As the digital world evolves, cybersecurity must evolve with it. Organizations and individuals alike are increasingly reliant on the Internet for work, communication, shopping and other daily tasks, and the importance of these interactions is apparent to malicious actors who see personal data as valuable. In order to combat this growing threat landscape and the rise of cyberattacks, the cybersecurity industry is always creating new positions and seeking new professionals with the latest knowledge, skills and experience necessary to keep enterprises and everyday people secure.
Because of this urgent need for cybersecurity professionals—and the challenges of the modern threat landscape—cybersecurity roles often pay more than other IT jobs, and according to 82 percent of the respondents to ISACA’s State of Cybersecurity 2022 survey report, hiring demand for technical cybersecurity positions is only going to increase over the next year. In this blog post, we will break down some of the highest-paying cybersecurity jobs that are in demand right now.
An Expert’s Guide to the Basics
Liliane El-Beyrouthy, Information Security Senior Manager of Morgan Stanley in Quebec, has seen the cybersecurity space evolve in her 10-plus years of experience. She states that there are three main types of cybersecurity professionals with the largest amount of well-paid job opportunities found on the job market nowadays:
- Offensive Security: For those who enjoy finding vulnerabilities in technology before the bad guys do, this highly technical discipline is best suited for those who like to hack systems, perform penetration testing, and utilize specific tools and technology as part of the red team.
- Defensive Security: Mostly focused on monitoring and surveillance, this discipline is for protectors and defenders, like those in Security Operation Centers and Incident Response Teams. Like offensive security, they need to be technical and to learn and understand the best defensive tools and technology out there.
- Security Auditing: The least technical of all three, this discipline is about understanding relevant standards and regulations and is usually part of the GRC team. Professionals in this discipline need to learn about security frameworks, risk management, policies, standards, and best practices in the industry.
“The basic paths to take for anyone who wants to become a cybersecurity professional are getting an education and a relevant job experience, obtaining a certification aligned with the related discipline or type of cybersecurity professional desired, and building a brand,” says El-Beyrouthy.
Five of the Highest-Paying Cybersecurity Jobs
Now that the basic kinds of cybersecurity positions have been established, here are the average cybersecurity job salaries for five of the highest-paying roles:
1. Cybersecurity Manager — US$136,000
Cybersecurity managers have eyes on all network operations. They manage security systems, teams and resources, monitor network information, pinpoint cybersecurity vulnerabilities, and generate potential solutions for identifiable weaknesses. These managers know how to upkeep, update and upgrade information and computer systems and when is the optimal time to do so. Staying abreast of the most recent changes to policies, both within an organization and on larger local and federal scales, is crucial for cybersecurity managers to ensure compliance with necessary regulations. Performing routine audits to guarantee best cybersecurity practices and mitigating risks from cyberthreats are also key responsibilities of cybersecurity managers.
To become a cybersecurity manager, both security and managerial credentials are a must. Academic degrees can be a strong first step in establishing general cybersecurity knowledge, which can enable one to gain experience through entry-level roles in the field. Earning advanced and more specialized degrees, or certifications like ISACA’s Certified Information Security Manager (CISM) or (ISC)²’s Certified Information Systems Security Professional (CISPP), validate one’s experience, expertise and ability to succeed in a cybersecurity management position.
There are many different approaches to managing cybersecurity. Cybersecurity managers may have a fundamental understanding of various areas of information security, or they may specialize in the cloud, applications, infrastructure, computer networking or any other realm of cybersecurity. Their careers are not limited to the IT industry, either—cybersecurity managers are needed in a wide range of industries, from government agencies to healthcare organizations to international businesses. Due to the demand for this position across several industries and the level of this role’s many responsibilities, the average salary for cybersecurity managers in the United States is US$136,000.
2. Cybersecurity Engineer —US$121,000
Also known as IT security engineers, cybersecurity engineers are detail-oriented professionals who provide security services to many aspects of an enterprise’s cybersecurity, including data and applications. Developing, implementing, assessing and improving security systems are major elements of a cybersecurity engineer’s position, so they must be able to identify cyberthreats to an organization’s network and security systems and offer solutions to subsequent issues. They perform security assessments, develop and execute resolutions, architect secure systems and manage various technology systems for organizations both within and outside the IT industry.
Cross-organizational teamwork ensures thorough, consistent network security, which means that cybersecurity engineers must be able to work within and outside the IT department. Security responsibilities often align with broader organizational goals, so it is critical that cybersecurity engineers are clear technical and nontechnical communicators, collaborative problem solvers, and innovative risk analyzers.
IT and security teams across many industries—from banks to government agencies to healthcare facilities—are in search of qualified cybersecurity engineers. IT degrees, like a bachelor’s degree in computer science or a related field, help showcase and demonstrate one’s abilities and knowledge in cybersecurity. In addition to a degree, relevant cybersecurity certifications can sharpen and develop these skills further. Due to the range and specialization of these qualifications, cybersecurity engineers’ average salary in the United States US$121,000.
3. Penetration Tester — US$119,000
Penetration testers, or pen testers for short, are often confused with ethical hackers, but there are important distinctions between the two. Although their shared aim to achieve many of the same cybersecurity goals makes them a strong security team, pen testers work on a specific, time-sensitive schedule and focus on particular aspects of a security system rather than the system overall. Penetration testers help to identify and remedy vulnerabilities affecting an organization’s cybersecurity practices, either as part of an internal team or as part of an outsourced service.
Pen testers are especially critical in industries that deal with large volumes of highly sensitive or classified data because they not only strengthen enterprise security, but they also strengthen consumer confidence and company reputation by minimizing successful cyberattacks. As cyberattacks become more specialized and complex, so must penetration testing in order to more accurately and thoroughly prepare enterprises’ security systems against cybercriminals.
To become a penetration tester, one must have a fundamental understanding of basic coding, programming and operating systems. These skills, in addition to a degree in a relevant IT field or applicable certifications, provide a strong base for productive pen testing experience. The average penetration tester’s salary in the United States is $119,000.
4. Cybersecurity Analyst — US$99,000
As with many other cybersecurity positions, cybersecurity analysts’ priority is protecting an enterprise’s data, sensitive information, hardware, software and networks from security breaches. It is the analyst’s job to remain up-to-date on the latest developments in the cybersecurity threat landscape so that they can conduct thorough threat research, perform frequent risk assessments like pen tests (or work with pen testers to do so), create in-depth incident reports, brainstorm solutions to vulnerabilities that are discovered, monitor network traffic and keep security programs and best practices current. Cybersecurity analysts must have a working knowledge of how cybercriminals behave and different kinds of cyberattacks in order to effectively combat them.
It is crucial that cybersecurity analysts understand the network and infrastructure of the enterprise they are working with. Although this role can be entry-level in the cybersecurity world, if analysts do not know the proper ways to monitor and evaluate security structures, they will be unable to pinpoint potential threats or strengthen current security measures. That is why having a baseline understanding of the fundamentals of cybersecurity is key. A bachelor’s degree in cybersecurity, IT or another relevant field provides a strong foundation for certifications to build upon.
The need for analysts to inspect and improve security networks and infrastructures is going to continue to grow as cybersecurity takes on greater prominence across the enterprise landscape. As the demand for this position stands, the average salary of a cybersecurity analyst in the United States is $99,000.
5. Ethical Hacker —US$96,030
Also known as a “bug bounty hunter” or “bug bounty specialist,” ethical hackers are information security experts who test organizations’ cybersecurity by attempting to gain access to a computer network and/or valuable data. They act as a hacker would, but they have explicit permission from the enterprise they are hacking to expose any security vulnerabilities currently in place. Doing so allows organizations to better prepare for cyberattacks and to more thoroughly understand the techniques that cybercriminals employ.
As hacking skills have become commercialized with the implementation of “hacking as a service,” or HaaS, into cybersecurity jobs, ethical hackers have been able to combat malicious hackers more effectively in the cybersecurity threat landscape by utilizing the same ingenuity and abilities against them. Ethical hackers typically gain their skills and knowledge through industry-recognized credentials, like ISACA’s Cybersecurity Fundamentals or EC-Council’s Certified Ethical Hacker v12, computer science and other related IT degrees, and/or hands-on experience working with security systems in various capacities.
When the world flocked to online work and socialization during the height of the COVID-19 pandemic, cybersecurity—and, subsequently, hacking—took center stage. Ethical hackers, along with pen testers, have proven to be beneficial additions to enterprises’ security teams in the face of a rapidly changing digital landscape; therefore, ethical hackers’ cybersecurity job salaries average around US$96,030 globally and US$128,000 in the US.