We often get questions about salaries in cybersecurity, and since they differ from company to company, it will be good to rely on publicly available information that will allow us to outline the issue from a broader perspective.
According to the data collected by (ISC)2 in the report “Cybersecurity Workforce Study 2021”, the global cybersecurity workforce is well-educated (86% have a bachelor’s degree or higher), technically grounded (most graduated with degrees in STEM and some from business fields). The average annual salary before taxes in the USA is about $90,900 — up from $83,000 among respondents in 2020, and $69,000 in 2019. While only 9% of the North American workforce reported a pre-tax salary below $50,000, the largest single North American grouping (49%) earned more than $100,000. But reality looks different in different parts of the world. Salaries and their distributions vary broadly by region. According to the same report, the average annual salary in Europe is around $78,000, in the Asia-Pacific region, it is $61,000. In Latin America, the average is around $32,000.
If we break down the cybersecurity workforce according to job profiles, their salaries look very different even just in the labor market in the USA. Security analysts, dealing with the vulnerabilities in the software, hardware and networks, also recommending the solutions, according to portal payscale.com (all data presented in this section comes from that source) can get around $81,000. The salary of a security engineer who performs security monitoring to detect incidents is about $104,000. One of the highest-paid professions in the industry is a security architect responsible for designing new security systems, his average salary is about $125,000. Security administrators’ average salary is $76,000, they manage the organization’s security systems and often perform tasks of the security analyst, especially in a smaller organization. Another job profile, a security software developer can get around $73,000, they implement security into applications’ software and develop software to monitor and analyze traffic to detect intrusion and malware. The chief information security officer (CISO) is a special case because it is a high-level management position responsible for maintaining the entire information security staff. According to the portal payscale.com, the average annual salary in that position is about $166,000.
However, when we take a closer look at the data, it turns out that experience level has an exceptionally large impact on salaries. For example, a security analyst with less than one year of experience can count on $65,000, employees with more than 20 years of experience in the same position receive an average of $112,000. Experience in a CISO position is even more important, as new managers can count on $106,000 and people with over 20 years of experience on average get $180,000. There are some cybersecurity leadership roles at large U.S. corporations offering one million dollars compensation packages. The recipients of these big pay packages include military cyber experts making a switch to the commercial sector.
One more thing. According to the mentioned (ISC)2 report there is a significant difference in average salaries between cybersecurity experts who have earned at least one cybersecurity certification compared to those who have not earned any. Those who have a cybersecurity certification earn $33,000 more in annual salary.
To put it in a nutshell, salaries in the cybersecurity industry vary widely. They are primarily influenced by the region of the world, experience, job profile and earned certificates. It is worth being aware of how the choice of a career path may affect income.