author photo
By Bruce Sussman
Thu | Apr 25, 2019 | 11:24 AM PDT

Which are the highest paying cybersecurity jobs right now?

And how much do the top InfoSec roles pay?

For one thing, all of the highest paying cybersecurity roles are six-figure jobs at this point.

No wonder the professionals at our regional cybersecurity conferences seem to be in a great mood. Until now, we thought it was the agenda.

Before we get to the new top 10 list created by Indeed, which analyzed advertised IT security jobs over the last year, let's start with a couple of categories Indeed overlooked.

CISO salaries and Deputy CISO salaries

CISOs roles are continuing to rise in prominence, in pressure, and in pay.

How much is determined by factors such as company size, geographic location, competition, and other factors.

ZipRecruiter's most recent data (for 2018) shows an average U.S. CISO salary of $175,464. 

ciso-salary-zip-recruiter

Chart: ZipRecruiter

The company says the majority of CISOs make between $120,000 and $215,000 with pay that is somewhat lower (on the low end) and significantly higher (on the high end) of the pay scale.

We're sure this must be the case, as we've heard from Deputy CISOs who make a base salary in the $200,000 range. 

But what about bonuses and other incentives?

PayScale reports CISO roles it tracks as having bonuses of $5k to $55k and profit sharing of $4k to $33k.

Walt Disney's Board, for example, recently shot down the need for security and privacy metrics to apply to all senior executives, saying the compensation of privacy and security executives were already tied to metrics in this area. 

How would those metrics change total compensation?

Besides CISOs, the top 10 highest paying IT security roles

Now, let's look at job search giant Indeed and its just created list for cybersecurity salaries. 

Here is the Indeed.com top 10 list, by cybersecurity job title and salary:

  1. $128,128 - Application Security Engineer
  2. $127,855 - Director of Information Security
  3. $126,628 - Senior Security Consultant
  4. $126,365 - Cloud Engineer
  5. $117,633 - Software Architect (is this really a security role as listed by Indeed?)
  6. $114,431 - PenTester
  7. $108,465 - Risk Manager
  8. $103,690 - Chief Information Officer
  9. $101,808 - Security Engineer
  10. $99,930 - Information Manager

Here is what Indeed says about the top-paying cybersecurity job:

"These engineers—who review and test the security of code in apps—also made our list of 2018’s hottest cybersecurity roles. Given that the average smartphone user has 80 apps on their phone, this role will likely remain in high demand."

You can see the rest of the Indeed cybersecurity job post for yourself, but be advised: your browser will likely tell you the site is not secure.

Interesting. Perhaps Indeed needs to hire some more cybersecurity talent for itself.

Ponemon Institute on cybersecurity salaries

While the reports above seem to give us some firm numbers on IT security salaries, SecureWorld interviewed Dr. Larry Ponemon recently about what's happening in the space.

And he told us there are 3 Major Impacts from the cybersecurity talent shortage.

One of those impacts is wide variability in pay. A much wider range than in many professional roles.

"Compare cybersecurity to something like accounting," says  Ponemon.

"Accounting is established, there is a familiar career path and compensation structure that’s fairly similar between most firms. But cybersecurity, for lack of a better term, is kind of a hodgepodge of people and different backgrounds they bring to the table.

There are geographic differences based on cost of living, certainly. But what is the reasonable baseline here? That has not really been decided. And this situation is exacerbated by the huge number of vacancies in security."

And if the forecasts are right, those vacancies will continue, with no realistic way to close the talent gap in the near term.

[RELATED: 2 White Hat Hackers Earn $1 Million Each]

Comments