Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/9/2019
05:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Virginia a Hot Spot For Cybersecurity Jobs

State has highest number of people in information security roles and the most current job openings, Comparitech study finds.

Virginia currently ranks as one of the hottest states for cybersecurity professionals from a job opportunity and salary standpoint.

New analysis placed the state in top spot for the number of people currently employed in cybersecurity roles (14,180), close to the top spot for average annual salaries for cybersecurity professionals ($111,780) and for number of current job opportunities (4,570).

Virginia also leads other states in employment per 1,000 jobs with 3.7 jobs out of 1,000 being cybersecurity-related. Over the next five years, the number of cybersecurity jobs in the state is expected to grow over 32%.

U.K-based Comparitech's "2019 US Cybersecurity Salary & Employment Study" used 10 different and equally weighted criteria to identify the best and the worst states in the US for cybersecurity professionals.

The metrics that Comparitech considered for its study included state annual salaries for cybersecurity roles; the number of people currently employed in cybersecurity jobs; the number of advertised cybersecurity jobs; and 10-year projections for cybersecurity roles in each state.

The study showed that in 2018, the national average salary for an information security professional was $92,789. Comparitech found that average annual cybersecurity salaries in each state are greater—sometimes substantially so—than average annual salaries for all other employment, in every single US state. The state with the biggest difference in salaries was New Mexico where the average annual salary of $106,360 for a cybersecurity professional was 80.34% higher than the state average for other employment.

The numbers are a reflection of the high level of concern over data breaches and cyber risk in general—and the premiums that organizations are willing to pay for professionals who can help them manage it.

For purposes of the study, Comparitech considered "information security analysts" jobs, which it defined as jobs involving the planning and implementation of cybersecurity measures, installation of security technologies, investigation of breaches and management of security vulnerabilities.

Some states such as Arkansas, Indiana, Wisconsin, and Wyoming don't have "information security analysts" roles in their 10-year employment projections. In these cases, Comparitech used the closet description available for its projection scores says, Paul Bischoff, lead researcher at Comparitech. "The roles also vary somewhat between companies, so it's perhaps best to think of this as a category of job rather than a specific job," he says.

Top 5 States

Comparitech's analysis showed the top five states for cybersecurity jobs are Virginia, Texas, Colorado, New York and North Carolina. The average annual salaries for cybersecurity roles in each of these states topped $100,000 with New York having the highest average at $122,000.

While organizations in Virginia currently employ more cybersecurity professionals than in any other state, it is California that currently has the most job openings for them, with over 5,000 at the time the Comparitech report was compiled.

Interestingly, some of the highest-scoring states in several of the categories that Comparitech analyzed were states not normally associated with a lot of high-tech activity. Utah, for instance, leads all other states in terms of projected cybersecurity job growth in the long term—likely because it is starting with a much smaller base. Over the next 10 years the number of security jobs in the state will increase by 50%, Compartech found.

Similarly, it was cybersecurity professionals in Arkansas—a state not usually associated with high-tech—that had the biggest increase in average annual salaries over the past five years. Even so, the $81,710 that security professional's in the state average is lower than a majority of other states.  Security professionals in Kansas saw their average annual salary increase by over 10.5% to $86,160 between 2017 and 2018—the fastest one-year growth rate among all states.

On the flipside, among the states that fared the worst in Comparitech's study were Vermont, Indiana, Montana, and Maine. The average cybersecurity salaries in each of these states were substantially lower than the national average.

Cybersecurity professionals in Montana — which number only 120 — earned a relatively paltry $64,790 in 2018 versus the national average of more $92,000. In Maine, people in information security jobs earned on average 25% less in 2018 than they did in 2017.

Puerto Rico placed at the bottom of the list of the states and territories that Comparitech evaluated in the study. Salaries for information security professionals in the territory averaged a dismal $42,440 in 2018 — a 9.8% decline from 2013.

Several factors account for the salary differences between states, besides just supply and demand. "Cost of living comes to mind," Bischoff notes. "There might also be a difference based on the type of employer," he says.  Salaries, for example, can differ significantly based on whether someone is working in government, a large corporation, or small business. "We did not examine these factors in the study," Bischoff says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Can the Girl Scouts Save the Moon from Cyberattack?"

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21321
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
CVE-2021-21322
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...
CVE-2021-21320
PUBLISHED: 2021-03-02
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messag...
CVE-2021-27730
PUBLISHED: 2021-03-02
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
CVE-2021-25306
PUBLISHED: 2021-03-02
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.