ISC2 study pegs average US cybersecurity salary at $147K, up from $119K in 2021
Salaries for cybersecurity professionals have jumped more than 23% since 2021, according to the 2024 annual workforce study from ISC2, the organization that maintains and administers the CISSP certification exam.
The average salary for a cybersecurity professional in 2023 was $147,138, compared to $119,000 in 2021, reported the study, which is based on a survey of nearly 15,000 participants, although salary data was collected only from US participants, representing about a third of the total survey sample.
As might be expected, average salaries varied by experience and job level. Average salaries of entry and junior-level cyber pros were $86,000; non-managerial and mid-advanced staff averaged $137,000; managers, $149,000; directors and middle managers, $175,000; and C-suite and executive management, $215,000.
The US salary rates at the seniority levels are highly encouraging, the study noted, especially when compared to the median wage of $59,428.
Intense, unacknowledged nature of cybersecurity may discourage potential candidates
“The salaries are getting higher in cybersecurity, and the gap between males and females is closing,” said ISC2 CEO Clar Rosso. “Nonetheless, we are still seeing issues with hiring people in the profession.”
“Despite the higher compensation, the intense and often unacknowledged nature of this work may discourage many potential candidates who prefer less stressful careers,” added David Lindner, CISO of Contrast Security, a maker of self-protecting software solutions.
“High stress, the necessity for ongoing training, and the substantial responsibility of protecting digital assets all play a significant role in the persistent shortage of cybersecurity professionals,” Linder said.
Transparency lacking around salary ranges for cyber roles
Gender salary discrepancies identified in the ISC2 survey were a mixed bag. Women in non-managerial and middle-manager positions earned 5% less than men, $131,000 compared to $138,000, as did female managers, who earned 9% less, $138,000 versus $150,000.
However, women in director and middle-manager roles outearned men in those positions by 1%, $177,000 compared to $175,000, while C-suite and executive level women earned 4% more than their male counterparts, $220,000 versus $212,000.
“A considerable factor contributing to the gender pay disparity is the lack of precise knowledge about the salary a company is prepared to offer for a position,” said Larry Whiteside Jr., founder of Whiteside Security, a cybersecurity consulting firm.
“Many companies lack transparency regarding the salary ranges for their roles, leading candidates to speculate on what they believe the position should pay,” he continued. “Even with thorough research, the estimates may not reflect the actual pay scale.”
Will AI impact pay equity?
The report also identified salary discrepancies among racial and ethnic groups. Average salaries for white men were $149,000, compared to $144,000 for non-white men, while for white women, the average salary was $142,000 versus $136,000 for non-white women.
Within the non-white group, however, the study found that cybersecurity professionals who identified as South Asian had average salaries higher than whites, $155,000, as did East and Southeast Asian participants at $151,000.
The diversity data in the report should be a heads-up for the industry. “In a profession that’s having a hard time recruiting and retaining qualified individuals, it’s a message to employers to look at pay equity in their organizations,” Rosso said.
Could the introduction of artificial intelligence have an impact on pay equity? “What we see AI doing is taking over repetitive tasks so existing cybersecurity professionals can be free to do more complex activities, which will help deal with the manpower supply and demand gaps,” Rosso noted. “Will it address pay inequity? Hard to say.”