Cyber Security Analyst Salary Guide: Who Makes What?
In this article
Cybersecurity is one of the fastest-growing fields in the tech industry. The rising use of cloud computing, as well as a more distributed workforce, has led to sophisticated security challenges for organizations trying to protect their information systems. Additionally, President Biden recently issued an executive order to improve the nation’s cybersecurity. All of these factors have contributed to an increased demand for cybersecurity professionals.
But despite this need, there’s a shortage of qualified cybersecurity professionals. Domestically, there are currently almost half a million unfilled cybersecurity jobs. Globally, there’s a shortage of over three million cybersecurity professionals. This gap is expected to continue to grow as companies continue to pivot to a digital-first philosophy and the Fourth Industrial Revolution exponentially increases the number of network endpoints via the Internet of Things (IoT).
All of this is good news for those who work in the cybersecurity field, or who want to launch a cybersecurity career. The high competition for candidates is motivating companies to offer attractive salary and benefits packages. So it’s a great time to break into this rewarding and lucrative field. In this article, we’ll cover how much cybersecurity analysts make, including how much you can earn in specific roles and industries, and how you can increase your earnings if you’re already working in cybersecurity.
What Does a Cybersecurity Analyst Do?
A cybersecurity analyst protects an organization’s data, network, and computer systems from unauthorized access and attacks. They protect the confidentiality and integrity of data, while allowing authorized users to access it when needed. In the event that a security breach does occur, a cybersecurity analyst will investigate the cause and report it to the appropriate stakeholders and authorities. As part of their job, cybersecurity analysts have to:
- Monitor network traffic and computer systems for unauthorized access and security breaches
- Install and update antivirus and other security software and firewalls
- Test information systems for possible vulnerabilities
- Ensure open-source and proprietary code is updated and patched to mitigate weaknesses and vulnerabilities
- Develop and implement industry-standard procedures and practices to enhance company-wide security
- Investigate and respond to security attacks and breaches
Get To Know Other Cybersecurity Students
How Much Do Cybersecurity Analysts Make?
Cybersecurity analysts earn an average annual salary of $77,144. This is the average of all roles, in all industries, and at all levels. Your salary will inevitably vary based on where you live, what your specialty is, and how long you’ve been working. Below, we’ve detailed how salaries vary based on roles, industries, and level of experience. We’ve also included some current job listings, so you can get a sense of what companies are looking for in cybersecurity analysts, and what they’re offering.
Cybersecurity Salaries By Role
“Cybersecurity analyst” is a general job title that many companies use for someone who will be doing a wide variety of cybersecurity tasks. Cybersecurity analysts earn an average of $77,144 per year.
A penetration tester is also called an ethical hacker. They identify security vulnerabilities by trying to hack into a system. Some companies have dedicated penetration testers, but many ethical hackers work for specialized firms that offer their services to other businesses. The average yearly salary for a penetration tester is $88,012.
Information Security Analyst
An information security analyst protects their company’s data and computer systems from cyber attacks. They install protective software, monitor for potential breaches, and respond in the event a breach occurs.
The duties of an information security analyst often overlap with those of a cybersecurity analyst. An information security analyst may have a broader scope than a cybersecurity analyst, but the roles are very similar. The average salary for an information security analyst is $73,500 per year.
A vulnerability analyst identifies vulnerabilities in systems, applications, and networks. They assess, then implement effective strategies to remediate these vulnerabilities. The average salary for a vulnerability analyst is $84,000 per year.
A cybersecurity architect is a senior-level role. They are responsible for all aspects of planning, testing, and maintaining a company’s computer and network security infrastructure. The average salary for a cybersecurity architect is $126,408 per year.
Cybersecurity Salaries By Industry
Cybersecurity analysts working in big tech companies can make a higher salary than in other industries. For instance, the average salary for a security analyst at Meta is $154,000 per year.
Cybersecurity analysts in the healthcare industry protect patient and corporate data. There are additional regulations that apply to protected healthcare information, so this job requires additional industry-specific knowledge. The average salary for a cybersecurity analyst in healthcare is $84,448 per year.
All branches of local, state, and federal government organizations need cybersecurity analysts. Cybersecurity analysts working for the government make more than the average cybersecurity analyst, and usually enjoy good benefits. The average salary for a cybersecurity analyst working in government is $88,304.
Working for a large bank as a cybersecurity analyst can earn you significantly more than in other industries. The average cybersecurity analyst at Bank of America makes $108,919 per year.
Cybersecurity Salaries By Experience
As you gain work experience, you can command a higher salary. Sometimes finding your first cybersecurity job may be difficult, but once you have a proven track record, it will be much easier to move up the career ladder. You can expect a steady increase in your average salary the longer you work.
An entry-level cybersecurity analyst is one who has less than one year of work experience. The average salary for an entry-level cybersecurity analyst is $64,732 per year.
You’re considered a mid-level cybersecurity analyst when you have five to nine years of work experience. Mid-level cybersecurity analysts earn an average of $89,441 yearly.
After you’ve been working for ten years or more, you’ll be considered a senior-level cybersecurity analyst. With this much experience, you can expect to earn an average salary of $101,901.
Cybersecurity Salaries By Education
Cybersecurity analysts with more education are generally paid more, though not significantly more. Although they’re in the minority, some cybersecurity professionals don’t have a college degree at all. A good many more have an unrelated college degree, and many have an undergraduate degree in cybersecurity or a related field. For upper-level positions, some companies want candidates with a master’s degree.
The average salary for an entry-level cybersecurity analyst with no degree is $61,516 to $64,907.
You’ll probably find it easier to land your first job if you have a bachelor’s degree. If you have a degree in an unrelated field, a bootcamp or certification can help bridge the gap. Entry-level cybersecurity analysts with a bachelor’s degree earn an average salary of $63,168 to $66,437.
If you’re interested in becoming a cybersecurity manager or leading a department, you may benefit from having a master’s degree, although it won’t make much difference when you first start working. Entry-level cybersecurity analysts with a master’s degree earn an average of $64,038 to $67,379.
How To Boost Your Cybersecurity Analyst Salary
In general, the more skills, certifications, and experience you have, the more you’ll make. As you gain experience and skills, make sure to keep your resume and professional networking profiles updated.
Expand Your Skillset
Acquiring additional skills can markedly increase your salary. According to a survey by Atlas VPN, becoming proficient in cloud security can increase your pay by over $15,000 per year. Some other in-demand skills that have the potential to boost your income include:
Application Development Security
Application development security encompasses all of the procedures and processes involved in enhancing the security of apps. Demand for application development security skills is expected to increase by 164% by 2025. In addition, adding this skill to your resume can net you a $12,266 increase in salary.
Risk management involves identifying and controlling risks and vulnerabilities in the digital landscape. The demand for risk management will increase by 60% by 2025, and cybersecurity professionals who work in this area earn an additional $13,379.
Compliance and Controls
Cybersecurity compliance specialists ensure that a company’s data complies with the ordinances issued by regulatory or industry bodies. The demand for cybersecurity professionals skilled in compliance and controls is expected to grow 36% by 2025. Learning the skills to work in compliance and controls can earn you a premium of $12,423.
Threat intelligence is the process of collecting, processing, and analyzing data to understand a cyberattacker’s motives, targets, and behaviors. Demand for threat intelligence skills will increase by 41% by 2025 and will increase an average pay by $9,609 yearly.
Security Strategy and Governance
Security strategy and governance policies are enacted to help an organization prevent, discover, and respond to cyberattacks. These skills will increase your salary by an average of $7,735 and are expected to grow in demand by 20% by 2025.
Choose the Right Location
Working for a company in a premium location can pay more. It’s no secret that jobs in certain cities pay more across the board. One of the best paying locations for cybersecurity professionals is Silicon Valley, with an average salary of $133,040.
However, you should carefully consider the cost of living associated with these cities before taking a higher-paying job there.
Remote work opportunities allow you to get the best of both worlds. By working remotely for a company headquartered in a city that pays well, while living in an area with a low cost of living, you can enjoy a higher salary without the comparable increase in housing, groceries, and transportation costs.
Gain More Experience
You can boost your income by gaining work experience. Once you have several years of experience, you can ask for a raise at your current company or branch out and seek a new job.
Negotiate Your Job Offer
If you’re applying for your first job in cybersecurity, you may be tempted to take whatever salary you’re offered. But with the shortage of skilled cybersecurity professionals, you may be leaving money on the table if you don’t negotiate for a better offer. Here are some tips for negotiating a higher salary or better benefits:
Know Industry Trends
Reading articles like this one is a great way to stay up-to-date on current salary trends. Talk to headhunters and colleagues to get an idea of competitive salaries for your role in your area. Don’t be limited by average salaries though. Consider any extras you bring to the table, such as an in-demand skill or previous industry experience.
When you’re negotiating, explain why you deserve a better offer. In addition to researching average salaries, present the case for your particular skill set and give concrete examples of how you’ll bring value to the company. Highlight your experience, certifications, and training, particularly anything that gives you an edge over other candidates.
Keep an Upbeat Attitude
Negotiating can be awkward for everyone, but it’s part of today’s work environment. To help you get more comfortable with the process, practice with a friend or mentor ahead of time. Keep a positive demeanor, and decide on your non-negotiables ahead of time. Be polite and professional, but don’t be afraid to ask for what you want.
Pursue a New Degree or Certification
Another way to increase your salary is by obtaining a degree or certification. If you don’t have a bachelor’s degree, getting one will increase your eligibility for higher-paying jobs. If you do have an undergraduate degree, getting your master’s can open up more lucrative positions. You’ll find many large companies want their cybersecurity leader to possess a master’s degree, as well as advanced certification.
Once you have several years of experience, you can reach for mid- and upper-level certifications. Some of the most sought-after credentials include:
Certified Information Systems Auditor (CISA)
This is a mid-career certification that demonstrates your ability to assess security vulnerabilities, design and implement controls, and report on compliance. If you’re interested in adding security and governance to your skillset, this is the certification to get. It’s a widely recognized certification for security auditing, and is useful in jobs such as:
- IT audit manager
- Cybersecurity auditor
- Information security analyst
- IT project manager
- Compliance program manager
- IT security engineer
Systems Security Certified Practitioner (SSCP)
This is another mid-career certification that can give your income a boost. The SSCP certification proves you have the skills and knowledge to design, implement, and monitor a secure IT infrastructure. It assesses your knowledge of access controls, risk identification and analysis, cryptography, incident response, security administration, and communications, systems, network, and application security. This is a good certification to get if you’re interested in roles like:
- Systems administrator
- Systems engineer
- Security analyst
- Security consultant
- Database administrator
Certified Information Security Manager (CISM)
The CISM certification is valuable if you’re interested in moving into a managerial role. It validates your knowledge of governance, program development, incident, and risk management. This is an advanced-level certification that can be valuable in jobs like:
- Information systems security office
- IT manager
- Data governance manager
- Information risk consultant
- Director of information security
Cybersecurity Salary FAQs
Is Cybersecurity a Good Career Choice?
Cybersecurity is a good career. It pays over twice the average income. It’s highly in demand, so jobs are easy to find. Additionally, 71% of cybersecurity professionals are satisfied with their jobs.
Do Cybersecurity Analysts Get Paid Well?
Cybersecurity analysts do get paid well. They earn an average of $77,144 which is much higher than the median income in the US of $34,248.45.
How Much Money Can You Make in Cybersecurity?
The highest-paying job in cybersecurity is Chief Information Security Officer (CISO). This is a senior-level position. The CISO works with the chief information officer (CIO) to establish a security strategy and protect data assets. In Fortune 500 companies, the CISO can make between $380,000 and $420,000.
Do You Need a Degree To Be a Cybersecurity Analyst?
You don’t need a degree to be a cybersecurity analyst, but it does make it easier to get a job. Many job postings ask for a college degree or an equivalent amount of experience and knowledge. If you don’t have a degree, you can increase your chances of getting a job by passing a certification such as CompTIA Security+ by attending a bootcamp.
Since you’re here…
There are hundreds of thousands of vacant cybersecurity jobs, and one of them has your name on it. You can enter the industry in 6 months flat with our Cybersecurity Course. We’ve helped over 10,000 students make huge career changes with our fully flexible mentor-led bootcamps. Explore our free cybersecurity curriculum today to start your career switch story.