Professional development

The best cybersecurity jobs in 2023: Trends, roles and salaries

Cybersecurity trends in the job market

Skilled cybersecurity professionals are in high demand. North America has more than 1.34 million cybersecurity workers, and an additional 436,000 are needed to close the workforce gap, (ISC)² reports. Over the past year, CyberSeek reported 663,434 total cybersecurity job openings in the U.S., but “only enough cybersecurity workers in the United States to fill 69% of the cybersecurity jobs.”

In addition to the overall need, most cybersecurity job openings request specific certifications:

• 97,555 requested a Certified Information Systems Security Professional (CISSP) 

• 86,066 requested a Security+

• 75,040 requested a Certified Information Systems Auditor (CISA)

• 49,519 requested a Certified Information Security Manager (CISM)

• 8,797 requested a Certified Information Privacy Professional (CIPP)

Various GIAC® certifications are also commonly requested.

The cybersecurity workforce is still predominantly male, but the number of women in cybersecurity has risen to 24%, up from 11% in 2017. There will likely be even more parity in the coming years.

With so many organizations reporting a shortage of cybersecurity professionals, there are increased opportunities for existing employees to upskill as well. This helps organizations keep their workforce up-to-date on the latest threats and retain them by investing in their careers.

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

The best cybersecurity jobs in 2023

1. Cybersecurity architect

2. Cybersecurity analyst

3. Chief information security officer (CISO)

4. Security engineer

5. Database administrator

6. Incident manager

7. Cybersecurity data scientist and SME

8. Security manager

9. Cloud security architect

1. Cybersecurity architect

• Job title: Cybersecurity architect

• Related job titles: Computer network architect, solutions architect, enterprise architect, infrastructure architect, security architect

• Level of experience: Senior-level

• Estimated salary: $187,603 per year (Glassdoor)

Job description: As a cybersecurity architect, you plan, design, test, implement and manage an organization's computer and network security infrastructure. Security architects develop information technology rules and requirements that describe baseline and target architectures and support enterprise mission needs. Advanced technical knowledge of network and web protocols, infrastructure, authentication, enterprise risk management, security engineering, communications and network security, identity and access management and incident response are critical to success in this role.

Learning paths and education

For this high-level cybersecurity job, you typically need a bachelor’s degree in cybersecurity, computer science or a related field.

The security architect learning path covers these core topics:

• Security engineering

• Enterprise security risk management

• Cloud security architecture

• Security architecture

• AWS essentials

• Incident response

• NIST cybersecurity framework

• Web server protection

• NIST DOD RMF

• SIEM architecture and process

• Threat modeling

Below are some common cybersecurity certifications that may help land you a cybersecurity architect job:

• (ISC)² Certified Information Systems Security Professional (CISSP) 

• (ISC)² Information Systems Security Architecture Professional (ISSAP) (CISSP concentration)

• CompTIA Advanced Security Practitioner (CASP+)

• OT/ICS Certified Security Professional (ICSP) (formerly CSSA)

This is an advanced-level role, so plan to gain at least five years of experience — potentially more — in entry- and mid-level cybersecurity jobs on your way to becoming a cybersecurity architect.

2. Cybersecurity analyst

• Job title: Cybersecurity analyst 

• Related job titles: SOC analyst, systems security analyst, security analyst, information security analyst

• Level of experience: Entry- to mid-level

• Estimated salary: $106,337 (Glassdoor)

Job description: A cybersecurity analyst is responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. Security analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts. The job of a cybersecurity analyst is a common entry-level cybersecurity role.

Learning paths and education

If you’re wondering how to become a cybersecurity analyst, this job usually requires a bachelor’s in information systems, computer science or similar disciplines — although some organizations have loosened those requirements in recent years.

Your core learning will include topic and domain knowledge in the following topics:

• Network traffic analysis for incident response

• Incident response

• Vulnerability assessment

• Computer forensics

• Cyber threat hunting

• Threat analysis

Common certifications that give your security analyst career a boost include:

• CompTIA Network+

• CompTIA Security+

• CompTIA Cybersecurity Analyst CySA+

• Cisco Certified Network Associate

• CertNexus CyberSec First Responder

• Cyber Threat Hunting Professional (CCTHP)

• Certified Ethical Hacker (CEH)

As you start, you might hold an entry-level cybersecurity job as a junior or Tier 1 SOC analyst working alongside more senior analysts, forensic investigators, incident responders, security engineers and security managers in a security operations center (SOC).

After becoming a cybersecurity analyst, you may go on to become a SOC manager, a cybersecurity engineer or a variety of other roles — analyst skills provide a strong foundation for future career growth.

3. Chief information security officer (CISO)

• Job title: Chief information security officer (CISO)

• Related job titles: Director of information security, head of cybersecurity

• Level of experience: Senior-level

• Estimated salary: $300,304 (Glassdoor), but can vary significantly depending on the size of the organization

Job description: The chief information security officer (CISO) oversees an organization's information security program and develops and implements policies to ensure the confidentiality, integrity and availability of data. You are responsible for managing the security team, coordinating with other departments on security matters and responding to security breaches. The CISO also plays a crucial role in educating staff about security protocols and best practices and ensuring the organization is compliant with relevant security regulations and standards.

Learning paths and education

Discovering how to become a CISO is a long journey, as this is a senior position. These senior executives need a wide range of expertise, education and experience.

To excel as a chief information security officer (CISO), you must master several key areas. A profound understanding of technology is crucial, as CISOs are responsible for outlining and implementing technology approaches to safeguard data. This encompasses securing various data areas, including applications, infrastructure, databases and digital ecosystems that comprise cloud, IoT, AI and analytics engines. This role requires you to stay current with cybersecurity trends and strategies. A CISO must also have robust data governance and compliance knowledge to ensure the organization adheres to relevant regulations and standards.

To be a good CISO, mastering technical areas isn't enough. A CISO must also have strong business acumen. You align security measures with business needs and objectives, which entails constant collaboration with other management members. You must have excellent communication skills to advocate for security effectively and keep all stakeholders informed about the organization’s security posture.

It's also beneficial for CISOs to understand organizational dynamics and create a structure that best serves the company's security needs. A CISO must be a strategist, technologist, manager and diplomat, ensuring security while facilitating business operations.

If you aspire to the CISO role, you might consider working toward these certifications:

• (ISC)² Certified Information Systems Security Professional (CISSP) 

• (ISC)² Information Systems Security Management Professional (ISSMP) (CISSP concentration)

• ISACA Certified Information Security Manager (CISM)

• ISACA Certified in the Governance of Enterprise IT (CGEIT)

• ISACA Certified in Risk and Information Systems Control (CRISC)

• CompTIA Advanced Security Practitioner (CASP+)

4. Security engineer

• Job title: Security engineer

• Related job titles: Cybersecurity engineer, information security engineer, IT security engineer

• Level of experience: Mid- to senior-level

• Estimated salary: $142,144 (Glassdoor)

Job description: A security engineer is responsible for implementing and continuously monitoring security controls that protect computer assets, networks and organizational data. Security engineers often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network and web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role. 

Learning paths and education

The security engineer career path usually starts with earning your degree and working in entry-level cybersecurity jobs for at least a few years, as it is a higher-level position.

Your core learning topics will include:

• System administration

• System architecture

• Enterprise security risk management

• NIST Cybersecurity Framework

• Incident response

• Information technology assessment

• Systems integration

• Data privacy and protection

Certifications that may help you succeed in this role include:

• (ISC)² Certified Information Systems Security Professional (CISSP) 

• (ISC)² Information Systems Security Engineering Professional (ISSEP) (CISSP concentration)

• (ISC)² Certified Cloud Security Professional (CCSP)

• Cisco Certified Network Professional (CCNP)

• CompTIA CySA+

• CompTIA PenTest+

• CompTIA Advanced Security Practitioner (CASP+)

5. Database administrator

• Job title: Database administrator

• Related job titles: Data warehouse architect, database engineer

• Level of experience: Varies from entry- to senior-level

• Estimated salary: $105,216 (Glassdoor)

Job description: A database administrator (DBA) is responsible for storing, organizing and securing an organization's data using specialized software. You ensure databases operate efficiently and securely, perform regular backup operations and restore information if an error occurs. DBAs also design and build databases, perform database maintenance and updates and troubleshoot issues while ensuring compliance with data laws and regulations.

Learning paths and education

Infosec offers a number of database administration courses, and the Database Security Learning Path will help you learn the applicable rules and regulations to protect sensitive data.

The learning path covers these main topics:

• Data security

• NIST framework

• Threats and vulnerabilities

• Database protection methods

• NoSQL cloud database

• Data masking

• Column-level encryption

• Least privilege access management

• Auditing

Database administrators may find the following certifications useful:

• CompTIA Linux+

• CompTIA Data+

• CompTIA DataSys+ 

• Microsoft Azure Data Fundamentals

• Microsoft Azure Database Administrator

 

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Get Your Plan

6. Incident manager

• Job title: Incident manager

• Related job titles: Incident response analyst, information security engineer, information security specialist, cyber defense incident responder

• Level of experience: Entry- to mid-level

• Estimated salary: $84,413 (Glassdoor)

Job description: An incident manager is responsible for leading the response to security incidents, ensuring they are correctly identified, analyzed, communicated and rectified. You develop and implement incident response protocols and oversee the execution of these protocols during security breaches. This role also includes coordinating with various teams to mitigate risks, recover systems, minimize damage and perform post-incident analysis to prevent future incidents.

Learning paths and education

Infosec offers a variety of incident response courses to help make becoming an incident manager more attainable. The Incident Response and Network Traffic Analysis for Incident Response learning paths help you master the stages of incident response and dive deep into the technical tools of the trade. You can also take the live Incident Response and Network Training Boot Camp to fast-track your journey.

Incident managers typically need knowledge of the following core topics:

• Incident response procedures and protocols

• Cybersecurity threats and vulnerabilities

• Digital forensics and investigations

• Risk impact assessments

• Crisis management and communication 

The following certifications may help in this role:

• CertNexus CyberSec First Responder

• CompTIA CySA+

• (ISC)² Certified Information Systems Security Professional (CISSP) 

• ISACA Certified Information Security Manager (CISM)

• Certified Computer Forensics Examiner (CCFE)

• Certified Mobile Forensics Examiner (CMFE)

7. Cybersecurity data scientist and SME

• Job title: Cybersecurity data scientist and SME (subject matter expert)

• Related job titles: Business intelligence (BI) analyst, data analytics specialist, data engineer

• Level of experience: Mid- to senior-level

• Estimated salary: $148,424 (Glassdoor)

Job description: A cybersecurity data scientist and subject matter expert (SME) leverages extensive data science and cybersecurity knowledge to create models that identify and predict cyber threats. You analyze large datasets to uncover hidden patterns, unknown correlations and other useful insights related to cybersecurity threats. The role also involves developing and enhancing machine learning algorithms, providing guidance on best cybersecurity practices and contributing to the development of innovative cybersecurity solutions.

Learning paths and education

Infosec offers cybersecurity data science courses to get you started, and you can follow our Cybersecurity Data Science Learning Path to gain a foundational understanding of data science principles.

The core topics essential to this cybersecurity job role include:

• Data science and analytics

• Python

• Statistical analysis

• Data visualization

• Machine learning techniques

• Network security

• Vulnerability management

• Incident response

• Threat intelligence

• Risk assessment

• Compliance frameworks

Common certifications for this profession include:

• CompTIA Data+

• CompTIA DataSys+ 

• Certified Data Scientist (CDS)

• Microsoft Certified: Azure Data Scientist Associate

• Certified Information Privacy Technologist (CIPT)

These certifications augment the knowledge and capabilities of the cybersecurity data scientist and the SME and open career advancement and networking opportunities within the field.

8. Security manager

• Job title: Security manager

• Related job titles: Cybersecurity manager, information technology manager, information security director

• Level of experience: Mid- to senior-level

• Estimated Salary: $169,604 (Glassdoor)

Job description: A security manager develops security strategies that align with the organization's goals and objectives. You direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.

Learning paths and education

In addition to a broad understanding of technical topics, security managers need to have a firm grasp of the following:

• Information systems and network security

• Security risk assessment and management

• Incident management and business continuity

• Cybersecurity frameworks, such as those offered by NIST and NICE

• Cybersecurity management

• Cybersecurity leadership

It’s common for security managers to hold the following certifications:

• (ISC)² Certified Information Systems Security Professional (CISSP) 

• (ISC)² Information Systems Security Management Professional (ISSMP) (CISSP concentration)

• ISACA Certified Information Security Manager (CISM)

• ISACA Certified in Risk and Information Systems Control (CRISC)

• Certified Information Privacy Professional (CIPP)

9. Cloud security architect

• Job title: Cloud security architect

• Related job titles: Security architect, cloud security engineer, senior cloud architect, network security architect

• Level of experience: Senior-level

• Estimated salary: $239,784 (Glassdoor)

Job description: A cloud security engineer or architect designs, develops, manages and maintains a secure infrastructure leveraging cloud platform security technologies. You use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. You must be proficient in identity and access management (IAM), container security, networking, system administration, zero-trust architecture and using cloud technology to provide data protection.

Learning paths and education

Infosec offers a number of cloud security training courses, including training related to Amazon Web Services (AWS) and Microsoft Azure.

As a cloud security architect, you’ll need to master the following domains:

• Infrastructure design

• Identity management

• Data privacy and protection

• System administration

• Vendor-specific technologies, such as AWS, Azure or Google Cloud Platform (GCP)

You may want to consider a combination of vendor-neutral and vendor-specific certifications:

• (ISC)² Certified Cloud Security Professional (CCSP)

• CompTIA Cloud+

• Certified Cloud Penetration Tester (CCPT)

• Certified Information Privacy Professional (CIPP)

• Certified Information Privacy Technologist (CIPT)

• Certificate of Cloud Security Knowledge (CCSK)

• AWS Certified Solutions Architect

• Azure Security Engineer Associate

Cybersecurity salary and career questions

Can you make $300,000 in cybersecurity?

The median cybersecurity salary in the U.S. is $134,800, according to the most recent (ISC)² Cybersecurity Workforce Study. In addition, the study found those with a doctorate or post-doc earned $150,000 while those with an associate degree or high school diploma earned $127,750.

Your location also plays a significant role in salary. If you look at Payscale for CISO salaries, those in New York earn 30.1% more than the national average, while those in Indianapolis, Indiana, earn 11.4% less than the average. So the total pay, including base salary, bonuses and profit sharing, ranges from $155k–$324k in New York to $143k–$174k in Indianapolis.

So yes, you can make over $300k annually working in cybersecurity. However, it’s most likely to happen if you have a high level of education, live in a high-cost-of-living area and have a high level of experience.

How much do CIA hackers make?

CIA hackers typically make cybersecurity salaries in line with other government employees. According to the CIA.gov cybersecurity jobs page, the salary for a cybersecurity researcher ranges from $69,000 to $122,000 per year, depending on experience and other factors. Of course, wages within the CIA may differ from other government agencies. Your salary may vary depending on your cybersecurity job title and associated level of responsibility.

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

What is the highest-paying IT job?

Various companies provide lists of the highest-paying roles and highest-paying certifications. For example, Indeed’s top five cybersecurity jobs include cloud engineer, penetration tester, application security engineer, director of information security and software architect.

ISACA certifications, such as CRISC, CISM and CGIET, also frequently make top lists. Various cloud-based certifications around AWS, Azure and Google Cloud also make those lists. So roles related to the cloud, managing organizational risk and securing applications are commonly near the top. However, remember that salary can vary significantly depending on the industry, location, size of the organization and experience requirements.

Can cybersecurity professionals work from home?

Many cybersecurity professionals work from home. The Covid pandemic led to advancements in technology and the widespread availability of remote work options, and that trend has continued across many organizations. Ultimately, whether or not a cybersecurity professional works from home will depend on their specific job requirements and employer policies.