Breaking Down 6 Cybersecurity Salary Surveys: What’s a Security Pro Worth in 2019?

It’s not just finding cybersecurity talent amid “zero percent” unemployment that’s dogging employers – it’s retaining them too.

Those were some of the findings in the State of Cybersecurity 2019 report by ISACA, which polled 1,576 security professionals. The high-level findings included the following:

  • 69% said their teams are significantly (21%) or somewhat (48%) understaffed;
  • 58% said their enterprises have unfilled cybersecurity roles;
  • 32% said it takes six months or longer to fill those positions – that’s up from 26% reported in the same survey the previous year; and
  • 82% cited better financial incentives, such as salaries and bonuses, as reasons for leaving an employer.

Those statistics conjure up an important question: what do cybersecurity salaries look like?

While we’ve previously looked at CISO salary ranges, this time around, we decided to look salaries more broadly across the cybersecurity profession. So, we pulled down several reports that were published in the last year or so – and combed through the details.

Below is a summary of what we’ve found – along with links to the underlying source for those interested in taking a closer look.

1) 2019 Tech Salary Report by Dice

The tech salary survey by Dice was based on the responses of “10,780 employed technology professionals” and was conducted at the end of 2018. While it’s focused on the broader technology sector it did provide two average salaries of interest to the cybersecurity community:

  • Security Engineer: $110,716; and
  • Security Analyst: $103,597.

In a separate article – Cybersecurity Salary: One Skill Makes a Huge Difference – based on data from the same survey conducted a year earlier, the publication breaks out salary ranges by major cities. For example, security engineers in Silicon Valley command average salaries of about $95,00 – $125,000, while in Philadelphia, the same role averages roughly $75,000 – $101,000.

Certifications can make a difference, wrote Nate Swanner, the editor of in that separate article. He says a CISSP certification can lead to 10% bump up in salary.

2) 2019 Tech & Digital Marketing Salary Guide by Mondo

This survey report was not yet published at the time of this writing – but the staff at Dark Reading reported salary ranges for several cybersecurity positions stemming from the report in January 2019. While the report also looks broadly at technology salaries, it has several solid benchmarks for security professionals.

Here are the average salary ranges revealed in the report:

  • CISO: $175,000 – $275,000;
  • Information security manager: $120,000 – $185,000;
  • Application security engineer: $120,000 – $182,500;
  • Network security engineer: $115,000 – $172,500; and
  • Cybersecurity engineer: $110,000 – $165,000.

Interestingly, the position of CISO is the second highest paid position in IT trailing only the CIO/CTO category. Mondo has a landing page set up where you can register to be sent a copy of the report when it’s ready.

3) IT Salaries: Myths and Truths by Interop

Like the others, the Interop survey polls workers across the broader category of technology including security. Interop is a conference managed by publisher UBM, which owns titles including InformationWeek, Dark Reading and Network Computing.

While just 54 of the 1,800 respondents to the survey published in July 2018 reported holding security titles, the report yields a median salary as follows:

  • Chief security officer/security management: $155,000.

This salary is lower than other surveys, but that’s probably because, as the category label suggests, it blends security professionals of all ranks.

Notably, the survey asked all 1,800 respondents which skills they wanted to learn more about over the next year and IT security was the top skill cited (47%) followed by cloud integration and management (35%).

>>> Related: Amid AI and Machine Learning, the Human Touch Remains Crucial to Cybersecurity in 2019, New Network Security Survey Finds

4) 2019 Technology & IT Salary Guide by Robert Half International

This guide by Robert Half isn’t a survey. Instead, the data comes from actual talent placements the company has made and the salary those companies are paying those placements. While the guide also explores other technology roles, the findings around security jobs are exceptionally granular.

The company presents a table detailing the average salary for the 25th, 50th, 75th, and 95th percentile. For brevity’s sake, the ranges we are showing below depict just the 25th and 95th percentile respectively.

  • Data security analyst: $105,000 – $178,250;
  • Systems security admin: $93,750 – $159,750;
  • Network security admin: $93,000 – $158,750;
  • Network security engineer: $98,500 – $167,500;
  • Information systems security manager: $116,000 – $199,750; and
  • IT auditor: $92,500 – $157,750.

The report includes “adjustment rates” to these ranges by location. For example, it suggests adding 40.5% to salaries for positions in New York, 33% and -4% for those based in Cleveland.

5) Average Salary of Cyber Security Jobs by ZipRecruiter

The employment website ZipRecruiter has a dynamic webpage that summarizes the cybersecurity salary ranges associated with the job listings posted to its site. As of March 2019, here are a few of the averages:

  • National (U.S.) average for cybersecurity: $96,185;
  • 10% of those jobs range from $166,000 – $181,500;

If you visit that webpage, it will show you personalized averages for your geographic region and compare it to national averages. It also lists current openings in your local area – which provides a quick litmus test to see how the averages compare to open positions accessible to you.

It’s worth noting, other related websites, such as Glassdoor and, offer options for assessing salaries based on experience and location. This is useful both for job seekers to understand what they are worth – and for employers examining competitive salary ranges for specific requisitions.

6) Cybersecurity Spotlight 2018 by Indeed

The job company Indeed also analyzed cybersecurity listings posted to its website for insights. In part, it looked for the metro areas with the highest paying security positions from March 2017 until March 2018. The findings were laid out in a piece titled, Where Are the Highest Paid Jobs?

Here are the 10 geographies with the highest paying cybersecurity salaries (adjusted), according to Indeed:

  • Charlotte: $125,173
  • Chicago: $119,887
  • San Francisco: $116,073
  • Austin: $113,126
  • Denver: $112,206
  • Philadelphia: $110,943
  • Boston: $103,953
  • Baltimore: $103,944
  • San Jose: $97,344
  • New York: $98,159

Why isn’t San Francisco on top? It’s because Indeed adjusted its findings for the cost of living in those locations:

“When you look at unadjusted salary, San Francisco places highest at $148,621. But because the cost of living in San Francisco is so high, money doesn’t go as far to cover costs like rent, groceries and transportation as it does in other cities.

Once adjusted, the picture is very different: This year’s number-one best-paid city for information security specialists is Charlotte, North Carolina, with an average adjusted salary of $125,173 per year.”

The company also looked at which roles were most in demand. It tallied the results based on those roles with the most listings, which were:

  • #1 IT security specialist;
  • #2 information security analyst;
  • #3 network security engineer;
  • #4 security engineer; and
  • #5 application security engineer.

* * *

The State of Cybersecurity 2019 report by ISACA concludes by suggesting the employment outlook isn’t likely to change, but there’s an opportunity for employers with initiative:

“Organizations that acknowledge the statistics shown in this research should be able to fill open positions quicker and retain their current talent. The successful hiring and retention elements are attractive pay, career growth opportunities and healthy work environments.”

If you enjoyed this post, you might also like:
5 Creative Ways to Overcome the Cybersecurity Talent Shortage

*** This is a Security Bloggers Network syndicated blog from Bricata authored by ironcore. Read the original post at:

Cloud Workload Resilience PulseMeter

Step 1 of 8

How do you define cloud resiliency for cloud workloads? (Select 3)(Required)