Professional development

Salary transparency in cybersecurity: You get paid *how* much?

Patrick Mallory
January 27, 2022 by
Patrick Mallory

The relationship between pay and job satisfaction has always been a complex one. 

While some studies note a pretty direct link between high pay and high job satisfaction, others find only limited positive effects, if any. 

However, in a time when there are record job openings and a higher than ever awareness of the value of technology and cybersecurity professionals, the dynamic between workers, employers and their pay has become even more difficult to navigate.

So much so that the long-held taboo of keeping one's salary private and not asking others about theirs is also breaking down. This has given rise to several crowdsourced and private salary databases to benchmark salaries and even a new state law requiring salary transparency.

In its wake, cybersecurity professionals, among others, have been using these new sources of salary information to help with boosting their own salary prospects.

So what does this new push for salary transparency mean for cybersecurity professionals and the sector as a whole?

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

New drivers behind salary transparency

While the high demand for technology and cybersecurity professionals is nothing new, some eye-catching headlines have recently emerged surrounding pay in these fields.

One of the most notable was Colorado's pay transparency law, known more formally as the 2019 Equal Pay For Equal Work Act, which went into effect on Jan. 1, 2021. This new law requires employers to, among other things, include compensation in job postings. In response, dozens of companies have excluded job postings from displaying in the state for remote-based positions to prevent them from posting their associated hiring salary ranges. 

While the impact to workers in this state is still not understood, there have been other instances further bolstering the salary transparency push to gain traction. In one case, equal pay advocates and current and former Apple employees were angered by the company's recent decision to ban a Slack channel that employees used to share and discuss salaries. 

In addition, organizations like Candor and Payscale are creating more formal methods to collect and organize salary data collected directly from employees. In Candor's case, their mission is to "[crowdsource] a database of salaries for jobs in the technology industry to give employees good intelligence for job negotiations." 

Finally, there have even been crowd-sourced or grassroots efforts to collect and compile salary data specifically for those in the cybersecurity field. One, in particular, that is making the rounds on LinkedIn, and social media, can be found here, boasting over 860 entries even though the individual(s) behind the survey are not confirmed

Potential impacts of increased salary transparency

So what could increased salary transparency mean for both employees and their employers? 

Unfortunately, it can depend on who you ask and why you ask.

Some of the commonly heard benefits of increased salary transparency include:

  • More awareness of and an opportunity to close the gender and other minority pay gap 
  • An opportunity to focus more on the benefits, culture, and purpose or mission of the organization than just pay, as seen with research institutions and public sector positions
  • Removing concerns about being underpaid, which people always assume that they are, allows for more productivity and cohesion within teams
  • Supporting the growing number of private sector companies that practice salary transparency 
  • It can help to boost retention as, according to a Glassdoor study, nearly half (49 percent) of employees "feel they must switch companies to obtain a meaningful change in compensation"

Finally, advocates for salary transparency often note that many employers use salary benchmarks internally when making their salary ranges to stay competitive.

On the other hand, those against growing salary transparency have noted that it could have some potentially negative consequences, including:

  • It could make it more difficult for smaller businesses and public sector organizations to attract and retain talent if potential talent is looking based on salary data
  • Employees or functions within an organization will feel discouraged or angry at one another if pay disparity exists
  • The fact that pay differences can be taken out of context, such as when employee tenure, years of experience or other factors are not included in salary disclosures

Initial trends in recent salary data

So what, if anything, can we glean from the growing amount of crowdsourced and employee-driven pay data? And how does it compare to more "official" data sources?

According to CompariTech's 2022 U.S. Cybersecurity Salary and Employment Study, the average salary for cybersecurity roles (regardless of state and years of experience) was nearly $95,000 per year, increasing 2.4 percent from 2018. Based on the same study, Virginia, Texas and New York were the top three states based on salary.

On the other hand, the crowdsourced datasheet showed an average salary of $121,000 (not including student positions), with states like Virginia, Texas and New York also making appearances at the top end of the salary range and California.

While the crowdsourced data relies on the honesty of those supplying information, the data more readily allows users to filter by remote versus not, tenure, job history and title, which can help job hunters obtain a bit more information to supplement their research. It is also important to note that the crowdsourced datasheet also captures "total compensation," including bonuses.

Both methods, however, do not include degree or certification levels or reveal demographic information, something salary transparency advocates are hoping to overcome.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Finding cybersecurity salary information

The job market is constantly in flux and can be difficult to navigate, even for experienced technology and cybersecurity professionals. The same can also be said for employers who have had trouble retaining and hiring skilled security professionals for years.

What the rising call for salary transparency and crowdsource salary databases will do to further disrupt and complicate the job market will have to wait to be seen.



Patrick Mallory
Patrick Mallory

Patrick’s background includes cyber risk services consulting experience with Deloitte Consulting and time as an Assistant IT Director for the City of Raleigh. Patrick also has earned the OSCP, CISSP, CISM, and Security+ certifications, holds Master's Degrees in Information Security and Public Management from Carnegie Mellon University, and assists with graduate level teaching in an information security program.

Patrick enjoys staying on top of the latest in IT and cybersecurity news and sharing these updates to help others reach their business and public service goals.