Introduction: The cybersecurity job market

Cybersecurity is a growing field, and with the shortage of specialists expected to grow and the prospect of up to 3.5 million unfilled job positions by 2021, it’s a good time to enter the profession.

In the cybersecurity labor market, there’s an increasingly high demand with a relatively low supply, so the potential for a lucrative career is definitely there. This is true, however, only for professionals that are able to develop the highly specialized skills that employers are looking for today. 

Not all cybersecurity positions will earn you stellar salaries. As the cybersecurity demand grows, in fact, so does the job specialization with roles that are evolving and becoming more and more specific: security analysts or consultants, security architects or engineers, security administrators or software developers.

It is obvious that entry-level positions will be on the lower end of the IT pay scale, while security managers and executive level positions will command higher salaries. Job titles also have a role in a vacancy’s starting salary, as well as the skills you possess and how well they match what the employer is looking for.

Top cybersecurity roles

When Frederick Scholl scanned one of the most used job boards looking for positions available in cybersecurity, he found that many roles that employers were actually looking to fill are not even included in the comprehensive list of 52 listed by the 2017 Cybersecurity Workforce Framework. In addition, when looking at the top 24 positions within cybersecurity, sales professionals were at the forefront; they were followed by project managers, technical writers and, only then, security engineers and application security professionals. Sales engineers (SEs) could earn “higher salaries than tech workers,” confirmed Dark Reading, pointing out that this is the result of “the global cybersecurity industry looking to spend $1 trillion between 2017 and 2021”. The annual salary for these positions is between $110,000 and $150,000.

Research firm Cybersecurity Ventures also lists CISOs and security engineers in the top jobs. CISO compensation varies greatly from up to $420,000 paid by Fortune 500 companies in large cities to up to $200,000 paid by mid-sized companies. Deputy CISOs could earn compensation in the $200,000 to $250,000 range in large Fortune500 companies. Lead software security engineers, who couple technical with managerial skills, can earn over $225,000.

As per Dice Insights, cybersecurity specialists also tend to be well paid ($101,238 as of 2019 and up 1.5% from the year before, according to the Dice 2020 Tech Salary Report).

As we walk down the scale, we find that, according to PayScale, the average cybersecurity analyst salary is $75,875. More years of experience usually leads to more income.

Dice Insights confirms that “if you’re concerned about titles affecting your career earnings, avoid the ‘analyst’ role. It pays slightly less, and adding specialized skills doesn’t shift the needle very much.” In fact, “Job titles matter. If you want a decent cyber security salary, presenting yourself as an ‘engineer’ is your best bet: It’s a title that tends to pay on the higher end of the tech pro salary spectrum.”

CyberSeek’s interactive career pathway also shows key jobs within cybersecurity and their average yearly salaries (in addition to number of job openings) in such positions:

The cyber career profile cards by NICERC (National Integrated Cyber Education Research Center) show the potential of other career possibilities available in today’s workforce, such as:

  • Cyber operator: $100,000+ median salary
  • Cyber legal advisor: $92,000+ median salary
  • Cyber defense incident responder: $80,000+ median salary
  • Cyber forensics expert: $70,000+ median salary

Skills needed for cybersecurity jobs

CompTIA looked at the skills recommended in vacancy listings and data analyzed by CyberSeek between October 2018 and September 2019. In addition to normal requirements including the word “security,” it found that a number of specific knowledge items were recurring. One of them was Linux, a staple in many companies and for professionals asked to work also on Android phones.

Project management is also a frequently mentioned competence. This and other soft skills complete the background of a professional who is often asked to multitask between different projects in an effective and efficient way. Cyber professionals that can prove their talent to go beyond mere technical knowhow and theoretical knowledge by bringing in proven personal skills have normally an advantage in competition and might have access to higher salary within roles.

Significant factors in salaries 

Annual salaries can vary greatly by location, experience, skills and certification, for example. Skills in cybersecurity might earn cyber professionals higher pay than other IT practitioners; however, even within the same level of jobs, salaries vary greatly according to many factors.

Let’s look, for instance, at an information security analyst. According to the Occupational Outlook Handbook, these professionals had a median pay in 2018 of $98,350 per year or $47.28 per hour, with the lowest 10 percent earning less than $56,750 and the highest 10 percent earning more than $156,580. The median pay for all computer occupations, instead, was $86,320. The median salary, however, also differed by industry:

Computer systems design and related services $102,620
Finance and insurance 101,130
Information 96,580
Management of companies and enterprises 94,180
Administrative and support services 94,120

Location is also a heavy factor in the calculation. The same information security analyst has a chance to earn up to $191,550 in New York, up to $165,500 in Washington, DC, $187,020 in Mountain View, CA and $134,650 in Portland, OR.

The average salary for an information security analyst reported on Payscale.com is $71,747, with an average bonus possibility of $4,110 and profit sharing of $2,816. On this site, the differences from city to city are still highlighted, with an average salary of $80,927 in New York, $84,331 in Washington DC, $120,000 in Mountain View, CA and $82,281 in Portland Oregon.

Of course, salaries need to be put in perspective with the location where they are earned. In the table below, the “real” value of an information security specialist’s salary is shown in 15 cities. This shows that, once figures are adjusted for cost-of-living using data from the Bureau of Economic Analysis (BEA), an information security specialist might be “happier” in Austin, TX rather than in San Jose, CA.

Skills are also a relevant factor. According to Payscale.com, the information systems analyst that can prove cybersecurity skills has an average salary of $72,410, compared to $73,916 for security risk management skills and $65,009 for general IT support skills.

According to the 2019 IT Skills and Salary Report by Global Knowledge, some of the highest paying information security certifications in the U.S. are …

  • CISM: $132,919
  • CRISC: $128,556
  • CISSP: $123,815

Where the cybersecurity jobs are in the U.S.

In addition to the well-known Washington D.C., California, Virginia and Maryland, other states are also becoming hubs for security-minded professionals: Colorado, just to name one. Different states have different targets. Virginia, for example, hosts many government jobs and information security analysts.

The table above was produced in 2018.

Let’s look at computer security analysts, who account for over half a million of U.S. jobs. “A location quotient greater than 1 means the occupation has a higher share of state or area employment than the national average.”

Areas with the highest location quotient for information security analysts, May 2018

Area Location quotient
California-Lexington Park, MD 7.33
Washington-Arlington-Alexandria, DC-VA-MD-WV 6.21

Figure 1: Data tables for OES area charts

Conclusion

Jobs in cybersecurity have the potential of paying well. However, not all professionals will automatically score six-figure salaries. A great deal will depend on a number of factors: the cybersecurity position title; the job description mentioning specific duties and required skills; experience and specialization; soft skills possessed; location of the job; certification held and much more.

 

Sources

  1. Thinking about a Career Move in Cybersecurity?, DarkReading.com
  2. Understanding Cybersecurity Work Roles and Job Titles, Quinnipiac University
  3. Why Consider a Career in Cybersecurity?, Center for Internet Security
  4. Discovering Cybersecurity Careers, NIST
  5. Cyber career profile cards, NICERC
  6. Jobs in Cyber Security, CyberDegrees.org
  7. Cybersecurity Jobs: Everything You Ever Wanted to Know, CompTIA, Inc.
  8. How much do cyber security professionals make?, Cyberwarzone.com
  9. Where Are the Highest Paying Cybersecurity Jobs?, Indeed
  10. Cybersecurity Spotlight 2018: Where Are the Highest Paid Jobs?, Indeed
  11. Compare Your Salary, Salary Explorer
  12. Salary Calculator, Indeed
  13. Dice 2020 Tech Salary Report, Dice Insights
  14. Information Security Analysts, U.S. Bureau of Labor Statistics
  15. CyberSeek’s interactive heat map, CyberSeek
  16. CyberSeek’s interactive career pathway, CyberSeek
  17. Transitioning from General IT to Cyber Security, CyberDegrees.org
  18. Average Information Security Analyst Salary, PayScale
  19. Average Cyber Security Analyst Salary, PayScale
  20. Average Cyber Security Engineer Salary, PayScale
  21. Top 5 Cybersecurity Jobs That Will Pay $200,000 to $500,000 In 2019, Cybersecurity Ventures
  22. Top Cyber Security Salaries In U.S. Metros Hit $380,000, Forbes
  23. How to Raise Your Salary in Cybersecurity, DarkReading.com
  24. How Cybersecurity Salaries Fit Experience and Specialization, Security Intelligence
  25. Why it’s the Right time to Build a Career in Cyber Security, TestPrepTraining
  26. Chief Information Security Officer Salary in the United States, Salary.com
  27. Would You Move for an IT Job? Here Are the Top Reasons IT Pros Relocate, CompTIA, Inc.
  28. In Cybersecurity, ‘Sales Engineers’ Rake in Higher Salaries Than Tech Workers, DarkReading.com
  29. 2019 US Cybersecurity Salary & Employment Study – which state has the best prospects?, Comparitech Limited