Average SCADA Security (CSSA) salary
What is SCADA? Supervisory Control and Data Acquisition is one of the most interesting areas of Industrial Control Systems (ICS) and refers to the hardware and software used in industrial settings to control processes, gather data, monitor operations and act on systems.
This complex control system architecture consists of many parts, including data communications, graphical user interfaces, sensors and controllers that allow professionals to supervise processes and physical components like valves and pumps. A few processes that require SCADA include power generation, civil defense siren systems, oil and gas pipelines, space stations and communication systems, among many others.
If you are involved in ICS/SCADA, a certification like the SCADA Security Architect (CSSA) can help take your ICS career to the next level. Most organizations or industries implementing SCADA systems require a CSSA for various reasons.
Most often than not, the SCADA systems and other office networks are connected, making them susceptible to various network attacks. This is where a certification plays a key role in proving that a professional has the knowledge and skills to identify risks, mitigate those risks by implementing necessary controls and maintain an acceptable risk level through continuous monitoring and evaluation.
Job titles for CSSA certified professionals
A Certified SCADA Security Architect (CSSA) has access to several positions varying from SCADA operator, programmer, administrator, specialist, technician, analyst or engineer.
Here are some of CSSA's many career paths:
- SCADA operators can operate systems through several control boards but can also be called to install, maintain and repair equipment.
- SCADA engineers can provide technical support for all systems, design systems according to current regulations, and provide input on improving configurations.
- SCADA analysts can program and maintain systems and analyze issues as they arise.
- SCADA technicians use their technical expertise to ensure systems and software run properly and effectively. They are also able to troubleshoot issues as needed.
In addition, according to Salary.com 2023 figures:
- SCADA Systems Engineers earn between $105,437 and $138,015. San Francisco consistently ranks #1 as of Jan. 26, 2023, with an average base salary of $150,362.
- SCADA administrators earn between $37,272 to $54,003. The five states where jobs get higher salaries in the United States are Alaska, California, the District of Columbia, New Jersey and Massachusetts.
- SCADA specialists earn between $58,255 to $80,906. Naturally, the pay will vary as it has a lot to do with the department and responsibilities in different companies. The highest-paying cities are San Jose, Calif., and Santa Clara, Calif., with an average salary of $85,395.
- SCADA engineer earns between $100,110 and $128,884. Salaries can vary widely depending on additional skills (e.g., Programmable logic controllers) and work experience. Once again, San Francisco boasts a higher salary with an average pay of $143,610.
- SCADA analysts earn between $62,667 and $79,911 with an hourly salary range between $30 and $38 and average total cash compensation of $71,817 ($64,127 - $83627 range), including incentives.
While pay varies widely by job role, we can use the above information to form an average ICS/SCADA professional U.S. salary of $89.692.
Average pay of professionals with SCADA skills
Acquiring SCADA knowledge and skills is also a great option for many other professionals working in industrial settings. The average base salary for professionals with SCADA skills is $81,000. Below are some positions that might benefit from adding this competence:
Average pay of SCADA professionals by years of experience
An early career SCADA Technician with 1-4 years of experience could earn an average of $30.33; a professional with 20-plus years in the field, $38.14.
The average compensation of a SCADA Programmer with 1-4 years of experience is $50,000; a mid-career SCADA Programmer with 5-9 years of experience is $75,000, while an experienced SCADA Programmer with 10-19 years of experience earns an average total compensation of $97,747.
Note: Skills in Programmable Logic Controllers (PLC)/Automation, Human-Machine Interface (HMI), and Instrument Control and Systems Computer/Console Operations are correlated to pay that is above average.
Why CSSA is so popular
With the rise of threat actors targeting ICS/SCADA, the essence of the Information Assurance Certification Review Board (IACRB) CSSA lies in its ability to impart relevant knowledge to those involved with securing industrial systems and reducing unforeseen entry points for potential attacks. Certified professionals are positioned to protect ICS/SCADA environments and systems through adequate security policies, implementation of proactive measures and evaluation of the results.
What makes the CSSA certification unique is that it imparts essential skills and real-world experience to those in the field to provide holistic security for critical industrial automation systems. The CSSA provides an individual with SCADA security and an understanding of the different types of ICS components.
The CSSA certification encompasses the following eight domains:
- SCADA security policy development
- SCADA security standards and best practices
- Access Control
- SCADA protocol security issues
- Securing field communications
- User authentication and authorization
- Detecting cyberattacks
- Vulnerability assessment
What sets CSSA certification apart from other SCADA security certifications?
The Certified SCADA Security Architect (CSSA) program is a one-of-a-kind career path for industries like oil and gas, power transmission and water treatment industries. The CSSA curriculum ensures that IT and risk managers possess relevant knowledge and have the necessary skills to perform their job related to implementing ICS security controls and incident management related to SCADA environments and systems as qualified professionals.
How can I acquire CSSA skills?
The CSSA Exam Overview is a good place to start. Still, to get an introduction to SCADA security, this series of videos is great, as it covers the security of Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems. In addition, consider the course on SCADA security assessment to review the risk management process, including critical terms and phases, and then apply standard security testing methodologies to industrial control and SCADA systems.
A SCADA Boot Camp can help you learn the best practices for securing SCADA networks and systems. In contrast, a learning path can help you find the best options to validate your SCADA security knowledge upon completion.
Need additional, specific training? Brush up on the fundamentals of penetration-testing SCADA services and protocols or find other related curricula, which will enable you to learn the foundation of security and defending architectures from attacks (e.g., social engineering and malware threats, including zero-day flaws) that are commonly conducted against the oil and gas IT corporate and control network facilities and industrial environments.
- Independent Study Pinpoints Significant SCADA/ICS Security Risks, Fortinet
- Salary for Skill: SCADA, PayScale
- SCADA Technician, PayScale
- SCADA Programmer, PayScale
- SCADA Analyst Salary, PayScale
- SCADA Systems Engineer Salary, PayScale
- SCADA Operator Salary, Salary.com
- SCADA Specialist Salary, Salary.com
- SCADA Administrator Salary, Salary.com
- SCADA Analyst Salary, Salary.com
- SCADA Engineer Salary, Salary.com
- SCADA Systems Engineer Salary, Salary.com