CISSP: Salary Data [Updated 2021]
Note: The information in this article is out of date. Check out our new article for updated CISSP salary information.
As a security professional, you want to ensure that you’re earning a recognized credential that will help you earn more in the information security field. The Certified Information Systems Security Professional (CISSP) certification has become the gold standard here, but what does that translate into in terms of annual average salary? While you can rest assured that you’ll earn more as a CISSP than as a non-certified professional, just how much more can you expect to earn here?
The problem is that this crucial question is complicated by the fact that CISSP certification doesn’t apply to a single career path. You’ll find a host of different positions within a myriad of industries that either require or prefer CISSP certification. Another consideration is that the pay scale for these positions can be drastically different.
In addition to significant variances due to the actual job itself, you also have to consider the cost of living in various areas. For instance, a CISSP in New York would earn more than a CISSP in Atlanta if everything else was equal simply because your money goes farther in the South than in the Big Apple. So, while you would technically earn more in New York City, you’d most likely enjoy a better standard of living in Atlanta, even though you would be pulling down a lower salary in terms of pure numbers.
Then, you also have less tangible elements that nevertheless affect how much you’ll earn, such as years of experience and additional skills not directly related to CISSP or information technology (such as HIPAA, HITECH, or PCI-DSS to name just a few).
While there’s a lot of ambiguity when discussing salary data for a credential that spans so many different industries and positions, we can glean some insight.
CISSP Salary Statistics
Really, the best way to discuss CISSP certification salary is not in specifics, but in statistics. This will give you a good overall view of what you can expect to earn, and where in the US you can expect to earn it.
What Is the CISSP Average Salary?
The average salary in the US for CISSPs is, according to Payscale.com, between $68,594 and $128,338 if you’re male, and between $59,810 and $119,553 if you’re female. Glassdoor has similar figures. Indeed.com shows an average of $99,000 per year for CISSP holders, but a quick glance at their breakdown of the CISSP certification salary for different positions shows a similar range of compensation from one position to another.
However, Global Knowledge shows very different numbers for 2016. Their CISSP certification salary is $121,923 (as compared to Indeed.com’s $99,000). Interestingly, CISSP certification did not crack the top 15 for 2014; even though it met most of the criteria for ranking, it didn’t meet the survey’s sampling size conditions to be included.
Obviously, that’s a very, very broad range and likely doesn’t provide much help, so let’s break things down a little bit further.
To give you a better idea of how these numbers break down across various positions, we’ll take a look at Payscale.com’s national salary data for a few jobs that require CISSP certification. They list them as follows:
- Information Security Analyst: $60,501 to $116,527
- Information Security Manager: $81,930 to $140,311
- Security Engineer: $70,103 to $127,095
- IT Security Architect: $90,834 to $153,280
- Chief Information Security Officer: $106,727 to $203,345
Just to throw some more information into the mix, let’s consider some salary information from Indeed.com by position:
- Security Program Manager: $97,000
- IT Security Manager: $120,000
- Information Security Engineer: $95,181
- IT Security Architect: $124,214
- Security Architect: $128,000
Glassdoor can provide a little more information about average annual salary by position:
- Information Security Engineer (at Lockheed Martin): $96,895
- Senior Information Security Engineer (at Booz Allen Hamilton): $114,528
- Information Security Engineer (at Wells Fargo): $113,261
- Information Security Analyst (at Tata Consultancy Services): $66,196
- Information Security Specialist II (at Lowe’s): $77,041
Considering Geographic Area
As mentioned previously, there are many factors that will affect how much you earn as a CISSP. One of the most important is geography. Not only do you have things like area-specific cost of living that figure into your compensation, but you also have others, like competition, industry concentration and the like.
According to Payscale.com, some of the best areas for CISSP certification holders to seek employment (in terms of available jobs and employer concentration) are as follows:
- Atlanta, with an average earning potential of $64,515 to $121,509
- Washington DC, with an average earning potential of $73,455 to $141,015
- Dallas, Texas, with an average earning potential of $69,111 to $131,372
- New York City, with an average earning potential of $70,976 to $150,657
- Chicago, with an average earning potential of $69,111 to $131,372
CISSP vs. Other Certifications vs. Non-Certified Professionals
While CISSP has become the standard for information security professionals, there are plenty of other options out there. How does the CISSP certification salary stack up in comparison to others?
For this information, we’ll turn to Certification Magazine, and their salary survey. Note that CISSP actually comes in at number four on this list (with an average annual salary (for 2014) of $109,650. What beat out CISSP in terms of earning potential according to the magazine? The top three were as follows:
- CISM (Certified Information Systems Manager): $115,080 (note that this certification is only offered by ISACA, not by (ISC)2)
- CRISC (Certified in Risk and Information Systems Control): $111,740 (only available from ISACA)
- CISA (Certified Information Systems Auditor): $110,190 (only available from ISACA)
What about those certifications that fall below the fourth spot (CISSP)? From five on down, you have the following:
- CAP (Certified Authorization Professional): $106,900 (from (ISC)2)
- GCIH (GIAC Certified Incident Handler): $100,590 (from GIAC)
- PMI project management professional: $100,040
- Open Group certified architect: $97,980 (from Open Group)
- TOGAF (The Open Group Architecture Framework): $96,910 (from Open Group)
- CCDA (Cisco Certified Design Associate): $96,850 (Cisco only)
- CEH (Certified Ethical Hacker): $96,290 (from EC-Council)
It should be noted that the list above is very different from that provided by Global Knowledge, where CISSP also ranks fourth. In first place, GK listed AWS certified solutions architects, with earnings of $125,871 per year. In second place, they listed CRISC, with $122,954 per year. In third place, they had CISM with $122,291. In fourth place, they listed PMI project management professionals. Below that, the list looked like this:
- Six Sigma (green belt)
As you can see, while CISSP certification might not guarantee you a top slot, there are plenty of others that will guarantee you earn less. In addition, CISSP is perhaps the most frequently cited “required” certification for information security positions within virtually every industry, and that need is only growing.
Other Factors that Affect Your CISSP Average Salary
While earning your CISSP certification is the key to enjoying a higher salary than non-certified professionals, as well as those with a wide range of other certifications, there are quite a few factors that will influence the actual amount you earn per year. We’ll discuss those below.
The education you have in addition to your CISSP certification will play a significant role in what you’re able to earn per year, ultimately. For instance, if you have a Bachelor of Arts degree, you’ll start out near the lower end of the spectrum, earning between $64,648 to $129,962 according to Payscale.com.
If you have a Bachelor of Business Administration, you can expect to earn between $56,870 and $117,015 per year. If you have a Bachelor of Science degree, your earnings will likely be between $70,493 and $124,861. Finally, if you have a Master of Science, you’ll start out at the higher end, earning between $74,493 and $124,861. Note that these degrees are in addition to your CISSP certification.
The company you’ll work for will also make a big difference in your annual salary as a CISSP. For instance, the US Air Force actually pays the least out of the most common hirers, while Lockheed Martin pays the most. Others of note include Booz, Allen and Hamilton, Northrop Grumman and General Dynamics Information Technology Inc. That said, the increasing focus on information security is creating jobs in every single industry for skilled CISSPs.
One of the fastest-growing industries is finance and insurance, but you’ll also find high demand in retail, health care and many other areas. Ideally, you will be able to compare salaries from several different employers in the same industry hiring for the same position in order to make an informed decision. Note that there is no standard annual compensation for CISSP holders – there are only averages, and those are little more than guideposts.
Years of Experience
The more experience you have on the job, the higher your annual salary will be in most instances. While you must have at least five years of experience on the job in order to earn your CISSP, you’ll find that those who have between 10 and 20 years of experience in the real world have the highest potential salaries. Those with five years or less have the lowest salaries.
The Actual Job
We’ll wrap up this discussion of the average CISSP certification salary with a recap of the impact job position has on your earnings. Remember that while CISSP is a crucial professional certification, it is a gateway to a very wide range of jobs. Each actual job has its own annual salary that will be affected by the other factors we’ve discussed, including your education, the geographic area, the employer in question and more.
It is also important to understand that while you’ll find plenty of job openings for information security analysts, security engineers, IT security architects and the like, the increasing importance of information security in all industries is creating jobs that might not be familiar to you. It may be your best option to search for jobs that require CISSP certification, rather than an information security-specific position.
The increasing importance of this role in finance, insurance, retail, and health care is also making it more important than ever that candidates for non-traditional positions bring additional skills to the table. Think about accounting skills, HIPAA compliance, HITECH compliance, and knowledge of PCI-DSS and Sarbanes-Oxley as prime examples, but these are only the tip of the proverbial iceberg.
In the end, earning your CISSP certification does offer you the ability to earn more per year. However, there are many other factors at play here. Just because you are a CISSP does not immediately guarantee you the highest paying jobs listed. Bear in mind the additional factors we’ve discussed above, including geography and employer, but also the actual position you take with that employer.