Data breaches happen so often that it’s easy to gloss over the headlines, but the fallout is much harder for companies to ignore: hacks are not just embarrassing, but can lead to serious financial and reputational damage. So, it’s not surprising that there’s high demand for cyber security professionals, and that those who are up to the task are generously compensated. In fact, Computerworld reported that cyber security was the third most highly sought-after skill (right behind app development and tech support), according to managers who planned to expand their IT staff in 2017. In the same report, John Reed, the senior executive director of IT staffing firm Robert Half Technology, pointed out that many companies regularly have vacancies due to their inability to find suitable candidates.
Not only are cyber security skills in peak demand, but according to Computerworld’s 2017 IT Salary Survey Results, security is the third highest-paying IT specialty (after cloud computing and ERP) . But not all cyber-sec jobs pay the same. A handful of positions stand above the rest, at least in terms of compensation.
Here are some of the highest paying cyber security jobs:
According to the compensation information website PayScale.com, a chief security officer earns a median salary of $135,768, with the possibility of another ~$100,000 in profit sharing and bonuses. But Paul Wallenberg, unit manager of technology services at recruiting firm LaSalle Network, told Computerworld that CISOs earn $200,000 to $500,000 in total compensation. Robert Half’s 2018 salary guide lists the midpoint for CISOs at $170,000, with a range between $143,250 and $241,000. Computerworld itself listed the average as $150,929, with an average $22,379 bonus.
According to PayScale, the median salary for senior security consultants is $105,840. Salaries range from $76,296 to $142,474, with the possibility of additional compensation in the form of commissions, profit sharing, and bonuses bumping up the high end of pay to $156,355. Robert Half’s 2018 salary guide lists the range for senior consultants/project managers of all stripes (not just security) as $96,000 to $162,000.
The role often has an education component as well: security engineers help people within an organization improve awareness through security training programs and other strategies. Security team leads do everything security engineers do, and then some: they provide leadership from within their own team, but don’t have a traditional management role. This typically entails overseeing and delegating to a small development team, mentoring newer developers, overseeing any work done on the project, and communicating closely with management—but from within their position as part of the company’s technical staff.
Security engineers typically report to a team lead, or a software manager or director, who in turn reports to the CISO. Security engineers typically earn around $130,000, according to Wallenberg, but security team leads earn $170 to $180k. According to PayScale.com, a cyber security engineer earns an average salary of $96,359 per year, with the possibility of additional compensation ranging from $2000 to $40,000 in the form of bonuses and profit sharing.
PayScale lists the average salary for data security analysts as $62,653, with a salary range between $46,243 and $89,003. But according to the Robert Half Technology guide, data security analysts earn anywhere from $102,000 to $171,500, with a median salary hovering around $121,000.
According to PayScale, penetration testers salaries vary widely based on experience level, company and locale, ranging from $47,000 to $130,000.
According to Dupree, salary ranges for these positions can be $100,000 and up. Certified IT security auditors can earn as much as $170,000 at the director level, and cloud security architect salaries top out at $181,000. Application security architects earn as much as $180,000, and infrastructure security architects can make as much as $160,000. Wages for security awareness training personnel are on the lower end (around $52,000), but vendor risk management professionals can earn as much as $126,000.
Astute Solutions director of information security Chris Conner is seeing a growing list of security roles and specialties as well, such as:
According to Conner, privacy and compliance directors’ salaries are in the mid-$100,000s, while cloud security specialists and software security specialists earn anywhere from $120,000 to $150,000 a year. The cyber security ecosystem continues to shift, with responsibilities shifting and new roles and specialties emerging. These are just a few to keep an eye on.