Cybersecurity Pay

Covers: Role/type, geolocation differences, and experience

Roles vary in payment based upon levels of responsibility and leadership, as seen in the table below with estimated means for each role or entry point. There are more entry level positions that are junior or associate that start in the 70K range, give or take, such as working as an analyst in a SIEM/MSSP environment. Overall, security jobs with a few years experience are around 100K and up. Based upon Zip Recruiter and other public data:

  • $200K CISO
  • $180K Principal Security Consultant
  • $140K Computer Network Architect
  • $130K Application Security Engineer
  • $130K Cybersecurity manager
  • $126K Cybersecurity Engineer
  • $115K Penetration Tester
  • $114K Cybersecurity Analyst
  • $110K IT Auditor
  • $75K Information Security Analyst
  • *91K is around the average, about $44 an hour. On the low end, we see $25 an hour or 52K a year, and on the higher average end nearly $70 an hour or 145K a year. These roles also come with other forms of financial benefit and pay such as paid time off, medical paid, matching 401K, stock and other perks.

Geolocation differences are accounted for by larger organizations, adjusting for cost of living. For example, it is more expensive in an Urban DC area to rent an apartment than in Nevada. Some companies will adjust accordingly. The author took relative costs of pay and salary, by state, and identified states with the highest, average, and lowest values. As you negotiate keep this in mind to offset the differences for your expenses and needs if you are to move to a state with higher costs:

StateAnnual SalaryRelative Ratio
New York$125,322 19%
Idaho$121,165 16%
California$120,759 16%
New Hampshire$118,747 14%
Vermont$114,392 11%
Maine$113,571 11%
Massachusetts$111,461 9%
Hawaii$111,252 9%
Nevada$109,765 7%
Washington$109,476 7%
Wyoming$109,289 7%
Arizona$109,043 7%
Tennessee$108,860 7%
Montana$108,255 6%
Connecticut$106,661 5%
New Jersey$106,606 5%
Indiana$106,249 4%
Minnesota$105,997 4%
Rhode Island$105,932 4%
West Virginia$105,743 4%
Alaska$105,204 3%
Oregon$104,821 3%
Maryland$102,971 1%
North Dakota$102,853 1%
Pennsylvania$102,742 1%
Wisconsin$100,582 -1%
Virginia$100,152 -1%
Ohio$99,408 -2%
Iowa$97,651 -4%
Nebraska$97,466 -4%
South Dakota$97,423 -4%
Colorado$96,887 -5%
Delaware$96,444 -5%
Utah$96,243 -6%
Alabama$95,752 -6%
New Mexico$95,461 -6%
South Carolina$95,278 -7%
Florida$93,882 -8%
Arkansas$93,443 -9%
Kansas$92,502 -10%
Oklahoma$92,358 -10%
Mississippi$91,720 -11%
Kentucky$91,519 -11%
Michigan$90,855 -12%
Texas$88,550 -15%
Missouri$88,479 -15%
Illinois$88,354 -15%
Georgia$88,209 -15%
Louisiana$84,525 -20%
North Carolina$79,872 -27%

Experience factors into pay as well, with a range for each role. For example, for legal and HR reasons, a SIEM/SOC analyst working within an MSSP may be given the title of “analyst” which could range from 60-75K. Once a person has achieved the highest levels of pay within that range they must be promoted to a new title to receive more, possibly something like “Senior Analyst” or a similar term as identified by HR for that company. For this reasons managers often consider how long a person may be satisfied in a role and how fast to promote and pay based upon that, such as a five year track normalizing to a maximum of 3K per year paid out for average pay increases. Keep in mind that cost of living adjustments (COLA) may not track with this, such as rapid inflation and costs at the gas pump, so you can actually be losing money (relatively) each year if you don’t get at least a 3-5% raise each year. This becomes degraded math as you get into the higher brackets of pay as the percentage ratio become less relevant. Also keep in mind that leadership is where more scalable income tends to come into play with bonuses and stock, compared to the engineering track.