Our annual salary is a large part of what defines us and our satisfaction with our careers. How much do you make in a year? What should your job pay? You may be earning too little for all the experience you have. Or, more so, maybe you’re earning too little for all that hard work you put forth to obtain that certification and/or college degree. Certification Magazine’s 2007 Salary Survey of over 35,000 IT pros found that people working in security average $87,890 a year. Those specializing in the broader field of information assurance earn an average of $94,550. Not bad, but shouldn’t you be earning more? Well, it all depends on you.

When it comes to getting paid, there’s a general trap that those of us in information security often fall into. It’s the general belief that just because we have a number of years experience, a college diploma (especially in information security), or CISSP certification, that money, respect, and a great job will fall right into our laps. I hear people often say, "I've got to hurry and finish up my Ph.D. in information assurance so I can make more money," or, "With my CISSP, I know I'll be worth at least $15,000 more a year," or “I’ve been working for this company for 20 years and I’m not making what I should.” Really? I used to believe this is how things worked, but I soon realized that it’s not quite that simple in the real world.

Experience, degrees, and certifications do not -- in and of themselves -- bring value to your employer. Nor do they directly correlate to how much money you should earn. Sure, they serve as a good foundation, but these assets are only the baseline. It's everything else you do that contributes value and demonstrates to your employer that you’re an asset to the organization. This is where you come into play. Your drive, your tenacity, your willingness to learn new things, your communication skills, and your time of however many hours it takes to get the job done (not the "40 hours" that many assume is all that's needed) are the characteristics that will make you stand apart from the cookie-cutter IT employee.

If you're going to make more money in IT and information security, you've got to contribute -- in a positive way -- to your employer's bottom line. That means not only minding your budget wisely but also working quicker and smarter and focusing on the things that provide the most return during your work day. Johann Wolfgang Von Goethe said, "The things that matter most must never be at the mercy of the things that matter least." It's basic time management, but it's a skill and a mindset that many of us in IT have a hard time grasping. Plain and simple - this requires revamping how you think and work. The key point is that what really counts is what you contribute and do after you've already done what's expected of you. Your employer will (or at least should) see this over time and realize your value. If your boss ignores how you’re contributing, well, it just may be time to move on to a new job. Or, it may mean that you’re not communicating and demonstrating your value to your boss in the right ways.

Step out of the day-to-day noise for just 15 minutes and ask yourself how you can add value to your current job. You can always do something more or better. Maybe it's learning how to work more efficiently by mastering a particular subject or job function such as penetration testing or security control audits. Maybe it’s learning how to write or present more effectively. Maybe it's not responding to each and every email the minute you receive them and not answering the phone every time it rings. Or, maybe it's finding a job that you really like or an employer you feel dedicated to – something that makes you want to go those extra miles and contribute more.

Be it analyzing security scan data, installing a new firewall, or writing a security assessment report, if you get in and start working and vow to not be distracted by things in your control, you’ll work so much more effectively and produce better results. Furthermore, if you value yourself and your career and take the steps necessary to advance your knowledge and your skills beyond the basics, you will see major improvements in just a few months. Try it yourself. It's this type of dedication and work ethic added up over time that will start making you more valuable to your employer and lending credence and justification to the salary and benefits you deserve.

Remember that you’re earning a living – not simply being “granted” a paycheck every two weeks. No one is going to do it for you automatically. Your motivation and determination are all you’ve got, so dream big and dedicate yourself to do whatever it takes to earn what you feel you’re worth. You won’t regret it.