What’s the average cybersecurity engineer salary? Is it a dying profession, or is there room for a new technologist to grow in the role over the next few decades? The answers to those questions (and more!) can help determine whether you want to jump into the training and education involved in a cybersecurity role.
What’s clear is that cybersecurity engineers are vital parts of any organization. They help keep a company’s tech stack safe from attack, educate their team members and fellow employees about social engineering and other cybersecurity dangers, and advise senior management about how to keep data safe—all while often wrestling with a tight budget. In fact, a cybersecurity engineer’s role can vary greatly from company to company.
Fortunately, that kind of complexity can translate into high demand and generous compensation. Let’s jump into the numbers.
What is a cybersecurity engineer’s average salary?
Cybersecurity engineers make a median salary of $96,765 per year, which is quite high by technologist standards. That salary, of course, can rise considerably with experience, education, and specialization. For example, those engineers with more than a decade in the cybersecurity industry could make upwards of $122,000—and potentially much more, if they head onto a management track or if they specialize. Check out the breakdown:https://datawrapper.dwcdn.net/SOsoX/1/
Education also has an impact on cybersecurity engineer salary, although the vast majority of jobs demand a bachelor’s degree; employers are generally less focused on whether you have an advanced degree, and more on your skills and knowledge:https://datawrapper.dwcdn.net/D9cQp/1/
Is cybersecurity engineer a dying career?
The answer to that question is a resounding “no.” Cybersecurity engineering jobs are expected to grow 28.5 percent over the next 10 years, according to Burning Glass. Internal and external threats to companies’ security stacks aren’t going away; in fact, with the rise of increasingly powerful tools powered by A.I. and machine learning, the complexity and severity of cyberattacks will only increase in coming years.
What’s important to remember, however, is that cybersecurity engineers must always keep their technical skills updated if they want to continue landing jobs (and/or advancing within their companies). The constantly mutating nature of security threats means you need to stay aware of what’s new and how to combat it.
Over the long term, cybersecurity engineers must keep their soft skills, such as communication and empathy, finely polished at all times. These engineers end up interacting with numerous stakeholders throughout the organization, from C-suite executives to help-desk specialists and even retail workers, which means that they must communicate security concerns as clearly and concisely as possible, especially to folks with a non-technical background. In order to accurately gauge threats to an organization, they must also listen to what others tell them about suspicious activity.
Is this role in demand?
In the short term, cybersecurity engineers also remain in high demand. According to Burning Glass, the average time to fill an open cybersecurity engineer position is 41 days, slightly higher than a “generalized” software developer/engineer position (39 days). In other words, it’s taking employers a lot of time to find available cybersecurity engineers, suggesting a tight market.
There are other signs of a “cybersecurity gap” that’s left companies eager for cybersecurity engineering talent. For example, a recent survey conducted by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) found that seven out of 10 cybersecurity experts reported that their organization has been affected by a worldwide cybersecurity skills shortage. That can translate into significant opportunity for cybersecurity engineers, even those at the beginning of their careers.
What skills do you need to become a cybersecurity engineer?
As mentioned above, cybersecurity engineers need a mix of technical and soft skills to fully succeed in the role. It’s important to note that those who succeed in the position often have a masterful grasp of concepts and procedures such as vulnerability analysis and threat modeling. Those kinds of skills will allow you to step into pretty much any company and evaluate its cybersecurity needs, as well as propose solutions.
A solid grasp of programming languages such as Python is also invaluable; even if you’re not picking through the code yourself, you’ll need to fully recognize the vulnerabilities that others might point out in code. Knowledge of how operating systems and networks is likewise key.
Top Cybersecurity Certifications, by Job Posting (Burning Glass)
- Certified Information Systems Security Professional (CISSP)
- CompTIA Security+
- SANS/GIAC Certification
- Certified Information Security Manager (CISM)
- GIAC Security Essentials Certification
- Systems Security Certified Practitioner (SSCP)
- Cisco Certified Security Professional
- GIAC Certified Intrusion Analyst
- CompTIA Advanced Security Practitioner (CASP)
- GIAC Security Leadership (GSLC)
- Check Point Certified Security Administrator
- Certified Cloud Security Professional (CCSP)
- GIAC Information Security Professional (GISP)
- Security Certified Network Professional
- Check Point Certified Security Expert
- GIAC Certified Windows Security Administrator
A growing number of cybersecurity jobs also ask for certifications. Based on a Burning Glass analysis, here are some of the most popular:
Cybersecurity Skills (Burning Glass)
|Necessary Skills||Defining Skills||Distinguishing Skills|
|UNIX||NIST Cybersecurity Framework||NIST Security Standards|
|Software Development||Intrusion Detection||Cybersecurity Assessment|
|Risk Assessment||Threat Analysis||Threat Modeling|
|Project Management||Information Systems||Vulnerability Analysis|
|Linux||Information Security||Risk Management Framework|
|Customer Service||Information Assurance||Federal Information Security Management Act|
|Cryptography||Vulnerability Assessment||Certification & Accreditation|
|Cisco||Security Operations||Threat Intelligence and Analysis|
|Authentication||Penetration Testing||Data Loss Prevention|
CISSP is a vendor-neutral and advanced-level credential offered by the ISC2 (International Information Systems Security Certification Consortium); it’s broad, making it applicable to a number of positions. Similarly, CompTIA Security+, is approved by the United States Department of Defense and is compliant with the standard for ISO-17024, making it a good “generalist” certification that pops up frequently in job postings.
If you’re interested in cybersecurity-related management, also consider the CISM, from the Information Systems Audit and Control Association – ISACA, which certifies that the technologist can manage security infrastructure across an organization.
Of course, not all cybersecurity engineers have to ascend to management; quite a few are perfectly happy with becoming an increasingly skilled practitioner. But whatever route you choose for your career, gaining experience and skills can translate into improved compensation, including a higher base salary.