How To Raise Your Salary In Cybersecurity
The hot skills most in demand today for jobs: threat intelligence, security software development, cloud, auditing, and big data analysis.
Cybersecurity salaries continue to rise as organizations grapple with an increasing shortage of cyber talent. Given the current climate, job-hopping might seem like a way to earn more money in the short term.
However, developing the necessary skills that are in demand and showing how security adds value to your organization is a surer way of improving your salary in the long run, industry experts say.
“Certainly as an industry as a whole [security] salaries are going up,” says Philip Casesa, director of product development and portfolio management with (ISC)², a non-profit organization that provides education and certification for security professionals.
Consider these statistics: The average median chief information security officer (CISO) salary is $204,000, according to SilverBull, an IT and cybersecurity recruiting firm. The average annual salary among the security professionals surveyed inThe 2015 (ISC)2 Global Information Security Workforce Studyis $97,778 -- a 3% increase from when the survey was conducted in 2013.
Meanwhile, cybersecurity job postings tend to advertise a 9% salary premium over IT jobs overall, according to Burning Glass Technologies’ report, Job Market Intelligence: Cybersecurity Jobs, 2015. The average cybersecurity professional earns $83,934, compared with $77,475 for IT positions.
“If you are in information security and you are not getting raises, it might be time to look at organizations around you that are looking for your skill set. You should easily make salary jumps there,” Casesa says.
But changing jobs every year is not something infosec folks should be aspiring to do as professionals, although it is common, especially given the many job vacancies popping up. “You could job-hop all the time as a quick way to make more money. But organizations will soon realize that there is no loyalty and that will end part of your career,” Casesa warns.
“I don’t recommend necessarily jumping places to make a quick buck. I recommend you plot out your career to figure out what you want to do and really become the best you can at that, especially if those skills are hot,” Casesa says.
Some hot skills in demand include threat intelligence/security operation center professionals, security software and security infrastructure developers, cloud specialists, cybersecurity/IT auditors, and big data analysis, security experts say.
Casesa offers several ways cybersecurity professionals can increase their salaries:
Get certified: “I think certification in an of its self is an indicator of an employee’s willingness to apply disciplines and practices to lean in on a job as well as show dedication to the industry and their job skills,” he says.
That doesn’t mean that security pros who don’t have certifications are less skilled. There are many people who advance their careers, make a lot of money, and have deep technical skills, but don’t need or have a certification to define them. But for the most part, in order to stand out in a market where it is hard to make a name for yourself, certification is one way to do that, he says.
Cybersecurity jobs are highly certificated, according to Burning Glass data: More than one in three (35%) of all cybersecurity positions calls for at least one of the major certifications such as Certified Information Security Professional, Certified Information Systems Auditor, Certified Information Security Manager, Systems Security Certified Practitioner, and GIAC Security Essentials.
Only 23% of overall advertised IT jobs request an industry certification.
Develop deep expertise in skills most in demand: Being a generalist won’t win you the highest salary in the long term unless you are going to try to become a CISO. Those are tough jobs to get. Even then, a lot of CISOs come from a deep background in one area or another – they are not typically generalists over their entire career, Casesa says.