17 high-paying tech skills that will go higher

Despite more volatility than normal, pandemic conditions have benefitted market values for some skills more than others.


Thanks to the tumultuous events of the past year, today’s IT professionals and the people who manage them face challenges in the workplace they’ve rarely if ever seen before. As organisations recalibrate and prepare for a post-pandemic future, many are shifting their business models or creating entirely new ones. These changes have radical implications for IT talent and workforce dynamics.

One way of measuring these shifts is tracking increases or decreases in the cash pay premiums employers pay tech workers for hundreds of in-demand tech skills. Our firm has been doing this since 2000 in the quarterly-updated IT Skills and Certifications Pay IndexTM (ITSCPI), currently reporting pay for 540 certified and 613 noncertified tech skills. That’s a lot of skills, and the survey demographics behind the ITSCPI are equally impressive: 83,274 US and Canadian tech professionals in as many as 3,745 private and public sector employers who are earning dollars for some skills, typically outside of base pay, as reported to us by their employers.  

High paying and going higher

The following noncertified tech skills meet three prerequisites:

  • They don’t require formal certification
  • They earned workers cash pay premiums well above the average of all 613 skills reported in our IT Skills and Certifications Pay IndexTM
  • They recorded gains in cash market value in the six months ending April 1, 2021

No skill below is earning less than the equivalent of 16 percent of base salary—significant considering the average for all skills reported is 9.6 percent of base—and are listed in descending ranked order of cash premium and market value increases (including ties). Not surprising, the list contains a number of security, risk, data management and analytics, and blockchain skills.

  1. Risk analytics/assessment

Market value increase: 11.8 percent (in the six months through April 1, 2021)         

Risk analytics is a form of business intelligence that serves as a component in a risk management environment. Invaluable in any industry, risk analytics exploits internal and external structured and unstructured data to model scenarios and outcomes, providing insights into areas such as:

  • Fraud risk
  • Market risk
  • Credit risk
  • Transportation and logistics risk
  • IT risk
  • Financial risk
  • Investment risk
  • Supply chain risk

Risk analytics does not have to be a digital solution, and indeed, businesses have been analysing and assessing risk for years using manual or semi-automated methods. But digital risk analytics is growing in popularity as a niche of BI development due to increased interest among risk-management professionals. As a discipline it has changed—and vastly improved—the way risk managers evaluate potential scenarios and predict risk-laden events.

Digital risk analytics minimises the need for reliance on human intuition, allows enterprise-wide assessment of risk exposure, and enables management precision, which would have been unimaginable not so long ago. Capturing, storing, and extracting data relating to all the risk strands in a particular business environment enables risk managers to amass targeted intelligence, visualise scenarios, and prepare for them. The resulting insights provide an organisation with a plethora of benefits to security, operational continuity, and competitive advantage.

Machine learning technology is probably the biggest game-changer in digital risk analytics, primarily due to its ability to reduce the margins of error in predicting risk likelihoods and severities. When a cognitive solution, powered by the latest in artificial intelligence, creates a risk alert, human verification requirements still exist. However, as risk specialists increasingly weed out false positives and update the algorithms, the application learns from the inputs and becomes more accurate in evaluating the risk of fraud. Additional accuracy comes with AI technology's ability to process unstructured data using natural language processing, text analysis, and image recognition. That makes the need for rule-based analysis far less prominent and enables near real-time risk identification—and ultimately, faster responses.

Of late, risk analytics applications are beginning to cross the boundaries of prediction into more actionable realms of prescriptive analysis. The most sophisticated solutions help risk managers to identify the best course of action to prevent, circumvent, or at least mitigate potential harm arising from disruptive events and criminal activity.

  1. DevSecOps

Market value increase: 5.6 percent (in the six months through April 1, 2021)           

DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. But DevOps isn’t just about development and operations teams: If you want to take full advantage of the agility and responsiveness of a DevOps approach, IT security must also play an integrated role in the full life cycle of your apps. Why? Because effective DevOps ensures rapid and frequent development cycles (sometimes weeks or days), but outdated security practices can undo even the most efficient DevOps initiatives.

Now, in the collaborative framework of DevOps, security is a shared responsibility integrated from end to end. It’s a mindset that has led to the term DevSecOps to emphasise the need to build a security foundation into DevOps initiatives. It means thinking about application and infrastructure security from the start. It also means automating some security gates to keep the DevOps workflow from slowing down. Selecting the right tools to continuously integrate security, like agreeing on an integrated development environment (IDE) with security features, can help meet these goals. However, effective DevOps security requires more than new tools—it builds on the cultural changes of DevOps to integrate the work of security teams sooner rather than later.

In DevSecOps, two seemingly opposing goals — “speed of delivery” and “secure code” — are merged into one streamlined process. In alignment with lean practices in agile, security testing is done in iterations without slowing down delivery cycles. Critical security issues are dealt with as they become apparent, not after a threat or compromise has occurred. There are six important components to a DevSecOps approach:

  • Code analysis– deliver code in small chunks so vulnerabilities can be identified quickly.
  • Change management– increase speed and efficiency by allowing anyone to submit changes, then determine whether the change is good or bad.
  • Compliance monitoring– be ready for an audit at any time (which means being in a constant state of compliance, including gathering evidence of GDPR and PCI compliance, etc.).
  • Threat investigation– identify potential emerging threats with each code update and be able to respond quickly.
  • Vulnerability assessment– identify new vulnerabilities with code analysis, then analyse how quickly they are being responded to and patched.
  • Security training– train software and IT engineers with guidelines for set routines


  1. Blockchain

Market value increase: 20 percent (in the six months through April 1, 2021)           

Based on a peer-to-peer (P2P) topology, blockchain is a distributed ledger technology (DLT) that allows data to be stored globally on thousands of servers – while letting anyone on the network see everyone else's entries in near real-time. That makes it difficult for one user to gain control of, or game, the network and to change, hack, or cheat the system. For businesses, blockchain holds the promise of transactional transparency: the ability to create secure, real-time communication networks with partners around the globe to support everything from supply chains to payment networks to real estate deals and healthcare data sharing. Because businesses run on information, the faster it’s received and the more accurate it is, the better.

Blockchain is ideal for delivering that information because it provides immediate, shared and completely transparent information stored on an immutable ledger that can be accessed only by permissioned network members. A blockchain network can track orders, payments, accounts, production and much more. And because members share a single view of the truth, you can see all details of a transaction end-to-end, giving you greater confidence, as well as new efficiencies and opportunities.

An annual survey of blockchain service providers by research analyst firm Gartner revealed that 14% of enterprise blockchain projects moved into production in 2020, up from 5% in 2019. Moreover, bitcoin market value—perhaps blockchains most well-known use case---reached all-time highs in the last few months as mainstream investors have embraced it. Understanding how Blockchain integrates with IoT, Artificial Intelligence, Machine Learning, Robotics, and other technologies is a plus now for architects but will be a requirement in the future as these other technologies mature and adoption rates increase.

  1. Smart Contracts

Market value increase: 5.9 percent (in the six months through April 1, 2021)

Smart contracts help you exchange money, property, shares, or anything of value in a transparent, conflict-free way while avoiding the services of a middleman. They’re the product of the decentralised ledger systems that run the blockchain and so skills in smart contracts are be catapulted along with Ethereum and others for an almost unlimited number of uses ranging from financial derivatives to insurance premiums, breach contracts, property law, credit enforcement, financial services, legal processes and crowdfunding agreements.

  1. E-Discovery

Market value increase: 30.8 percent (in the six months through April 1, 2021)

Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. E-discovery can be carried out offline on a particular computer or it can be done in a network. Court-ordered or government sanctioned hacking for the purpose of obtaining critical evidence is also a type of e-discovery.

The nature of digital data makes it extremely well-suited to investigation. For one thing, digital data can be electronically searched with ease, whereas paper documents must be scrutinised manually. Furthermore, digital data is difficult or impossible to completely destroy, particularly if it gets into a network. This is because the data appears on multiple hard drives and digital files, even if deleted, can be undeleted. In fact, the only reliable way to destroy a computer file is to physically destroy every hard drive where the file has been stored.

In the process of electronic discovery, data of all types can serve as evidence. This can include text, images, calendar files, databases, spreadsheets, audio files, animation, Web sites and computer programs. Even malware such as viruses, trojans and spyware can be secured and investigated. Email can be an especially valuable source of evidence in civil or criminal litigation because people are often less careful in these exchanges than in hard copy correspondence such as written memos and postal letters.

Computer forensics, also called cyberforensics, is a specialised form of e-discovery in which an investigation is carried out on the contents of the hard drive of a specific computer. After physically isolating the computer, investigators make a digital copy of the hard drive. Then the original computer is locked in a secure facility to maintain its pristine condition. All investigation is done on the digital copy.

E-discovery is an evolving field that goes far beyond mere technology. It gives rise to multiple legal, constitutional, political, security and personal privacy issues, many of which have yet to be resolved.

  1. TIBCO Spotfire

Market value increase: 21.4 percent (in the six months through April 1, 2021)

TIBCO’s Spotfire is a data visualisation tool that allows users to access and combine data in a single analysis, enabling business users to visualise and analyse their data with little to no IT support. It allows users to define KPIs and send alerts to iPhone or Android phones, enabling teams to collaborate on mobile devices while management can simultaneously get timely information and manage by exception. Spotfire is open source and can perform Big Data, Content and Predictive Analytics.

Spotfire can be deployed either in cloud or on-premise and supports a broad range of use cases, from building dashboards and data analytics to sophisticated predictive and real-time analytics and continually helping user discover insights that they can act on. It complements existing business intelligence and reporting tools. Spotfire provides connectivity to databases including big-data tools and applications such as CRM, ERP, Excel and MS Access. It also provides native connectivity to R Project for advanced statistical analytics, automation services to automate sending PDF/MS PowerPoint reports and an API and software development kit. Among all the above features driving growth in Spotfire pay premiums is that it keeps the total cost of ownership low by allowing users to build once and publish to thousands of users over internet or intranet, as a PDF or as MS PowerPoint reports.

  1. Apache Pig
1 2 3 Page 1
Page 1 of 3