Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/9/2019
05:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Virginia a Hot Spot For Cybersecurity Jobs

State has highest number of people in information security roles and the most current job openings, Comparitech study finds.

Virginia currently ranks as one of the hottest states for cybersecurity professionals from a job opportunity and salary standpoint.

New analysis placed the state in top spot for the number of people currently employed in cybersecurity roles (14,180), close to the top spot for average annual salaries for cybersecurity professionals ($111,780) and for number of current job opportunities (4,570).

Virginia also leads other states in employment per 1,000 jobs with 3.7 jobs out of 1,000 being cybersecurity-related. Over the next five years, the number of cybersecurity jobs in the state is expected to grow over 32%.

U.K-based Comparitech's "2019 US Cybersecurity Salary & Employment Study" used 10 different and equally weighted criteria to identify the best and the worst states in the US for cybersecurity professionals.

The metrics that Comparitech considered for its study included state annual salaries for cybersecurity roles; the number of people currently employed in cybersecurity jobs; the number of advertised cybersecurity jobs; and 10-year projections for cybersecurity roles in each state.

The study showed that in 2018, the national average salary for an information security professional was $92,789. Comparitech found that average annual cybersecurity salaries in each state are greater—sometimes substantially so—than average annual salaries for all other employment, in every single US state. The state with the biggest difference in salaries was New Mexico where the average annual salary of $106,360 for a cybersecurity professional was 80.34% higher than the state average for other employment.

The numbers are a reflection of the high level of concern over data breaches and cyber risk in general—and the premiums that organizations are willing to pay for professionals who can help them manage it.

For purposes of the study, Comparitech considered "information security analysts" jobs, which it defined as jobs involving the planning and implementation of cybersecurity measures, installation of security technologies, investigation of breaches and management of security vulnerabilities.

Some states such as Arkansas, Indiana, Wisconsin, and Wyoming don't have "information security analysts" roles in their 10-year employment projections. In these cases, Comparitech used the closet description available for its projection scores says, Paul Bischoff, lead researcher at Comparitech. "The roles also vary somewhat between companies, so it's perhaps best to think of this as a category of job rather than a specific job," he says.

Top 5 States

Comparitech's analysis showed the top five states for cybersecurity jobs are Virginia, Texas, Colorado, New York and North Carolina. The average annual salaries for cybersecurity roles in each of these states topped $100,000 with New York having the highest average at $122,000.

While organizations in Virginia currently employ more cybersecurity professionals than in any other state, it is California that currently has the most job openings for them, with over 5,000 at the time the Comparitech report was compiled.

Interestingly, some of the highest-scoring states in several of the categories that Comparitech analyzed were states not normally associated with a lot of high-tech activity. Utah, for instance, leads all other states in terms of projected cybersecurity job growth in the long term—likely because it is starting with a much smaller base. Over the next 10 years the number of security jobs in the state will increase by 50%, Compartech found.

Similarly, it was cybersecurity professionals in Arkansas—a state not usually associated with high-tech—that had the biggest increase in average annual salaries over the past five years. Even so, the $81,710 that security professional's in the state average is lower than a majority of other states.  Security professionals in Kansas saw their average annual salary increase by over 10.5% to $86,160 between 2017 and 2018—the fastest one-year growth rate among all states.

On the flipside, among the states that fared the worst in Comparitech's study were Vermont, Indiana, Montana, and Maine. The average cybersecurity salaries in each of these states were substantially lower than the national average.

Cybersecurity professionals in Montana — which number only 120 — earned a relatively paltry $64,790 in 2018 versus the national average of more $92,000. In Maine, people in information security jobs earned on average 25% less in 2018 than they did in 2017.

Puerto Rico placed at the bottom of the list of the states and territories that Comparitech evaluated in the study. Salaries for information security professionals in the territory averaged a dismal $42,440 in 2018 — a 9.8% decline from 2013.

Several factors account for the salary differences between states, besides just supply and demand. "Cost of living comes to mind," Bischoff notes. "There might also be a difference based on the type of employer," he says.  Salaries, for example, can differ significantly based on whether someone is working in government, a large corporation, or small business. "We did not examine these factors in the study," Bischoff says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Can the Girl Scouts Save the Moon from Cyberattack?"

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4815
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
CVE-2020-4816
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-For...
CVE-2020-4820
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2020-4967
PUBLISHED: 2021-01-27
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
CVE-2020-36012
PUBLISHED: 2021-01-27
Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field.