Salary transparency in cybersecurity: You get paid *how* much?
The relationship between pay and job satisfaction has always been a complex one.
While some studies note a pretty direct link between high pay and high job satisfaction, others find only limited positive effects, if any.
However, in a time when there are record job openings and a higher than ever awareness of the value of technology and cybersecurity professionals, the dynamic between workers, employers and their pay has become even more difficult to navigate.
So much so that the long-held taboo of keeping one's salary private and not asking others about theirs is also breaking down. This has given rise to several crowdsourced and private salary databases to benchmark salaries and even a new state law requiring salary transparency.
In its wake, cybersecurity professionals, among others, have been using these new sources of salary information to help with boosting their own salary prospects.
So what does this new push for salary transparency mean for cybersecurity professionals and the sector as a whole?
FREE role-guided training plans
New drivers behind salary transparency
While the high demand for technology and cybersecurity professionals is nothing new, some eye-catching headlines have recently emerged surrounding pay in these fields.
One of the most notable was Colorado's pay transparency law, known more formally as the 2019 Equal Pay For Equal Work Act, which went into effect on Jan. 1, 2021. This new law requires employers to, among other things, include compensation in job postings. In response, dozens of companies have excluded job postings from displaying in the state for remote-based positions to prevent them from posting their associated hiring salary ranges.
While the impact to workers in this state is still not understood, there have been other instances further bolstering the salary transparency push to gain traction. In one case, equal pay advocates and current and former Apple employees were angered by the company's recent decision to ban a Slack channel that employees used to share and discuss salaries.
In addition, organizations like Candor and Payscale are creating more formal methods to collect and organize salary data collected directly from employees. In Candor's case, their mission is to "[crowdsource] a database of salaries for jobs in the technology industry to give employees good intelligence for job negotiations."
Finally, there have even been crowd-sourced or grassroots efforts to collect and compile salary data specifically for those in the cybersecurity field. One, in particular, that is making the rounds on LinkedIn, and social media, can be found here, boasting over 860 entries even though the individual(s) behind the survey are not confirmed.
Potential impacts of increased salary transparency
So what could increased salary transparency mean for both employees and their employers?
Unfortunately, it can depend on who you ask and why you ask.
Some of the commonly heard benefits of increased salary transparency include:
- More awareness of and an opportunity to close the gender and other minority pay gap
- An opportunity to focus more on the benefits, culture, and purpose or mission of the organization than just pay, as seen with research institutions and public sector positions
- Removing concerns about being underpaid, which people always assume that they are, allows for more productivity and cohesion within teams
- Supporting the growing number of private sector companies that practice salary transparency
- It can help to boost retention as, according to a Glassdoor study, nearly half (49 percent) of employees "feel they must switch companies to obtain a meaningful change in compensation"
Finally, advocates for salary transparency often note that many employers use salary benchmarks internally when making their salary ranges to stay competitive.
On the other hand, those against growing salary transparency have noted that it could have some potentially negative consequences, including:
- It could make it more difficult for smaller businesses and public sector organizations to attract and retain talent if potential talent is looking based on salary data
- Employees or functions within an organization will feel discouraged or angry at one another if pay disparity exists
- The fact that pay differences can be taken out of context, such as when employee tenure, years of experience or other factors are not included in salary disclosures
Initial trends in recent salary data
So what, if anything, can we glean from the growing amount of crowdsourced and employee-driven pay data? And how does it compare to more "official" data sources?
According to CompariTech's 2022 U.S. Cybersecurity Salary and Employment Study, the average salary for cybersecurity roles (regardless of state and years of experience) was nearly $95,000 per year, increasing 2.4 percent from 2018. Based on the same study, Virginia, Texas and New York were the top three states based on salary.
On the other hand, the crowdsourced datasheet showed an average salary of $121,000 (not including student positions), with states like Virginia, Texas and New York also making appearances at the top end of the salary range and California.
While the crowdsourced data relies on the honesty of those supplying information, the data more readily allows users to filter by remote versus not, tenure, job history and title, which can help job hunters obtain a bit more information to supplement their research. It is also important to note that the crowdsourced datasheet also captures "total compensation," including bonuses.
Both methods, however, do not include degree or certification levels or reveal demographic information, something salary transparency advocates are hoping to overcome.
FREE role-guided training plans
Finding cybersecurity salary information
The job market is constantly in flux and can be difficult to navigate, even for experienced technology and cybersecurity professionals. The same can also be said for employers who have had trouble retaining and hiring skilled security professionals for years.
What the rising call for salary transparency and crowdsource salary databases will do to further disrupt and complicate the job market will have to wait to be seen.
Sources
- Perhaps money can buy you happiness — at least, at work, CNBC
- The relationship between pay and job satisfaction, Science Direct
- Economic oddity: Record job openings and many unemployed, AP News
- The growing need for cybersecurity professionals, Villanova University
- Equal Pay for Equal Work Act, Part 2, Colorado Dept. of Labor and Employment
- Some employers are excluding Colorado applicants for remote work, SHRM
- Does pay transparency close the gender wage gap, Payscale
- Should you share your salary with co-workers?, Time
- Global salary transparency survey, Glassdoor
- Apple bans pay equity Slack channel, The Verge
- 2022 U.S. cybersecurity salary & employment study, Comparitech
In this Series
- Salary transparency in cybersecurity: You get paid *how* much?
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity