On the Front Lines: Your Guide to the Cybersecurity Workforce, Part III
We’re happy to share a three-part guest blog series from writer Tricia Hussung on behalf of Russell Sage Online. As formal education becomes integral to the cybersecurity industry, more and more colleges and universities are establishing programs of study focused on digital culture and technological security. Russell Sage Online offers both a Bachelor of Science in Information Technology and Cybersecurity and an undergraduate Cybersecurity Certificate. Here’s more from Tricia on the latest trends in cybersecurity careers.
It may be surprising to learn that, despite their status as some of the most sought-after professionals in the tech sector, cybersecurity experts tend to remain employed at the same organizations for relatively long periods of time. The Semper Secure survey reports that 65 percent of cybersecurity professionals said they have worked at two or fewer organizations throughout their career. Industry insiders agree: Lee Vorthman, CTO of NetApp’s Federal Civilian Agencies unit says that, “These people aren’t jumping from job to job looking for salary bumps and signing bonuses. Many of them want to work for federal agencies and most of them tend to stick with employers for the long term. For companies, that means they better get them early or risk not getting them at all.”
This means that many of those interested in cybersecurity careers are passionate about technology itself, rather than the high salaries and growth potential they can expect upon graduation. As Jum Duffey, secretary of technology at the office of the governor of Virginia, puts it, “For top talent, cybersecurity isn’t about just a job and a paycheck. It is about the hottest technology, deployed by honorable organizations, for a purpose that in inherently important.”
What Makes a Paycheck?
Professionals in cybersecurity earn well above the national average for U.S. workers. In a recent survey by the SANS institute, 49 percent of responders said they earned $100,000 or more per year— mostly for management roles. The largest single group of responders (23 percent) selected the $80,000 to $99,999 range. This group was comprised mostly of engineers and administrators. There was a considerable between the overall average for management ($121,376) and that of non-management categories ($95,149).
Understandably, cybersecurity salaries are higher based on experience. The average professional starts out at around $74,000 per year, while those with 20 years of experience earn more than $123,000 per year. That difference across 20 years amounts to raises of about $2,500 for each year of experience gained. For both managers and non-managers, progressive salary increases can be expected, but management income remains over 20 percent higher than non-management income regardless of experience.
Education is an important factor in determining salary levels. The same SANS report states that those holding bachelor’s degrees and 7 to 10 years of experience earn average incomes of over $100,000. Those with more advanced degrees “achieve this level of pay sooner.” The opposite is also true, with associate-level respondents earning $64,302 and bachelor’s degree holders earning $71,564.
When education and experience are combined, salary is affected further. Those who have been in the industry for over 10 years and hold advanced degrees have a significantly higher salary than their less educated, less experienced peers. As cybercrime threats continue to become more widespread and security becomes more vital, “the need for advanced degrees is predicted to continue to be in high demand,” according to SANS.
While formal education remains a central factor in the employability of cybersecurity professionals, certifications are another leading contribution to successful careers. The SANS survey reports that, in 2008, a majority of hiring managers “felt that certifications were an important (or key) requirement for hiring. And demand for certified experts is only growing, as more and more organizations require specialized skills in incident handling and response, audit and compliance, and firewall/IDS/IPS/SIEM. Currently employed cybersecurity professionals agree with this assessment: 85 percent of survey respondents said that they hold a professional certification such as the Certified Information Systems Professional (CISSP).
Want more information about careers in cybersecurity? Read more at Russell Sage Online.