ISC2 CISSP

CISSP certification salary: A comprehensive 2024 salary guide

Infosec Institute
February 22, 2024 by
Infosec Institute

The demand for skilled cybersecurity professionals, particularly those holding the Certified Information Systems Security Professional (CISSP) certification, is on the rise. This globally recognized credential validates expertise in eight core domains of cybersecurity. 

According to Cyberseek, it is currently the most sought-after cybersecurity certification by employers. It is also the most popular certification for mid and senior-level cybersecurity professionals, with over 160,000 holders. 

This guide aims to provide an overview of the CISSP salaries. We'll explore the average salaries, look at factors that influence individual earnings and analyze available job opportunities. We'll also discuss alternative certifications and offer guidance for those considering pursuing the CISSP credential. 

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Understanding CISSP job roles 

We will get to the intricacies of CISSP salaries, but first, let's look at the wide variety of skills this certification covers and what type of roles typical CISSP holders fill. 

The CISSP curriculum encompasses eight domains of knowledge: 

  • Security and risk management: Identifying and mitigating security risks within an organization. 
  • Asset security: Protecting valuable assets like data, systems and devices. 
  • Security architecture and engineering: Designing secure networks and systems. 
  • Communication and network security: Implementing controls to secure communication channels and networks. 
  • Identity and access management (IAM): Managing user access to systems and data. 
  • Security assessment and testing: Identifying and evaluating vulnerabilities and systems and networks. 
  • Security operations: Monitoring and responding to security incidents. 
  • Software development security: Integrating security practices into the software development lifecycle. 

 

Infosec Skills Author Leighton Johnson recommends starting with basic certifications like Security+ and then earning a CISSP.  

As the CISSP covers such a diverse set of knowledge, it's applicable to wide variety of technical and managerial positions. A few common job titles include: 

  • Cybersecurity manager: Oversee the organization's cybersecurity strategy and operations, manage teams and implement security controls. 
  • Cybersecurity engineer: Design, implement and maintain secure IT infrastructures and systems. 
  • Cybersecurity consultant: Advise clients on security best practices, assess vulnerabilities and develop mitigation strategies. 
  • Cybersecurity architect: Design and build secure IT architectures aligned with organizational needs. 

What is the average CISSP salary? 

Defining a single, definitive "CISSP average salary" can be tricky due to the diverse range of factors at play. However, by compiling data from multiple credible sources, we can provide realistic numbers that will give you an idea of the salary potential. Here are our sources with some details on their methods of data collection: 

  • Payscale and Glassdoor: These platforms provide salary data based on self-reported information from CISSP holders. Keep in mind that these two sources also report additional compensation beyond base salary. 
  • Salary.com: This site uses a combination of self-reported data and third-party sources to estimate salaries. While it doesn't report CISSP salaries, we will use the related role of information security manager. 
  • Cyberseek: This initiative by the Department of Labor provides detailed information on job postings, and we'll be using the security manager role that is often associated with CISSP 

Based on the data gathered from these four sites, we can confidently say that the average Certified Information System Security Professional salary ranges from $127,000 to $150,943 annually, with an average of around $140,131. Like many cybersecurity roles, this new average is an increase over our last average of $126,685. 

Factors influencing CISSP salaries 

While the average salary for a CISSP holder is $140,131, your job title and experience, as well as the location and industry of the job, will affect your earning potential. 

How job role affects CISSP salary 

Your job title significantly impacts your CISSP salary. Take a look at some of the examples based on Payscale data: 

  • Cybersecurity manager: $149,000 
  • Cybersecurity engineer: $119,872 
  • Cybersecurity consultant: $119,305 
  • Cybersecurity architect: $148,175 

How experience affects CISSP salary 

As you progress in your career and learn more valuable skills, your earning potential will naturally increase. The data below from Salary.com demonstrates the CISSP salary increase with experience (using the information security manager role): 

  • Junior/entry-level (0-2 years): $141,307 
  • Mid-level (2-5 years): $143,049 
  • Senior level (5+ years): $148,493 

How location and industry affect salary 

Where you live, and the industry you work in also play a part in your CISSP salary. Salary.com reports higher CISSP salaries in top cybersecurity markets like San Jose and New York City. Here are some salaries in various states using the information security manager role: 

  • California: $164,988 
  • New York: $159,618 
  • Colorado: $151,122 
  • Pennsylvania: $149,282 
  • Florida: $142,102 

Industry can also influence your earnings. Here are some average salaries of CISSP holders by industry (without specifying role) courtesy of Glassdoor: 

  • Legal: $94,000 
  • Healthcare: $104,000 
  • Financial services: $130,000 
  • Technology: $139,000 

CISSP demand and career opportunities 

The future of cybersecurity is bright. According to the ISC2 Cybersecurity Workforce Study, the global cybersecurity workforce gap was already at 4 million in 2023 and is expected to grow, highlighting the critical need for qualified individuals. 

The good news? The CISSP certification positions you at the forefront of this field. What sets the CISSP apart is that it equips you with a broad base of knowledge that opens doors to diverse and exciting possibilities, including: 

  • Get more technical: Dive deep into the intricacies of secure infrastructure, threat detection, and incident response, becoming a vital force in building robust defenses. (e.g., security analyst, security engineer) 
  • Become a leader: Ascend to leadership roles like security program manager or CISO, guiding an organization's cybersecurity strategy, ensuring compliance and fostering a culture of security awareness. 
  • Embrace variety: Thrive in the dynamic world of consulting, advising clients on best practices, assessing vulnerabilities and developing tailored security solutions across diverse industries. 

Or you can seek even deeper specialization. ISC2 offers additional certifications that complement the CISSP: 

  • ISSMP: Focuses on management best practices, ideal for aspiring or current information and security leaders. 
  • ISSEP: Geared towards security engineers, it covers secure network engineering and architecture. 
  • ISSAP: Designed for security architects, providing in-depth knowledge of secure architecture design and implementation. 

CISSP certification trends and alternatives 

Christine Izuakor, owner and founder of Cyber Pop-up, shares her experience as the University of Colorado’s youngest student to complete a Ph.D. in Security Engineering and compares it to earning her CISSP and CISM certifications. Watch the full episode. 

The cybersecurity landscape is constantly evolving, and the skills needed to stay ahead of the curve are no exception. ISC2 Is aware of this, and a 2024 update is planned to ensure the knowledge and skills you gain remain relevant and aligned with the latest industry trends. This commitment to continuous improvement underscores the value of the CISSP as a foundation for your cybersecurity career. 

While the CISSP excels in its breath, there are alternative certifications that cater to specific areas of expertise: 

  • For governance, audit, and risk: Certifications offered by ISACA, such as CISA (Certified Information Systems Auditor and CRISC (Certified in Risk and Information Systems Control), dive deeper into these critical parts of cybersecurity. 
  • For privacy expertise: The International Association of Privacy Professionals (IAPP) offers certifications like CIPT (Certified Information Privacy Technologist) and CIPP (Certified Information Privacy Professional) to equip you with knowledge of data privacy regulations and best practices. 
  • For cloud security mastery: Certifications like AWS Certified Security Specialist, Microsoft's Azure Security Engineer Associate or ISC2's own CCSP (Certified Cloud Security Professional) provide focused training in securing cloud environments. 

Remember, the CISSP is often considered a mid-career certification, your learning journey doesn't stop there. These alternative certifications, along with continuous learning and upskilling, allow you to specialize in specific domains or pivot into new areas within the vast cybersecurity field. 

Preparing for your CISSP 

The CISSP is a four-hour test. It’s an adaptive test, so the number of questions you get depends on how you’ve done on earlier questions. Watch #AskanInfosecInstructor for Infosec Instructor Steve Spearman’s CISSP tips.   

You may be inspired by the possibilities the CISSP unlocks and eager to start on your certification journey. Before you begin, here is a breakdown of the key steps to certification: 

Meeting the CISSP requirements 

The CISSP certification has specific prerequisites. You'll need a minimum of five years of cumulative paid work experience in two or more of the eight domains covered by the CISSP exam. Alternatively, you can combine four years of experience with a relevant college degree or an approved ISC2 credential to meet the requirement. 

Resources that will help you prepare 

Once you confirm eligibility, the following resources are available to help you master the CISSP domains: 

  • Live boot camps: Learn everything you need to pass the CISSP exam in five days of intensive training with Infosec's CISSP Boot Camp. 
  • On-demand learning paths: Master the CISSP with Infosec's comprehensive CISSP Learning Path and learn at your own pace with structured online modules, video lectures, and practice exams. 
  • Study groups and communities: Connect with other CISSP aspirants for peer support, knowledge sharing, and motivation at communities like TechExam's CISSP forum. 

Also, don't forget to download our free CISSP exam tips ebook for valuable insights and strategies to approach the exam with confidence, and visit our comprehensive CISSP hub to access in-depth information about the exam format, domains covered and more tips for exam and career success. 

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Is CISSP certification worth the cost? 

The decision to pursue the CISSP certification is a personal one, but the evidence speaks volumes. The investment of time and effort can be significant, but the potential return on investment is undeniable. Here's why: 

  • Demand and earning power: The CISSP consistently ranks at the top of job postings, which translates to a higher earning potential. The average salary for CISSP holders is currently $140,131. 
  • Career advancement: The CISSP opens doors to diverse and exciting career paths, from technical roles like security engineer to leadership positions like CISO. 
  • Skills for the future: The 2024 update to the CISSP demonstrates its commitment to keeping you relevant and prepared for emerging threats. 

Take your first step to CISSP certification today by exploring the resources provided here and charting your learning path. A future in cybersecurity is a bright one, and with the CISSP by your side, you'll be well-positioned to seize its potential and contribute to a safer digital world. 

Infosec Institute
Infosec Institute

Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training.