Professional development

How much can I make in cybersecurity?

Daniel Brecht
May 25, 2020 by
Daniel Brecht

Cybersecurity is a growing field, and with the shortage of specialists expected to grow and the prospect of up to 3.5 million unfilled job positions by 2021, it’s a good time to enter the profession.

In the cybersecurity labor market, there’s an increasingly high demand with a relatively low supply, so the potential for a lucrative career is definitely there. This is true, however, only for professionals that are able to develop the highly specialized skills that employers are looking for today. 

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Not all cybersecurity positions will earn you stellar salaries. As the cybersecurity demand grows, in fact, so does the job specialization with roles that are evolving and becoming more and more specific: security analysts or consultants, security architects or engineers, security administrators or software developers.

It is obvious that entry-level positions will be on the lower end of the IT pay scale, while security managers and executive level positions will command higher salaries. Job titles also have a role in a vacancy’s starting salary, as well as the skills you possess and how well they match what the employer is looking for.

Top cybersecurity roles

When Frederick Scholl scanned one of the most used job boards looking for positions available in cybersecurity, he found that many roles that employers were actually looking to fill are not even included in the comprehensive list of 52 listed by the 2017 Cybersecurity Workforce Framework. In addition, when looking at the top 24 positions within cybersecurity, sales professionals were at the forefront; they were followed by project managers, technical writers and, only then, security engineers and application security professionals. Sales engineers (SEs) could earn “higher salaries than tech workers,” confirmed Dark Reading, pointing out that this is the result of “the global cybersecurity industry looking to spend $1 trillion between 2017 and 2021”. The annual salary for these positions is between $110,000 and $150,000.

Research firm Cybersecurity Ventures also lists CISOs and security engineers in the top jobs. CISO compensation varies greatly from up to $420,000 paid by Fortune 500 companies in large cities to up to $200,000 paid by mid-sized companies. Deputy CISOs could earn compensation in the $200,000 to $250,000 range in large Fortune500 companies. Lead software security engineers, who couple technical with managerial skills, can earn over $225,000.

As per Dice Insights, cybersecurity specialists also tend to be well paid ($101,238 as of 2019 and up 1.5% from the year before, according to the Dice 2020 Tech Salary Report).

As we walk down the scale, we find that, according to PayScale, the average cybersecurity analyst salary is $75,875. More years of experience usually leads to more income.

Dice Insights confirms that “if you’re concerned about titles affecting your career earnings, avoid the ‘analyst’ role. It pays slightly less, and adding specialized skills doesn’t shift the needle very much.” In fact, “Job titles matter. If you want a decent cyber security salary, presenting yourself as an ‘engineer’ is your best bet: It’s a title that tends to pay on the higher end of the tech pro salary spectrum.”

CyberSeek’s interactive career pathway also shows key jobs within cybersecurity and their average yearly salaries (in addition to number of job openings) in such positions:

The cyber career profile cards by NICERC (National Integrated Cyber Education Research Center) show the potential of other career possibilities available in today’s workforce, such as:

  • Cyber operator: $100,000+ median salary
  • Cyber legal advisor: $92,000+ median salary
  • Cyber defense incident responder: $80,000+ median salary
  • Cyber forensics expert: $70,000+ median salary

Skills needed for cybersecurity jobs

CompTIA looked at the skills recommended in vacancy listings and data analyzed by CyberSeek between October 2018 and September 2019. In addition to normal requirements including the word “security,” it found that a number of specific knowledge items were recurring. One of them was Linux, a staple in many companies and for professionals asked to work also on Android phones.

Project management is also a frequently mentioned competence. This and other soft skills complete the background of a professional who is often asked to multitask between different projects in an effective and efficient way. Cyber professionals that can prove their talent to go beyond mere technical knowhow and theoretical knowledge by bringing in proven personal skills have normally an advantage in competition and might have access to higher salary within roles.

Significant factors in salaries 

Annual salaries can vary greatly by location, experience, skills and certification, for example. Skills in cybersecurity might earn cyber professionals higher pay than other IT practitioners; however, even within the same level of jobs, salaries vary greatly according to many factors.

Let’s look, for instance, at an information security analyst. According to the Occupational Outlook Handbook, these professionals had a median pay in 2018 of $98,350 per year or $47.28 per hour, with the lowest 10 percent earning less than $56,750 and the highest 10 percent earning more than $156,580. The median pay for all computer occupations, instead, was $86,320. The median salary, however, also differed by industry:

Computer systems design and related services $102,620

Finance and insurance 101,130

Information 96,580

Management of companies and enterprises 94,180

Administrative and support services 94,120

Location is also a heavy factor in the calculation. The same information security analyst has a chance to earn up to $191,550 in New York, up to $165,500 in Washington, DC, $187,020 in Mountain View, CA and $134,650 in Portland, OR.

The average salary for an information security analyst reported on Payscale.com is $71,747, with an average bonus possibility of $4,110 and profit sharing of $2,816. On this site, the differences from city to city are still highlighted, with an average salary of $80,927 in New York, $84,331 in Washington DC, $120,000 in Mountain View, CA and $82,281 in Portland Oregon.

Of course, salaries need to be put in perspective with the location where they are earned. In the table below, the “real” value of an information security specialist’s salary is shown in 15 cities. This shows that, once figures are adjusted for cost-of-living using data from the Bureau of Economic Analysis (BEA), an information security specialist might be “happier” in Austin, TX rather than in San Jose, CA.

Skills are also a relevant factor. According to Payscale.com, the information systems analyst that can prove cybersecurity skills has an average salary of $72,410, compared to $73,916 for security risk management skills and $65,009 for general IT support skills.

According to the 2019 IT Skills and Salary Report by Global Knowledge, some of the highest paying information security certifications in the U.S. are …

  • CISM: $132,919
  • CRISC: $128,556
  • CISSP: $123,815

Where the cybersecurity jobs are in the U.S.

In addition to the well-known Washington D.C., California, Virginia and Maryland, other states are also becoming hubs for security-minded professionals: Colorado, just to name one. Different states have different targets. Virginia, for example, hosts many government jobs and information security analysts.

The table above was produced in 2018.

Let’s look at computer security analysts, who account for over half a million of U.S. jobs. “A location quotient greater than 1 means the occupation has a higher share of state or area employment than the national average.”

Areas with the highest location quotient for information security analysts, May 2018

Area Location quotient

California-Lexington Park, MD 7.33

Washington-Arlington-Alexandria, DC-VA-MD-WV 6.21

Figure 1: Data tables for OES area charts

Conclusion

Jobs in cybersecurity have the potential of paying well. However, not all professionals will automatically score six-figure salaries. A great deal will depend on a number of factors: the cybersecurity position title; the job description mentioning specific duties and required skills; experience and specialization; soft skills possessed; location of the job; certification held and much more.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Sources

Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.