Growing at a rate that is outpacing all other areas of IT, cybersecurity has emerged as the high-growth field of 2017, and possibly of the entire decade. Between 2012 and 2017, postings for cybersecurity jobs increased by 75 percent according to analysis of data from the Bureau of Labor Statistics. All signs point to a continued acceleration in job openings and salaries.
According to Cyberseek, a project sponsored by the National Institute of Standards and Technology (NIST), there were nearly 750,000 cybersecurity workers in the United States in 2017. In just one niche – information security analysis – the BLS projects a 25 percent increase in positions by 2026.
- Grand Canyon University - B.S. and M.S. in Cyber Security
- SNHU - B.S and M.S. in Cybersecurity
- Purdue Global - Bachelor of Science in Cybersecurity
- Arizona State University - Online Master of Arts in Global Security
- ECPI University - Cyber and Network Security - Bachelor's
The increase in demand has led to a lot of unfilled positions—Cyberseek found more than 285,000 unfilled positions in the field. (ISC)2’s 2015 Global Information Security Workforce report found that 62 percent of respondents said their company did not have enough security professionals on staff—a 6 percent rise from the 2013 survey. The organization projects a 1.5 million person shortfall in qualified cybersecurity workers by 2020.
That kind of demand can do nothing but put upward pressure on the starting salaries companies have to offer to recruit new talent, and just as much so on mid-career salaries to retain senior staff in an industry known for headhunting.
Cybersecurity Salaries are Way Up in Recent Years
Qualifications are key to landing the most coveted jobs. ISACA, one of the major certification agencies, found that 84 percent of hiring companies believed that half or more of those applying for open positions were unqualified.
The difficulty finding competent candidates to fill those positions has been driving up salaries at an equally astounding clip. A 2017 ESG/ISSA research report found 69 percent of organizations planned to increase cybersecurity spending in 2017, and 39 percent reported that improving their security posture was one of their highest business initiatives driving IT spending.
According to the 2018 Robert Half Technology & IT Salary Guide, experienced IT professionals, including cybersecurity professionals, enjoy above-market pay, multiple job offers, and attractive financial incentives, including stock options and flexible work schedules.
Cybersecurity salaries rose an average of 6.3 percent between 2015 and 2016:
- Data Security Analyst: 7.1 percent
- Systems Security Administrator: 6.1 percent
- Network Security Administrator: 5.3 percent
- Network Security Engineer: 6.7 percent
- Information Systems Security Manager: 6.2 percent
The top earners among cybersecurity professionals in 2017 were:
- Chief Security Officers, earning between $145,000 and $248,000
- Data security analysts, who earned between $102,000 and $171,500
- Systems security administrators who earned between $92,750 and $156,00
- Network security administrators who earned between $92,000 and $155,000
A number of variables continue to influence cybersecurity salaries, including:
- Years of experience
- Location
- Title
- Education
- Industry
- Professional certifications
Find Cybersecurity Salary Info By State
- Alabama
- Alaska
- Arizona
- Arkansas
- California
- Colorado
- Connecticut
- Delaware
- District of Columbia
- Florida
- Georgia
- Hawaii
- Idaho
- Illinois
- Indiana
- Iowa
- Kansas
- Kentucky
- Louisiana
- Maine
- Maryland
- Massachusetts
- Michigan
- Minnesota
- Mississippi
- Missouri
- Montana
- Nebraska
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- North Carolina
- North Dakota
- Ohio
- Oklahoma
- Oregon
- Pennsylvania
- Rhode Island
- South Carolina
- South Dakota
- Tennessee
- Texas
- Utah
- Vermont
- Virginia
- Washington
- West Virginia
- Wisconsin
- Wyoming
Cybersecurity Salaries by Location
As expected, some of the highest earners in cybersecurity are located in the nation’s largest cities and technology hubs. As the birthplace of Google and Apple, it’s no surprise that data security analysts in San Francisco come in hot at $240,100. But it might surprise you that those in New York actually top out the list at $240,958.
That’s the story of the spread of cybersecurity jobs over the past few years. While traditional technology hubs like Seattle and Austin, with anchor companies like Amazon, Facebook, and Microsoft remain big players in pushing up cybersecurity salaries, you will also find a lot of increasingly hot jobs collocated in even older centers of business and government.
Boston continues to attract new talent to its Innovation District with top salaries, while both the Dulles Tech Corridor and federal government agencies pull in recruits to the Washington D.C. area. Cybersecurity has become enormously relevant to organizations of every size and specialty. Those with big networks to protect are paying top dollar to bring talent wherever those hubs are at.
Seattle
- Data Security Analyst: $123,420 – $207,515
- Systems Security Administrator: $112,228 – $188,760
- Network Security Administrator: $111,320 – $187,550
- Network Security Engineer: $117,370 – $197,230
- Information Systems Security Manager: $139,452 – $235,042
Portland
- Data Security Analyst: $109,140 – $183,505
- Systems Security Administrator: $99,242 – $166,920
- Network Security Administrator: $109,961 – $156,555
- Network Security Engineer: $98,440 – $165,850
- Information Systems Security Manager: $123,318 – $207,848
San Francisco
- Data Security Analyst: $142,800 – $240,100
- Systems Security Administrator: $129,850 – $218,400
- Network Security Administrator: $128,800 – $217,000
- Network Security Engineer: $135,800 – $228,200
- Information Systems Security Manager: $161,350 – $271,950
Los Angeles
- Data Security Analyst: $133,620 – $224,665
- Systems Security Administrator: $121,502 – $204,360
- Network Security Administrator: $120,520 – $203,050
- Network Security Engineer: $127,070 – $213,530
- Information Systems Security Manager: $150,978 – $254,468
Sacramento
- Data Security Analyst: $107,100 – $180,075
- Systems Security Administrator: $97,388 – $163,800
- Network Security Administrator: $96,600 – $162,750
- Network Security Engineer: $101,850 – $171,150
- Information Systems Security Manager: $121,012 – $203,962
San Diego
- Data Security Analyst: $128,520 – $216,090
- Systems Security Administrator: $116,865 – $196,560
- Network Security Administrator: $115,920 – $195,300
- Network Security Engineer: $122,220 – $205,380
- Information Systems Security Manager: $145,215 – $244,755
Denver
- Data Security Analyst: $111,180 – $186,935
- Systems Security Administrator: $101,098 – $170,040
- Network Security Administrator: $100,280 – $168,950
- Network Security Engineer: $105,730 – $177,670
- Information Systems Security Manager: $125,623 – $211,733
Houston
- Data Security Analyst: $109,140 – $183,505
- Systems Security Administrator: $99,242 – $166,920
- Network Security Administrator: $98,440 – $165,850
- Network Security Engineer: $103,790 – $174,410
- Information Systems Security Manager: $123,318 – $207,848
Austin
- Data Security Analyst: $110,160 – $185,220
- Systems Security Administrator: $100,170 – $168,480
- Network Security Administrator: $99,360 – $167,400
- Network Security Engineer: $104,760 – $176,040
- Information Systems Security Manager: $124,470 – $209,790
Philadelphia
- Data Security Analyst: $117,300 – $197,225
- Systems Security Administrator: $106,662 – $179,400
- Network Security Administrator: $105,800 – $178,250
- Network Security Engineer: $111,550 – $187,450
- Information Systems Security Manager: $132,538 – $223,387
Kansas City
- Data Security Analyst: $101,490 – $170,642
- Systems Security Administrator: $92,286 – $155,220
- Network Security Administrator: $91,540 – $154,225
- Network Security Engineer: $96,515 – $162,185
- Information Systems Security Manager: $114,674 – $193,279
Minneapolis
- Data Security Analyst: $109,140 – $183,505
- Systems Security Administrator: $99,242 – $166,920
- Network Security Administrator: $98,440 – $165,850
- Network Security Engineer: $103,790 – $174,410
- Information Systems Security Manager: $123,318 – $207,848
Atlanta
- Data Security Analyst: $108,120 – $181,790
- Systems Security Administrator: $98,315 – $165,360
- Network Security Administrator: $97,520 – $164,300
- Network Security Engineer: $102,820 – $172,780
- Information Systems Security Manager: $122,165 – $205,905
Baltimore
- Data Security Analyst: $105,060 – $176,645
- Systems Security Administrator: $95,532 – $160,680
- Network Security Administrator: $94,760 – $159,650
- Network Security Engineer: $99,910 – $167,890
- Information Systems Security Manager: $118,708 – $200,078
Washington D.C.
- Data Security Analyst: $135,660 – $228,095
- Systems Security Administrator: $123,358 – $207,480
- Network Security Administrator: $122,360 – $206,150
- Network Security Engineer: $129,010 – $216,790
- Information Systems Security Manager: $153,282 – $258,352
Boston
- Data Security Analyst: $136,680 – $229,810
- Systems Security Administrator: $124,285 – $209,040
- Network Security Administrator: $123,280 – $207,700
- Network Security Engineer: $129,980 – $218,420
- Information Systems Security Manager: $154,435 – $260,295
New York City
- Data Security Analyst: $143,310 – $240,958
- Systems Security Administrator: $130,314 – $219,180
- Network Security Administrator: $129,260 – $217,775
- Network Security Engineer: $136,285 – $229,015
- Information Systems Security Manager: $161,926 – $272,921
Chicago
- Data Security Analyst: $125,970 – $211,803
- Systems Security Administrator: $114,546 – $192,660
- Network Security Administrator: $113,620 – $191,425
- Network Security Engineer: $119,795 – $201,305
- Information Systems Security Manager: $142,334 – $239,899
All salary information by location comes from the Robert Half 2018 Technology & IT Salary Guide. The ranges shown account for differences in experience, education and certification among professionals in the same role.
The Effect of Experience and Education on Cybersecurity Salaries
It’s no surprise that employers are willing to pay more to candidates who have more knowledge and bring greater value to the table. You can get that knowledge through advanced education or years of experience, but there are qualitative differences to consider when evaluating those factors on your earning potential.
Three quarters or more of new cybersecurity positions already require a bachelor’s degree or higher, but reaching for even more education can pay off quickly.
A SANS institute survey found that having an advanced degree meant receiving a higher salary sooner than someone with a lesser degree entering the same position. The Robert Half 2018 survey notes that employers may raise base salaries from five to ten percent for candidates with certain certifications or specialized skills. That could be the difference between the $123,420 starting salary of a data analyst in Seattle versus starting closer to the mid-point salary of $146,410.
An advanced degree remains a predictor of high salaries throughout your career. Robert Half also cites soft skills and leadership abilities as qualities that will be highly valued in the industry. Management track positions frequently go to those with master’s degrees or higher.
Experience plays a slightly different role.
According to a 2015 survey from job market research and staffing firm Burning Glass Technologies, 83 percent of cybersecurity job listings require three or more years of experience. Of course, this analysis does not necessarily reflect who is being hired—HR departments famously sometimes ask for three years of experience in technologies that are only one year old—but the more you have seen the more highly valued you will be.
You can expect to make more with more experience under your belt, but there are diminishing returns. Based on the SANS survey, you can expect salary bumps as your experience increases, but the percentage increase is likely to be highest early in your career.
- 4-6 years of experience: 20 percent
- 7-10 years of experience: 16 percent
- 11-15 years of experience: 13 percent
- 16-20 years of experience: 5 percent
It’s also the case that promotion comes rapidly and many cybersecurity professionals will switch specialties and roles a number of times in their career. The hottest specialty in five years may be a technology that hasn’t even been invented yet. Maintaining your educational credentials will continue to provide the biggest dividends over the course of your career.
Cybersecurity Salaries by Title
Cybersecurity salaries for members of management, including directors, information and network security analysts, administrators, and others remain about 22 percent higher than what non-management cybersecurity professionals earn, regardless of how many years of experience they may have.
As of 2017, Robert Half reported the following average salaries, according to title:
- CISO/CSO: $170,000
- Security director/manager: $137,000
- IT director/manager: $141,000
- Security analyst: $121,000
- Network security engineer: $115,000
- Systems security administrator: $110,000
- Auditor: $109,750
- Network security administrator: $109,250
- Systems engineer/integrator: $101,000
- Security engineer/architect: $106,630
Cybersecurity Salaries by Professional Certification
According to Robert Half, professional certifications provide a 5 to 10 percent average increase in compensation. Perhaps more importantly, Burning Glass found that more than a third of positions required a certification as part of their job requirements.
This means the right professional certification will not only boost your salary, but can also help you get the job in the first place.
Based on aggregated data from 2014 to 2017, the top five certifications recognized for the impact they can have on a cybersecurity professional’s earning potential are:
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Chief Information Security Officer (CCISO)
- Check Point Certified Security Administrator
- Certified in Risk and Information Systems Control (CRISC)
- GIAC Certified Incident Handler (GCIH)
Some certificates are clearly worth more than others, but that’s only part of the story. A 2017 analysis by IAPP (International Association of Privacy Professionals), showed that having multiple certifications was actually the most lucrative option. Median pay for those staff was $137,200 versus $125,000 for those with only one certificate. Moreover, those people were 24 percent more likely to receive a bonus than people with no credentials whatsoever.
And it’s also true that some certifications have more limited application than others. Although the CSSLP provides the biggest boost to your earning potential, it’s also a very specialized certificate with a relatively low number of positions available.
Your best bet for identifying the right certificate for you is to identify the specific position you plan to apply for and look at the certifications available that apply to that specialty and see how they rank against one another.