Security risk analysis salary

Security risk analysis salary DEFAULT

Information Security Analyst

What's it like to be an Information Security Analyst?

As an Information Security Analyst you will analyse, assess and investigate vulnerabilities in an organisation’s IT infrastructure (software, hardware, networks, and systems) and help protect information and systems against any cyber-related threats in order to develop a stronger, secure and resilient IT infrastructure.

Information Security Analyst

Tasks and duties

  • Researching new security technology to decide what will most effectively protect your organisation.
  • Attending cybersecurity conferences to hear firsthand accounts of other professionals who have experienced new types of cyberattacks.
  • Reporting directly to upper management and working with the organisation’s computer and information systems manager or Chief Information Technology Officer (CIO) to design security or disaster recovery systems.
  • Monitoring an organisation’s networks for security breaches and investigating violations.
  • Installing software, such as firewalls and data encryption programs, to protect sensitive information.
  • Researching the latest information technology (IT) security trends.
  • Recommending security enhancements to management or senior IT staff.
  • Helping computer users when they need to install or learn about new security products and procedures.

Relevant work experience and a network in your field of interest will be invaluable for breaking into a career as a political risk analyst

Working as a political risk analyst, you'll examine issues such as economic conditions, crime levels, threat of conflict, government stability and governance, trade and regulations, or humanitarian and human rights issues.

You may work in or with a range of private sector companies to inform business and investment decisions, or on behalf of governments and non-governmental organisations (NGOs) to assist national and international policy making and strategy.

Depending on your employer, you may also be known as a country risk analyst, country researcher, geopolitical risk analyst or intelligence analyst.

Types of political risk analysis

The focus of your role will depend on who you work for. Some positions are generalist spreading across several areas while others are more specialised. It is possible to concentrate on:

  • a country or region - providing in-depth intelligence on a range of issues and risk factors relating to a specific part of the world
  • certain themes or issues - such as governance and regulations, security and cyber security, crime, conflict, human rights or humanitarian issues, environmental or economic developments
  • a sector or industry - for example, you could work within or provide consultancy to financial services and insurance companies, energy, oil and gas companies or consumer businesses.

In-house roles usually involve using internal data to advise businesses on risk factors within the context of the industry and market in which they're operating. In this scenario, you would be involved in the full lifecycle of an investment or business decision.

As a consultant, you'd work on different projects for a range of clients - supporting companies, governments and other organisations with ongoing or ad-hoc information about the political environment.

Risk analysts within Think Tanks, NGOs and research institutes provide intelligence to inform and influence national and international policy making, strategy and humanitarian initiatives. In this type of setting, your work is likely to be focused on a particular theme or issue.


As a political risk analyst, you'll need to:

  • collect and analyse information from different sources, relating to a particular area of interest
  • monitor conditions and update intelligence platforms and databases with trends and developments
  • use modelling tools and data analytics to calculate risk scores
  • produce scenario models and forecasts for different business or policy decisions, or to assess the impact of political or international developments
  • write bespoke risk assessments and reports for clients, including offering recommendations about managing risks
  • research and write reports and articles on trends and developments in the region or sector
  • deliver verbal briefings and presentations to clients and wider audiences on your research
  • develop and communicate regularly with a network of individuals and groups in the region or sector - including government, academic, business and journalistic contacts
  • read local and/or sector specific press and publications to maintain up-to-date knowledge of political developments.


  • Starting salaries for junior analysts and consultants are between £25,000 and £32,000.
  • Experienced risk analysts can earn anywhere between £35,000 and £60,000.
  • As a team or division leader, you could earn £52,000 to £80,000+.

Salaries vary widely. You'll typically earn more if working within financial services or for a private sector company, or for one of the larger more well-established political risk consultancies. Salaries at Think Tanks, research institutes and NGOs can be considerably lower.

Working hours

Working hours vary depending on your role and employer, but you'll typically work Monday to Friday. Your work will usually be project based, so your hours will depend on client needs and deadlines, and can be long.

Some roles will also involve travel or periods spent working overseas, which can often mean working additional and unsociable hours.

Part-time work and career breaks are typically possible and are more likely in larger organisations.

Related case studies

What to expect

  • Work is fast paced as you'll be responding to complex and often rapidly shifting political and international developments. This can be exciting, but also a challenge and you'll need to adapt quickly and work well under pressure.
  • You'll typically be based within an office but may need to travel within the working day to meet with clients (particularly if you work within a consultancy). You may also be expected to spend time away at conferences and events.
  • Most risk consultancies, financial services firms, and headquarters of businesses with intelligence and risk divisions are in capital and major cities. There are opportunities throughout the UK and internationally.
  • You'll need to be comfortable working with large amounts of data and using new software tools and programs to perform analysis. Although there can be variation in the research methods and tools required between roles, quantitative analysis is increasingly common across the sector.


A degree in a social science or humanities subject is the most common entry route into the role of political risk analyst. The following subjects in particular may help:

  • business
  • economics or finance
  • international relations
  • journalism
  • modern languages
  • politics
  • regional or country studies.

Other subjects are also accepted, but you'll need evidence of research experience and a developed interest in politics, current affairs and international relations.

A related Masters degree is a distinct advantage and a requirement for some roles. An undergraduate degree on its own could be sufficient for an entry-level position or training programme, but it's like you would need evidence of quantitative and qualitative research experience or additional training.

A PhD can be useful for some roles, especially if your research relates directly to the area of work. However, it's not normally a requirement.

Think about the area of political risk analysis that you'd like to work within and consider which level of qualifications and subject would be most suitable. You can check to see what employers are asking for.

For example, a degree in African Studies would be an advantage for roles focused on that region or an economics or finance-related subject is helpful if you'd like to work in financial services or banking.

A qualification and fluency in a foreign language is also highly sought after and can be a requirement for some roles. Being able to speak one or more languages will also positively impact your earnings potential.


As a political risk analyst, you'll need:

  • a keen interest in politics and current affairs
  • good written communication skills - for writing concise, coherent reports and presenting complex information to different audiences
  • excellent research skills, both quantitative and qualitative - for gathering, sifting and evaluating large quantities of information
  • critical thinking skills - in order to analyse evidence and draw reliable conclusions to inform decision making
  • numerical skills - for working with data and statistics, calculating risk scores and undertaking economic and financial analysis
  • to be diplomatic - when questioning, challenging and influencing decision making
  • good interpersonal skills - for building relationships with clients and developing effective professional networks
  • technological competence - as you'll use software tools to research and collate information
  • commercial awareness - to understand how businesses operate and the internal and external factors that impact decisions and performance
  • global and cultural awareness - to understand issues and build relationships in different local, national and international contexts
  • up-to-date knowledge of political and international developments and trends.

Work experience

Political risk analysis is a competitive field to get into, so relevant work experience is essential.

Identify the companies and organisations you'd like to work for and check their websites for advertised internship or summer placement opportunities. Competition for these can be high so apply early, be resilient and keep an open mind about alternative opportunities.

Approach organisations directly and show your enthusiasm for their area of work and the relevant experience and skills that you can bring.

Any work experience which helps you develop the skillset needed for the role is particularly valuable. This includes:

  • undertaking research, data analytics and report writing
  • gaining experience in a commercial environment and learning how a business operates
  • time spent working in the sector or region you want to specialise in. For example, working within an energy or oil company or working/volunteering in a particular country.

Find out more about the different kinds of work experience and internships that are available


Opportunities exist within:

  • political risk consultancies and advisory firms
  • political risk or intelligence divisions of financial services firms (for example banks or insurance companies)
  • risk or intelligence divisions of private companies - particularly in oil, gas, or energy companies and consumer goods businesses
  • NGOs
  • Think Tanks and research institutes.

Jobs may be advertised on some general jobs boards but it's more likely you'll need to identify the companies and organisations you're interested in and look directly on their websites for opportunities. You can check the Chamber of Commerce for the country you're interested in to see if they have a directory of these.

Openings can be competitive, and many roles are not advertised. Speculative applications and building a network in the sector will be very important. It's common to do an internship which could then lead to a permanent position so this may be a starting point to consider.

There are some specialist recruitment firms and headhunters, such as Lawson Chase and Barclay Simpson. However, these typically work with experienced professionals and do not have extensive opportunities at entry-level.

Some political risk analysts also work freelance for clients. This is an option once you've developed experience and expertise in your area.

Professional development

Most employers provide training and development relevant to the role. This could include training specific to working in risk as well as general business and professional skills.

You could also undertake further postgraduate study in a relevant subject, such as a Masters in risk, international relations or security studies, or to specialise in an area such as risk and finance or insurance.

Search postgraduate courses in risk.

You could also join a professional association in your field of interest, many of which offer training courses and events. For example:

These organisations can help with continuing professional development (CPD). It’s important you carry this out throughout your career to keep your skills current and to develop in your role.

The nature of the job means you'll need to work at keeping up to date with the politics in various countries and any developments within the area in which your working. You'll need to read industry press, attend conference and events and network with other professionals.

Career prospects

It's usual to start in an analyst or associate role where your work would be primarily research and analysis, producing regular and ad-hoc reports. After two to three years you're likely to move into a more senior position, where you'd be leading projects and having more contact with clients. From there you could progress to managing a political risk team or division, and become more involved in business development and managing operations.

Movement between roles and employers is also common, so you could develop by gaining experience working in different business areas or with different types of clients.

Alternatively, you may choose to specialise in a country, region, type of risk or business area, progressing to become an expert in your field. This could lead to writing and media opportunities and providing consultancy on a freelance basis.

Your skills and experience will also be highly transferable. For example, you could move into financial/credit risk analysis or management in the private sector. You could also go on to work in security or crisis management, or to research and policy roles within government or for a Think Tank.


See how well you match this job profile and over 400 others.

Alternative careers

Related jobs and courses


graduate scheme

Technical Opportunities

View job
National Audit Office

graduate scheme

Graduate Accountancy Scheme 2022

  • National Audit Office (1 other job)
  • Competitive salary
  • London, Newcastle upon Tyne
View job
  1. Ssndob 2020
  2. Oxford police department
  3. Driving range kent wa

Information Security Risk Analyst: Salary & Job Description

With the shift to digital and online data, maintaining strong security is very important. Information security risk analysts work with a company's computer systems to assess potential security issues. They defend and preserve computer networks, cloud storage, online security, and database security by staying on top of emerging information technology trends and cybersecurity threats. They may recommend enhancements, respond to violations, install software, and design recovery plans.

Educational Requirements Bachelor's degree in computer science or related field
Skills Required Knowledge of information technology and cyber security, excellent communication skills, analytical thinking skills, ability to work in a fast-paced environment
Median Salary (2019)* $99,730 per year
$47.95 per hour
Career Outlook (2019-2029)* 31% (much faster than average)

Source: *U.S. Bureau of Labor Statistics

Required Education

Information security risk analysts need a minimum of a bachelor's degree in a field like computer science, computer programming or information security. They need to have a good understanding of computer networking technology, networking administration, and internet security practices. To ensure business knowledge, employers may prefer candidates who have a Master of Business Administration with an IT specialization.

Information security risk analysts can maintain and demonstrate their knowledge and skills by obtaining certifications with different technologies and updating those certifications as time goes on. Common certifications include the Certified Information Systems Security Professional (CISSP) and the CompTIA Cybersecurity Analyst (CySA+). Certifications are also available from vendors including Cisco, Unix, and Linux as well as in various cloud computing security and firewall technologies.

Required Skills

Information security risk analysts need to have a thorough understanding of computer networking systems, database administration, and internet security. They must stay up to date on current and emerging technological trends and be able to implement those for the safety of their company's computer networks. Because information security risk analysts are responsible for large amounts of sensitive data, they must maintain knowledge of IT standards, regulations, and laws.

Additionally, they must address threats to computer network security quickly and efficiently. As a result, analytical thinking skills are key, as is the ability to apply that thinking in a fast-paced environment. The ability to communicate technological concepts to non-tech savvy business professionals is extremely helpful.

Career Outlook and Salary

Internet technologies are constantly evolving and growing. As the need for safe ways to utilize and share sensitive data increase with this growth, the need for information security risk analysts grows with it. The U.S. Bureau of Labor Statistics (BLS) predicted a 31% employment increase for information security analysts during the 2019-2029 decade, which is much faster than the average growth for all jobs in the US. The median salary for information security analysts as of 2019 was $99,730, reports the BLS. The bottom 10% of earners made $57,810 or less per year; the top 10% of information security analysts earned $158,860 or more per year.


Systems Security Analyst

Information Systems Professional

Information systems professionals investigate, analyze, design, develop or manage information systems based on computer and related technologies through the objective application of specialized knowledge and professional judgement.


Information Systems Professional is a protected title under Alberta's Professional and Occupational Associations Registration Act. This means that to call yourself an Information Systems Professional or use the I.S.P. designation, you must be a registered member of the Canadian Information Processing Society of Alberta (CIPS Alberta). You do not have to be registered if you do not call yourself an Information Systems Professional.

What You Need

The Canadian Information Processing Society (CIPS) has defined the body of knowledge required for certification and recognizes the many different ways this standard may be achieved. Applicants must provide documented evidence for 1 of the following I.S.P. designation criteria routes: (1) Established Academic, (2) IT Industry Leader, (3) Established IT Professional, (4) Education Plus Experience, (5) Exam, (6) Professional Experience Only (applicants must have entered the field prior to 1976), or (7) Upgrade from Candidate Status. For official, detailed information, visit the CIPS website, CIPS Alberta website or contact CIPS Alberta.

Working in Alberta

Information systems professionals who are registered and in good standing with a regulatory organization elsewhere in Canada may be eligible for registration in Alberta if registered professionals in the 2 jurisdictions have similar responsibilities and competencies. For more information, see "What if I am already certified in another province or territory?" and the Alberta regulatory authority (below).

Contact Details

Canadian Information Processing Society of Alberta
PO Box 21085
Edmonton, Alberta
Canada T6R 2V4
Phone Number: 780-431-9311
Toll-free phone number: 1-844-431-9311
Fax number: 780-413-0076
E-mail: [email protected]


Salary security risk analysis

The median annual salary for a Security Risk Analyst was £65,000 in advertised job vacancies during the 6 months to 12 October 2021.

The first table below provides salary benchmarking and summary statistics including a comparison to same period in the previous 2 years.

Security Risk Analyst


6 months to
12 Oct 2021
Same period 2020Same period 2019
Rank change year-on-year-358+369+119
Permanent jobs requiring a Security Risk Analyst314052
As % of all permanent jobs advertised in the UK0.025%0.084%0.038%
As % of the Job Titles category0.027%0.088%0.040%
Number of salaries quoted284044
10th Percentile£41,250£42,500£38,750
25th Percentile£48,125£45,250£42,500
Median annual salary (50th Percentile)£65,000£73,750£55,000
Median % change year-on-year-11.86%+34.09%-
75th Percentile£65,625£82,500£62,813
90th Percentile£67,500£90,000£66,250
UK excluding London median annual salary£47,500£45,000£54,500
% change year-on-year+5.56%-17.43%+9.00%

The following table is for comparison with the above and includes summary statistics for all permanent IT job vacancies. Most job vacancies include a discernible job title that can be normalized. As such, the figures in the second row provide an indication of the number of permanent jobs in our overall sample.

All Permanent IT Job Vacancies


Permanent vacancies in the UK with a recognized job title113,85845,330130,954
% of permanent IT jobs with a recognized job title91.35%94.95%95.69%
Number of salaries quoted79,06437,830105,629
10th Percentile£32,000£32,500£28,000
25th Percentile£41,250£41,250£37,500
Median annual salary (50th Percentile)£55,000£55,000£50,000
Median % change year-on-year-+10.00%-
75th Percentile£75,000£72,500£70,000
90th Percentile£92,500£88,750£85,000
UK excluding London median annual salary£50,000£47,500£45,000
% change year-on-year+5.26%+5.56%-
RISK MANAGER Interview Questions \u0026 Answers! - (How to PASS a Risk Management Interview!)

Cyber Security Education

When it comes to the cybersecurity market, much is made of the growing skills gap. Overlooked is how this can translate to enormous potential for professionals. For the second week of National Cyber Security Awareness Month (NCSAM) we break down the myriad of well-paying and rewarding jobs available, and salary data for today's cyber workforce.

By 2020, the cyber security market is expected to grow to $170 billion. Data from Burning Glass Technologies Research from 2015 found that cyber security professionals tend to make about 9 percent more compared to other IT workers, yet there remains a lack of qualified professionals in the field. According to the 2017 Global Information Security Workforce Study (GISWS), released every two years by the Center for Cyber Safety and Education Center and ISC², the workforce gap among cybersecurity professionals is expected to reach 1.8 million by 2022.

ISC² CEO David Shearer notes, in a press release on the latest GISWS findings, that 66 percent of workers surveyed say they have too few qualified workers to effectively combat current industry threats; other research has had similar findings related to the shortage of qualified cyber security professionals. In response, more than 70 percent of employers around the world plan to increase the size of their cybersecurity staff in the coming year, the survey found; one-third of employers plan to increase their cyber security departments by 15 percent.

In 2017, there are about 780,000 professionals in the U.S. employed in the cyber security field, with about 350,000 current openings and a zero percent unemployment rate – an impressive feat for any industry today, which points to the growing demand for improved enterprise security.

Image via Indeed

The ever-growing need for qualified, experienced cyber security professionals means that the field offers tremendous potential for professionals, offering job security, a good salary, and potential for advancement in the field. According to an analysis of data from the Bureau of Labor Statistics conducted by Peninsula Press, cyber security job postings are up 74 percent. We took a look at some recent data on growth in the cyber security field, the most popular cyber security roles, and salary data for today’s cyber security professionals to gain some insights into the current state of the cyber security workforce.

The Most Popular Roles in Cyber Security Today

There are plenty of options for professionals who want to pursue a career in cyber security. Of course, any security-focused job requires strong communication skills and an in-depth knowledge of the current threat landscape, tools and technologies that today’s cyber security teams utilize to identify, mitigate, and prevent threats, and an insatiable desire to stay abreast of the latest advancements in the field.

Without these characteristics, cyber security professionals risk becoming obsolete in a few short years as those with more current, advanced expertise are better equipped to meet the needs of the modern enterprise. There’s no question that the security threat landscape will continue to evolve. As a result, so will the roles enterprises require to build a strong security posture. The future looks bright with a mix of more traditional and newer roles, such as a security incident response specialists and malware analysts.

Here are a few of the requirements for some of the roles that are currently in high demand.

1. Security Architect. These are the people who must be able to put themselves in the mind of a hacker in order to prevent future attacks. They are also responsible for maintaining the security of enterprise computer systems. It is imperative for security architects to stay up to date with the latest security tools and threats.

2. Malware Analyst. All it takes is a quick scan of the daily news cycle to notice the rapid rise of ransomware attacks. This is a massive problem for businesses around the globe. The malware analyst role was designed to address the obstacles that face organizations with regard to threats such as the worldwide WannaCry ransomware attack, which resulted in around $4 billion in losses. In fact, like many cyber security roles, the need for malware analysts is higher than the available talent supply.

3. IT Security Engineer. This is also a relatively new role that is focused on quality control within IT environments, to ensure that security measures are in place to address continuing threats.

4. Security Consultant. Since there is a shortage of professionals with skills in cyber security, many companies turn to outside experts such as security consultants. The specific responsibilities carried out by a security consultant will vary, depending on the threats and current security posture of the client company; however, security consultants have no problems keeping themselves busy due to high demand.

Image via LinkedIn

5. Security Software Developer. There is a never-ending need for developers to create new applications to thwart hackers. The recent focus is on cloud storage, as more companies are leveraging cloud computing for mission-critical applications.

6. Security Incident Responder. Security incident responders must be curious about the motive behind an attack in order to create an efficient response. The demand for security incident responders has grown substantially along with the increase in cybercriminal activity.

7. Security Systems Administrator. The security systems administrator is the professional responsible for defending systems against unauthorized access and establishing security requirements for enterprise networks.

8. Data Security Strategist. As more enterprises strive towards AI and IoT initiatives, expect the demand for data security strategists to rise. This role focuses on optimizing data security functions and data storage. Moreover, the data security strategist must help to create the policies needed to protect stored data.

9. CISO. The CISO needs to champion tasks such as acquiring the necessary funding, resources, and awareness for critical security projects. Moreover, the CISO serves as a leader in driving the organization to make smarter security decisions while delivering positive results around cyber security objectives.

10. Cyber Security Specialist. The cyber security specialist maintains the security of a computer network through testing, updates, and protection.

Required Skills and Characteristics for Cyber Security Professionals

Some cyber security specialists started out practicing ethical hacking as teens. While some teens end up taking the malicious path, many recognized how easy it is to hack into vulnerable systems and then began to translate that knowledge into developing policies and software that can mitigate risks and better protect applications, networks, and endpoints. Other cyber security professionals got their start in the military, working in cryptologic communications or a similar function while pursuing studies in the field.

Success in cyber security, sadly, can often go unnoticed. Too often, cyber security gets attention only of the negative kind – when systems have been breached or widespread attacks impacting hundreds of businesses hit the airwaves. When networks are running seamlessly and hacks have been thwarted, no one notices. Thus, cyber security professionals should be comfortable with being the unsung hero. Few laypersons realize the amount of work and expertise it takes to maintain and enhance network and system security.

Other essential non-technical skills, characteristics, and practices that can help cyber security pros get noticed and advance in their careers include:

  • Ask questions. No cyber security professional is all-knowing; it’s impossible with the rapid pace at which the threat landscape changes. There is always someone who has information that you don't, so embrace the sharing of information with your fellow professionals.
  • Promote your work. As stated earlier, good security work can easily go unnoticed. As a result, many employees outside of the IT department don’t understand the importance of following sound security practices. Take the lead in promoting a security mindset throughout the organization and take advantage of opportunities to educate other departments.
  • Communicate effectively. Cyber security is a highly technical field, but you can't speak in technical jargon when communicating threats and security needs to employees in other departments or non-technical stakeholders. It’s important to have the ability to convey key policies and processes in a way that the layperson can easily understand.
  • Take risks. You must be willing to test and break stuff in a lab setting; for many security pros today, this is the fun part of the job. Hackers are always testing new routes for accessing valuable data. Through penetration and other methods, you’ll need to put your company’s systems and applications to the test to identify their breaking points.
  • Continue to seek knowledge. In this industry, it is critical to keep up with the always-evolving threat landscape. Enterprises seek to hire experts who keep up with new threats on a daily basis.

Education and Background Requirements

  • There are many cyber security programs available from certificates to doctoral degree options, with studies and degree programs encompassing subjects such as:
  • Computer forensics
  • Internet security
  • Cryptography
  • Cyber security fundamentals
  • Data recovery
  • Information systems privacy
  • Internet security

Often, cyber security technicians only need a security certificate or associates degree, coupled with relevant experience in the field. On the other hand, cyber security engineers must have a Bachelor’s degree or higher.

Certifications can include:

  • Certified Reverse Engineering Analyst (CREA)
  • Certified Penetration Tester (CPT)
  • Certified Ethical Hacker (CEH)
  • Certified Computer Forensics Examiner (CCFE)
  • CISA
  • CISM

Experience levels vary substantially, with executive-level positions and senior management roles typically requiring several years or more of on-the-job experience, while entry-level positions are available for new graduates. With the growing demand for cybersecurity professionals, it’s easy for graduates to find good-paying entry-level positions with ample opportunities for advancement.

Existing Information Technology professionals interested in pursuing careers in cyber security can obtain valuable education through a number of online courses. Coursera, for instance, offers a Cybersecurity Fundamentals specialization path which includes classes on:

  • Usable security
  • Cryptography
  • Hardware security
  • Software security

Those who complete the courses, which cost $49, earn a certificate.

Udemy is another popular online course platform, offering courses in cyber security such as:

For widely recognized training, courses from the SANS Institute or Carnegie Mellon University, Software Engineering Institute, CERT Division are solid options for those who wish to advance their training and further their knowledge.

Salary Data for the Top Cyber Security Roles

There is ample available data on cyber security salaries, with a broad range of findings; however, it’s clear that cyber security careers can be lucrative. According to CIO, cyber security professionals earn an average of $116,000 annually or $55.77 per hour, for instance, while PayScale estimates that the average salary for computer security specialists is around $74,000, with location as a major factor in pay structure. A January 2017 article by Steve Morgan at Forbes, based on data from multiple sources, points out that top cyber security salaries in major U.S. metros can reach as much as $380,000 annually.

According to, a cyber security engineer makes an average of $85,000 annually, while the Infosec Institute estimates that the average annual salary for an incident responder is $81,000, although the average varies by location, at about $83,000 in San Francisco and around $70,000 in Georgia. For a vulnerability research engineer, the average salary is around $96,000 annually. Salaries fluctuate based on location and company size, but the data is adjusted for cost of living. In San Francisco, for instance, the salary for a senior cyber security engineer can range between $122,000 and $207,000. In Atlanta, the salary ranges between $72,000 and $107,000.

According to a report from TechRepublic, the 15 cities in the United States with the highest salaries for cyber security professionals include (salary data adjusted for cost of living):

1. Minneapolis, MN: $127,757
2. Seattle, WA: $119,349
3. San Francisco, CA: $119,346
4. Dallas, TX: $117,890
5. Denver, CO: $117,308
6. Chicago, IL: $111,303
7. Austin, TX: $110,190
8. Salt Lake City: $106,207
9. New York, NY: $102,271
10. San Jose, CA: $99,075
11. San Diego, CA: $98,303
12. Washington, D.C.: $92,191
13. Boston, MA: $88,453
14. Los Angeles, CA: $86,072
15. Arlington, VA: $74,254

The DICE IT job board published a report on the top five IT security salaries, which include:

1. Lead software security engineer: $233,333
2. Chief security officer: $225,000
3. Global information security director: $200,000
4. Chief information security officer: $192,500
5. Director of security: $178,333

Of course, salaries also vary depending on experience and education, as well as the company; larger enterprises tend to pay more in order to attract top-tier talent. Here’s a sampling of data from Glassdoor reflecting salaries at various companies; note that this data is generated based on self-reporting from employees and are often based on only a few salary reports:

  • U.S. Air Force: $57,000 annually
  • U.S. Navy: $115,000 annually
  • PwC: $53,000 to $73,000 annually
  • Northrop Grumman: $131,000 to $143,000 annually
  • Los Alamos National Laboratory: $86,000 to $93,000 annually

Image via Glassdoor

Indeed also publishes findings from its data on the most popular cyber security careers and associated salaries. According to Indeed’s current data (at the time of this writing), average salaries for cyber security careers vary widely, from $11.46 per hour for a Security Officer to $59.42 per hour for a Security Consultant. Other popular roles and average salaries include:

  • IT Security Specialist: $52.54 per hour (based on 3,178 salary reports)
  • Information Security Analyst: $40.79 per hour (based on 2,422 salary reports)
  • Security Engineer: $38.93 per hour (based on 4,655 salary reports)
  • Security Analyst: $40.87 per hour (based on 3,032 salary reports)
  • Intelligence Analyst: $24.54 per hour (based on 306 salary reports)
  • Security Specialist: $14.83 per hour (based on 6,979 salary reports)
  • Network Security Engineer: $51.80 per hour (based on 2,587 salary reports)
  • Information Technology Specialist: $20.87 per hour (based on 1,732 salary reports)
  • Security Consultant: $59.42 per hour (based on 1,061 salary reports)

Image via Indeed

LinkedIn is also a valuable source of information on professional cyber security roles. According to LinkedIn’s data, salaries for cyber security professionals range from $65,000 to $130,000 per year, with a median salary of $92,000 annually. For comparison, we researched the same roles identified above for which Indeed provides salary data on LinkedIn, with data on the salary range and median salary for each role listed below:

  • IT Security Specialist: Range - $49,100 - $141,000; Median - $97,000
  • Information Security Analyst:Range - $51,000 - $110,000; Median - $76,000
  • Security Engineer: Range - $65,000 - $154,000; Median - $102,000
  • Security Analyst: Range - $51,000 - $110,000; Median - $76,000
  • Intelligence Analyst: Range - $35,000 - $103,000; Median - $65,000
  • Security Specialist:Range - $49,100 - $141,000; Median - $97,000
  • Network Security Engineer:Range - $65,300 - $133,000; Median - $95,500
  • Information Technology Specialist: Range - $35,000 - $105,000; Median - $58,000
  • Security Consultant:Range - $50,000 - $103,000; Median - $87,500

Starting pay is also on the rise, increasing 3.8 percent in 2017 over 2016, according to InformationWeek. At PayScale, the overall salary range for a cyber security analyst is estimated at $49,652 - $117,163; when the data is filtered for entry-level professionals, the range is only slightly lower, particularly at the lower end of the range: $45,401 - $96,643.

Image via Payscale

Indeed also provides salary data for popular entry-level cyber security careers, including:

  • IT Security Specialist: $113,990 per year (based on 20,317 salary reports)
  • Security Analyst: $88,122 per year (based on 8,226 salary reports)
  • Entry-Level Analyst: $54,045 per year (based on 1,998 salary reports)
  • Network Analyst: $68,484 per year (based on 4,374 salary reports)
  • Information Security Analyst: $84,269 per year (based on 9,238 salary reports)

Image via Indeed

While salaries vary throughout the industry based on a number of variables such as location, experience level, role, and company, one thing is clear: cyber security professionals are in high demand and well-compensated, and if predictions are on-target, that’s not likely to change for the foreseeable future. As the threat landscape continues to become increasingly sophisticated and complex, experienced security professionals with up-to-date knowledge of the threat landscape and sophisticated hacking techniques continue to be invaluable to the modern enterprise.

Tags: Cyber Security Education


Similar news:

Develop system documentation for information system authorization, security management, and continuous monitoring of both networked and standalone classified systems.

January 30, 2021

Support and develop oversight routines to ensure effective management of risk to the security of information in all data storage and processing areas, including vendor, physical, network, systems and personnel handling environments.

April 02, 2021

Demonstrated personal tendency to speak freely, question tradition looking beyond how things have always been done to how things could be done more effectively, intuitively, securely and efficiently.

April 07, 2021

Requires demonstrable knowledge of security principles to a diverse range of risk scenarios to coordinate acceptable solutions between business needs, technology operations, and information security best practices.

May 19, 2021

Provide expertise and support in customer hosted environments to ensure control activities are designed and implemented appropriately to protect the security, confidentiality, privacy, integrity and availability of data in compliance with organization policies and standards.

May 23, 2021


1693 1694 1695 1696 1697