past experience, consulting-to-hire staffing practices, and robust internal training and development programs.  

And what about so-called ‘soft’ skills?  Employers are often just willing as recognize their value with pay premiums if not via salary, especially if they are combined with hard tech skills and industry, domain, or customer knowledge and experience.

High flying tech certifications losing the most value in 2018

Below are tech certifications that meet two criteria: currently earning well above-average pay but recording substantial declines in market value in the last six months of 2018. Unless otherwise indicated these certifications are adjusting to market forces as explained above.


GIAC Security Leadership Certification (GSLC)
Average Pay Premium: 12 percent of base salary equivalent
Market Value Decrease: -29.4 percent (in the past six months through January 1, 2019)          

The GSLC targets security professionals with managerial or supervisory responsibility for information security staff. Certification holders’ knowledge includes have an understanding of risks of 802.11 wireless networks and how to secure them, access control and password management, building a security awareness program, and cryptography applications, VPNs and IPSec. This certification is awarded with a passing score of 68% on a 115-question proctored exam. We believe employers require a lot more than an exam to assess leadership abilities in today’s info/cybersecurity field and this is contributing to not only losses in market value in this certification but management-level security solutions certifications such as the ISSAP and ISSMP below.

Information Systems Security Architecture Professional (ISSAP/CISSP)
Information Systems Security Management Professional (ISSMP/CISSP)

Average Pay Premium: 12 percent of base salary equivalent
Market Value Decrease: -14.3 percent (in the past six months through January 1, 2019)         

The ISSAP allows Certified Information Systems Security Professionals (CISSPs) to concentrate further in information security architecture and stresses the following elements of the CBK: Access control systems and methodologies;

telecommunications and network security; cryptography; requirements analysis and security standards, guidelines and criteria; technology-related business continuity and disaster recovery planning (BCP and DRP); physical security integration. 

The ISSMP lets CISSPs concentrate further in security management areas and stresses the following elements of the CBK: Enterprise security management practices; enterprise-wide system development security; overseeing compliance of operations security; understanding BCP, DRP and continuity of operations planning (COOP); law, investigations, forensics and ethics.

EC-Council Computer Hacking Forensic Investigator (CHFI)
Average Pay Premium: 11 percent of base salary equivalent
Market Value Decrease: -26.7 percent (in the past six months through January 1, 2019)          

Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Such techniques have become ubiquitous in law enforcement, defense, military, information technology, law, banking and insurance, among others. as computer forensic investigators draw on an array of methods for discovering data that reside in a computer system or recovering deleted, encrypted, or damaged file information known as computer data recovery.

The Computer Hacking Forensic Investigator is one of the oldest, most popular of these certifications, attracting a lot of certificants to the program which has narrowed the supply/demand gap. Also putting pressure on demand for the CHFI has been competing certifications   Certified Forensic Computer Examiner, Certified Computer Examiner, GIAC Certified Forensic Analyst, and GIAC Certified Forensic Examiner.

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
Average Pay Premium: 10 percent of base salary equivalent
Market Value Decrease: -23.1 percent (in the past six months through January 1, 2019)

The GIAC Exploit Researcher and Advanced Penetration Tester targets security personnel whose job duties involve assessing target networks, systems and applications to find vulnerabilities. It certifies that candidates have the knowledge, skills, and ability to conduct advanced penetration tests, how to model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws.

Certified Healthcare Information Security and Privacy Practitioner (HCISPP- ISC)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -18.2 percent (in the past six months through January 1, 2019)

The healthcare industry is expected to be one of the fastest growing employment sectors for the next decade. Protecting networked systems and devices and securing patient information are already tough enough challenges but they will get even more intense as regulation evolves and the aging population demographics create more demand for services. Right now, healthcare employers are desperately searching for experienced healthcare tech professionals and eagerly investing in training and development. For those employers convinced that certifications are useful for qualifying talent, there are a few vendor-independent healthcare certifications they can turn to:

  • Certified Associate/Professional in Healthcare Information & Management Systems (CAHIMS, CPHIMS)
  • Certified Healthcare Technology Specialist (CHTS)
  • Registered Health Information Administrator (RHIA)
  • Registered Health Information Technician (RHIT)

For healthcare security skills the clear winner has been the Certified Healthcare Information Security and Privacy Practitioner certification from (ISC)² which experienced a spike in market value with initial demand that has now begun to level off in our compensation surveys. This certification combines cybersecurity skills with privacy best practices and techniques. It identifies people with the knowledge and ability to implement, manage and assess security and privacy controls to protect healthcare organizations using policies and procedures established by (ISC)². There are work experience prerequisites and an endorsement process that must be met to sit for a three-hour exam but answering at least 70% of the questions correctly will secure the certification. The exam tests six domains including third-party risk management, information governance, and healthcare regulatory environment.

The HCISPP is appropriate for several job functions including: Risk Analyst; Privacy Officer; Privacy and Security Consultant; Practice Manager; Medical Records Supervisor; Information Technology Manager; Information Security Manager; Health Information Manager; Compliance Officer; Compliance auditor.

Check Point Certified Security Administrator (CCSA)
Average Pay Premium:
 9 percent of base salary equivalent
Market Value Decrease:
 -18.2 percent (in the past six months through January 1, 2019)         

The Check Point Certified Security Administrator certification is for individuals who maintain day-to-day operation of Check Point security solutions and ensure secure access to information across the network. Proficiencies include creating and installing security policies, using logging and reporting features, and managing anti-spoofing, Network Address Translation (NAT), and OPSEC applications.  It validates the ability to install, configure, and manage Check Point Security Gateway and Management Software Blade systems on the GAiA operating system.


Open Group Certified IT Specialist (Open CITS)
Average Pay Premium: 11 percent of base salary equivalent
Market Value Decrease: -26.7 percent (in the past six months through January 1, 2019)          

Open Group Certified Architect (Open CA)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -30.8 percent (in the past six months through January 1, 2019)    

TOGAF 9 Certified
Average Pay Premium: 10 percent of base salary equivalent
Market Value Decrease: -33.3 percent (in the past six months through January 1, 2019)         

Enterprise information technology architecture (EA) had its heyday in the mid-1990s with the development of the Open Group Architecture Framework (TOGAF). EA certifications showed up soon after and achieved popularity as employers struggled to qualify talent in high level design and modeling of architecture solutions. But despite the obvious value of architecture solutions in the four domains targeted by TOGAF (business, data, applications, and technical architecture), EA proved to be a tough sell from a budget and management perspective. The ROI in IT enterprise architecture is rarely short term; as economic recessions hit businesses in the 2000s it placed tech-related budgets under agonizing scrutiny. This presented setbacks for EA with its traditionally longer, more complex or ambiguous payback track record.

Today the enterprise architecture profession is undergoing a massive transition in response to the plethora of disruptive technologies now driving businesses, such as artificial intelligence and myriad digital innovations. Likewise, The Open Group is struggling to stay current and so are its certifications including the Open Group Certified IT Specialist, Open Group Certified Architect, and TOGAF 9 certification that have all found their way onto this list of declining certs.

The Open Group Certified IT Specialist program is designed to verify the existence of those qualities and skills in a professional that enable the effective development, implementation and operation of IT solutions. Three levels of certification are available depending on the length and characteristics of the IT Specialist's experience: Distinguished, Master, and base level. At the lowest level, Certified IT Specialist, the certified professional is able to perform as a contributing Specialist with assistance/supervision, with a wide range of appropriate skills. The program requires applicants to demonstrate skills and experience against a set of conformance requirements through written applications and peer interviews. There are no training courses to attend, and no written exams to complete

There are two different routes to the Open Group IT Specialist certification, but the certification criteria are the same for both:

  • Via Direct Certification: Application is made directly to The Open Group by individual practitioners as well as to IT Specialists working in companies or organizations that do not have an Accredited Certification Program.
  • Via Accredited Certification Programs (ACPs): IT Specialists applying for certification via an ACP must be employees of the accredited organization. Application is made through the ACP.

The Open Group Certified Architect certification is designed to validate the existence of those qualities and skills in a professional that enable the effective practice of IT architecture. The program is skills and experience-based and goes beyond validating the mastery of any specific knowledge base.

The program includes a framework for accreditation of third parties to establish IT Architect certification programs affiliated to The Open Group. The framework of accreditation and certification is specifically intended to standardize the process and criteria for IT Architect professional certification and establish a foundation for the required skills and experience necessary to achieve such a distinction. The program was designed to be flexible and extensible so that the framework may be adopted by any industry, country, or organization.

The TOGAF 9 certification qualifies people who demonstrate knowledge and understanding of the Body of Knowledge covered by the Open Group Architecture Framework described earlier. Qualification is achieved through passing two exams, following a course of self-study or attendance at an Accredited Training Course. It’s only a framework, however. Successful EA results transcend a simple framework. It’s been argued by some critics that enterprise architecture is built on pragmatic common-sense ideas and rarely resemble actual TOGAF recommendations. In other words, TOGAF does not define EA practice and getting TOGAF-certified does not guarantee a successful career to an EA practitioner, and this has influenced pay premium performance for this certification. Certified Technical Architect (CTA)
Average Pay Premium: 10 percent of base salary equivalent
Market Value Decrease: -28.6 percent (in the past six months through January 1, 2019)          

Salesforce architect credentials comprise three tiers of certification that recognize specialized knowledge and skills, as well as growing expertise in the Salesforce platform. The Salesforce Technical Architect credential is the pinnacle certification for those who demonstrate the knowledge, skills, and capabilities to design and build high-performance technical solutions on the Salesforce platform across all areas of domain expertise. The Salesforce Technical Architect possesses broad knowledge across multiple development platforms and draws on their skills and experience to assess customer requirements and architecture in order to design secure, high-performance technical solutions that maximize the potential of the Salesforce platform.


VMware Certified Design Expert – Cloud Mgt and Automation (VCDX-CMA)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -25.0 percent (in the past six months through January 1, 2019)          

The Vmware Certified Design Expert in Cloud Management and Automation (VCDX-CMA) is the highest level of certification offered for Vmware Cloud Management Platforms, including vRealize Automation enterprise design and deployments. It’s part of the overall Vmware Certified Design Expert program that proves top-level skills in gathering and interpreting requirements, and planning, creating, documenting, and testing an implementable design. Earning the VCDX-CMA certification validates skills in designing, planning, and integrating world-class Vmware vSphere and vCloud Management and Automation solutions and driving business value through Vmware Cloud Management platforms.

To attain VCDX certification is a three-step process. First, the candidate must develop a customer-facing enterprise design and deployment plan and strategy, including comprehensive logical and physical models and implementation, installation, operating and testing guidance. Then they must submit the design portfolio that includes all aspects of a full strategic and deployable cloud management platform design and have it approved by a three-person panel. Finally, the candidate must defend the design in-person to a three-person panel and validate technical, design and critical thinking skills.


Professional in Project Management (PPM - GAQM)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -18.2 percent (in the past six months through January 1, 2019)     

The Global Association for Quality Management claims their project management certifications cover a broader perspective when compared with other PM course designs: “a blend of knowledge and experience, written by experienced Project Managers and Directors who have more than three decades of experience in managing and directing projects.”  The Professional in Project Managementcertification comprises several project management modules including how to plan, execute, control and complete projects. The core focus is on key trends in managing projects and demands on the project managers and includes project schedules; developing project measures and approaches to project control; and how to develop, lead and motivate project teams. This designation is targeted towards intermediate to experienced Project Managers, who are involved in risk and crisis management, and who are involved in the day to day management of projects.

Citrix Certified Administrator - Networking (CCA)
Average Pay Premium: 9 percent of base salary equivalent
Market Value Decrease: -18.2 percent (in the past six months through January 1, 2019)

The Citrix Certified Administrator – Networking certification is designed for Citrix Gateway architects, engineers and administrators and validates knowledge and skills needed to administer enterprise environments of the Citrix Gateway to secure remote access to desktops, applications and data.