Pay Stalls for Mid-Level Cybersecurity Professionals

Mark Rubens/

Cybersecurity certifications are a key contributing factor to career success.

With strong competition for cybersecurity professionals -- particularly as methods of exploiting new technologies continue to evolve -- many experts projected that salaries for such professionals would rise over the years.

But that’s not necessarily the case for all cybersecurity positions, according to new research by the SANS Institute, which found that security salaries have not risen as predicted in its 2008 Salary and Certification Survey. The new 2014 version of the study shows that salaries for the largest group of respondents -- those in the $80,000-$99,999 annual salary range -- have moved little since the 2008 survey.

“This pay range should be higher, given the tough nature of the job IT security professionals shoulder, and the specialized skills and business acumen required in such positions,” the report states.

The report painted a different picture for managers, however. A larger group of respondents -- 49 percent in 2014 versus 38 percent in 2008 -- are earning $100,000 or more per year, indicating that salaries are rising for more seasoned cyber professionals.

Still, salaries remain high and competitive for cyber workers, with an entry-level worker with just zero to three years of experience earning an average salary of $73,697. Salaries continued to climb based on years of experience, with those who have more than 20 years of experience earning $124,000 on average, SANS found.

Among factors contributing to higher salaries, cybersecurity certifications were key, with 58 percent of respondents citing certifications as a major contributing factor to their career success thus far. Proven certifications can provide up to a 5 percent increase in compensation for certified personnel over noncertified staff, according to the report.

Employers also are recognizing the value of certifications, as 80 percent of respondents reported their employers either completely pay (65 percent) or share the cost (15 percent) for an employee’s certification.

“Industry-led certifications provide a benchmark for skills delivered through training and accreditation,” the report states. “They offer metrics that the training is aligned with tangible skills and knowledge required.”

Cyber professionals also cited the ability to continually update their skills as another key factor in their career success. More than two-thirds (67 percent) of respondents reported changing their area of focus at least one to three times throughout their career, and 19 percent have changed focus four to six times.

With such a strong job market in the cybersecurity field, incentives are playing a major role for organizations in retaining, advancing or hiring top employees or losing them to another employer. Lack of advancement, stagnant wages, inadequate benefits and job stability were the primary reasons for seeking an employment change, according to respondents.

“As the fight against online crime and cyberwarfare continues to escalate, so will the demand for highly training cybersecurity professionals with relevant skills,” the report states. “This global war means opportunity at every level for IT security professionals over the next decade.” 

(Image via Mark Rubens/