Average CISSP salary [updated 2021]
The CISSP certification has long been considered the gold standard of security certifications and adding those letters next to your name is no easy task. In order to qualify, you’re required to have a minimum of five years’ full-time experience directly in the infosec field or four years experience and a college degree. According to (ISC)², as of July 2021, there were 149,174 people who hold the CISSP certification worldwide.
In August 2020, the folks over at PayScale.com surveyed a group of 9,226 CISSPs. They found that this group’s average yearly salary for CISSP jobs was $114,293, depending on the participant location, years of experience and job title.
According to a study from PayScale, the highest population of CISSP certification exam holders are located in Washington, D.C.; New York City; and Atlanta, Georgia. The city with the highest median salary for a CISSP certification holder working at the management level, with five years’ experience, was Washington, coming in at $122,000 per year.
You can see each city’s respective median salary below.
2021 CISSP mean salary by city
| City | Salary data |
|---|---|
| Washington, D.C. | $122,000 |
| New York, New York | $115,000 |
| Atlanta, Georgia | $110,000 |
| Chicago, Illinois | $114,000 |
| San Diego, California | $118,000 |
| Dallas, Texas | $109,000 |
| Boston, Massachusetts | $117,000 |
It should come as no surprise that the more experience you have, the more money you will make. You can see the median salary for an information security manager with CISSP certification-based experience below.
2021 CISSP median salary by years of experience (security analyst with CISSP certification)
| Years of experience | National salary data |
|---|---|
| Early career | $67,739 |
| Mid-career | $93,318 |
| Experienced | $101,595 |
| Late career | $102,591 |
| 20+ years | $105,825 |
Finally, here’s a look at the job titles that have the highest median salary based on sitting a CISSP exam. You can see from the image below that security architects, information security managers and chief information security officers earn the highest wages.
2021 mean CISSP salary by job title (CISSP certification jobs)
| CISSP salary by job title (CISSP certification jobs) | National salary data |
|---|---|
| Information security analyst | $88,312 |
| Information security manager | $120,161 |
| Cybersecurity analyst | $95,781 |
| Chief information security officer | $168,895 |
| Cybersecurity engineer | $111,439 |
| Security architect, IT | $126,221 |
| Security engineer, information systems | $101,163 |
One particularly interesting finding of this study is that women who hold the CISSP certification earn significantly less than their male counterparts. The average salary for a woman who successfully sat the CISSP exam falls between $66,000 and $156,000, while the average CISSP certifications-based salary for a man is between $72,000 and $164,000.
The CISSP certification is very useful for those seeking a higher-level security job. Meeting CISSP requirements means sitting a foundational certification exam, and the CISSP exam and the CISSP requirements are some of the most exacting in the industry. The CISSP exam and requirements result in one of the most highly sought-after security certifications in the IT industry.
This post has been updated continuously – first posted Oct. 2013.
This is a great article! I will look into the CISSP certification. Something tells me I will find something of great interest here.
Wow sexist much? I am a female Network Architect with over 20 years of experience. I have had to teach my male equals, with higher salaries, many simple concepts that they should’ve been embarrassed to ask. To say that females who hold a CISSP on average have less competence is offensive. I have interviewed a male engineer proclaiming to have a CCNP that advised me the a /24 was the smallest subnet mask there is, I have instructed a male CCIE how to perform route look ups, and I have designed & provided complex networks solutions for multiple customers. I will agree that there are few women in the network and security sectors, but I know some strong engineers that are more than competent and are female.
Wow- bubblehead much? Apparently in those twenty years you still haven’t figured out what ‘on average’ means.
Dear, “A female Engineer” – I am a female NON-engineer, and I think you are AWESOME. I love your reply to whatshisface and just wanted to share that with you. Have a great day!