Question: How much do cybersecurity professionals earn annually? Cybersecurity salaries by degree and position
Updated: January 23, 2023
Answer: Salaries for cybersecurity professions depend on a number of important variables, including but not limited to an individual’s qualifications, level of educational attainment, and professional certifications. In addition, pay varies by specialization and by region. However, cybersecurity ranks at or near the top for in-demand IT positions, which translates to relatively high salaries, even for entry level professionals. Entry level salaries in cybersecurity often start around $50,000 per year, and that number goes up based factors such as years of experience in the field, educational attainment, and professional certifications.
Cybersecurity is a rapidly growing field in which demand for trained professionals continues to outpace the supply of new talent. As businesses throughout the economy, organizations of all types, and government agencies at the federal, state, and local level deploy networked IT systems, they create opportunities for incursions by bad actors. That translates to job openings for technicians who have cyber defense and information security skills. According to the U.S. Bureau of Labor Statistics (bls.gov), cyber specialists are among the highest paid professionals throughout the IT workforce*, earning more on average than all but the most highly skilled engineers, architects, and developers.
Median Annual Salaries for Cyber and Information Security Professionals
BLS.gov pegged the annual wage for information security analysts at over $100,000 in its 2022 Occupational Outlook Handbook. That’s about $5,000 higher than the median salary for all computer-based occupations. BLS.gov also expects the number of professionals employed in information security analysis positions to grow by 35% in the next decade, which should keep both demand strong and salaries high.
Using a different methodology and a number of different designations for cyber professionals, Glassdoor, a jobs and recruiting marketplace, lists a broader range of salaries in cybersecurity fields, with information security officers earning more than $100,000 per year, and computer security specialists earning just under $70,000 per year.
The software and salary survey company PayScale shows a similar variance in compensation by title, with information security analyst earning roughly $75,000 per year and information security managers earning more than $120,000 per year.
The table below provides an overview of median salaries for cyber and information security professionals as determined by the BLS.gov, Glassdoor, and PayScale.
| Title | Annual Salary |
|---|---|
| Information Security Manager (PayScale) | $122,990 |
| Information Security Officer (Glassdoor) | $102,620 |
| Information Security Analyst (BLS.gov) | $102,600 |
| Cyber Security Engineer (PayScale) | $98,807 |
| Information Security Engineer (Glassdoor) | $98,765 |
| IT Security Consultant (Glassdoor) | $98,425 |
| Information Security Specialist (Glassdoor) | $86,429 |
| Cyber Security Analyst (Glassdoor) | $82,808 |
| Cyber Security Analyst (PayScale) | $78,381 |
| Information Security Analyst (PayScale) | $75,418 |
| Computer Security Specialist (Glassdoor) | $67,604 |
Variations in Salary by Experience, Geography, Professional Certification, and Educational Attainment
As noted above, salaries in the field of cybersecurity can vary greatly based on several factors, including: experience level, where a professional lives, any relevant professional certifications, and whether a professional has earned a degree in cybersecurity. Each one of these factors is explored in the sections below.
Average Salary Levels By Experience Level
As in any field, salaries are lower for entry-level cybersecurity jobs than for positions that require five or more years of experience. Senior cyber professionals earn comparatively more than those who are early in their career. CompTIA, an IT industry trade association that administers professional certification programs, compiles salary ranges for beginning, intermediate and advanced cybersecurity specialists. The ranges are as follows:
- Beginning: $61,520 – $102,600
- Intermediate: $79,400 – $131,340
- Advanced: $102,600 – $165,920
CompTIA estimates that there were nearly 800,000 openings for cybersecurity professionals during the 12-month period ending in September, 2022, based on an analysis of data from CyberSeek, a workforce analytics platform developed by the National Initiative for Cybersecurity Education (NICE) in partnership with the labor market analytics company Lightcast and CompTIA. The analysis found that for every 65 cyber professionals in the labor market, most of whom were fully employed, there were 100 open job positions, based on posting volume.
Average Salary Levels by Geography
It is important to note that demand for cybersecurity professionals does vary depending on location. For example, CyberSeek tracks job postings by state, revealing asymmetries in demand for cyber talent. Larger states, including California, Colorado, Florida, Illinois, New York, Pennsylvania, Texas, and Virginia have the largest number of job openings for cyber professionals. Postings are lowest in states with smaller populations, such as Wyoming, Montana, and South Dakota. However, salaries don’t align precisely with the volume of job postings. Instead, they depend on multiple factors, including levels of demand, available talent pool, and cost of living.
The table below provides an overview of average cybersecurity salaries by a selection of states, based on data collected by job search engine ZipRecruiter and data from BLS.gov (May 2021) on the average annual salaries for Information Security Analysts.
| State | Annual Cybersecurity Salary (ZipRecruiter) | Annual Information Security Analyst Salary (BLS.gov) |
|---|---|---|
| Alabama | ||
| Arizona | ||
| California | ||
| Colorado | ||
| Florida | ||
| Massachusetts | ||
| Michigan | ||
| Minnesota | ||
| New York | ||
| North Carolina | ||
| Ohio | ||
| Pennsylvania | ||
| Texas |
Note: It is important to note that even salaries within a state can vary based on a professional’s location and demand in their area of residence.
Average Salary Levels by Professional Certification
Professional certifications in relevant fields such a cybersecurity, information assurance, computer science, and information technology are typically correlated with salary levels. CompTIA’s Security+ certification was the most commonly required or requested professional credential in CyberSeek job postings, followed by ISC2’s Certified Information Systems Security Professional (CISSP), SANS Institute’s Global Information Assurance Certification (GIAC), and ISACA’s Certified Information Systems Auditor (CISA).
Four of the top paying IT certifications in 2022, based on analysis by the software company Skillsoft, are the cybersecurity credentials listed below, along with average salary data:
- ISACA’s Certified Information Security Manager (CISM): $162,347.07
- (ISC)²’s Certified Information Systems Security Professional (CISSP): $158,190.79
- AWS Certified Security- Specialty: $149,740.74
- ISACA’S Certified Information Systems Auditor (CISA): $142,336.58
Average Salary Levels by Degree Level
Employers typically pay more for cybersecurity professionals who hold a bachelor’s or a master’s degree, and some may require or prefer candidates who have a degree in cybersecurity or a related technical field. PayScale’s salary data shows the progression from a two-year associates degree to an advanced graduate degree in cybersecurity:
- Associate of Applied Science (A.A.S.) in Cybersecurity — $55,000
- Bachelor of Science (B.S.) in Cybersecurity — $74,000
- Master of Science (M.S.) in Cybersecurity — $93,000
It is important to note that earning a degree in cybersecurity does not guarantee a certain level of pay and that average salaries by educational attainment vary over time. In addition, degree programs in cybersecurity are a relatively new offering by colleges and universities; therefore, related degree programs in computer science, information technology, electrical engineering, or another relevant field can often be used to enter the field of cybersecurity. Finally, cybersecurity is an applied field in which being able to do the work — i.e., having the knowledge, skills, and abilities (KSAs) detailed in our Guide to Careers in Cybersecurity — is paramount. Those KSA can be cultivated in degree programs, bootcamps, professional certification programs, on the job, in the military, or through any combination of these and other formal and applied learning experiences.
*Disclaimer: Please note, the salaries and compensation levels mentioned in this FAQ are not guaranteed and should only be used by students and professionals as one piece of data as they research careers and salaries. Compensation can and does vary significantly based on a person’s geographical region, experience in the field, technical competency, educational background, professional certifications, and more.
Careers in Cybersecurity FAQs:
Be Informed
For more information on our research methods, data sources, program classifications, and other important information to consider while visiting this site, please review our Sources and Disclaimers page.