Security pros in banking and finance make the most money but bonuses were common across all roles and industries.
Security pros who begin their careers in the IT world as opposed to security have a better chance at a higher salary. This pivot seems to have a bigger influence than years of experience or education, according to the 2020 Cybersecurity Salary Survey from Cynet. The survey examined pay rates measured against experience, education, location, and industry.
Among the findings, Cynet found that a degree does not guarantee more money. Salary range distribution was similar for both employees with or without a degree in computer science or a related engineering field.
On the other hand, career change can be a way to get a better salary. The report found that people who pivoted from an IT role to a cybersecurity position earned more than people who started out in cybersecurity.
The survey revealed one financial equalizer: everyone was equally likely to get a bonus. Except for security analysts, all other jobs include periodic bonuses with annual rates between 1-10%.
More than 1,300 people completed the survey in Q4 2019. The data covers salary profiles for five popular security positions:
- Cloud security architect
- Network security engineer
- Penetration tester
- Security analyst
- Security director/manager
Security professionals in North America (NAM) had significantly higher salaries than people working for companies in Europe, the Middle East, Africa (EMEA) and the Asia-Pacific (APAC) region. The study found that more than 80% of NAM workers earned between $71,000 and $110,000 in contrast to less than 35% in EMEA and 21% in APAC.
Here are the financial details for each role.
Cloud security architect
This person provides the technical authority behind the decision making of the organization's security stack. There is more distribution among the salary categories for these professionals. Only 22% make under $50,000 with 32% in the $51,000 to $110,000 range. Eight percent reported salaries of $191,000 and up.
Network security engineer
Security engineers configure cybersecurity defenses, including firewalls and IDS/IPS security measures. In this position, 38% made under $50,000 while 42% were in the $51,000 to $110,000 range. Ten percent of respondents made between $131,000 and $150,000.
Experience seems to pay off better for these professionals. Among people with nine to 15 years of experience, 40% were in the highest salary range. People in both the one to three years of experience category and the four to eight years category were most likely to make under $50,000.
SEE: Security analyst hiring kit (TechRepublic Premium)
These members of the security team test an organization's cyber defenses. In this group, 60% earn less than $50,000 while 33% make between $51,000 and $110,000. Experience did not influence salaries for this position as much as other roles. A majority of people with one to three years of experience made under $50,000 while 29% of people with nine to 15 years of experience earn between $111,000 and $130,000.
People with a college degree didn't have an advantage over people without a degree with 60% of each group earning under $50,000. In the top salary range, 4% had a degree and 5% did not.
These threat intelligence experts triage alerts, respond to threats, and look for threats. Half of the people in this group made under $50,000, reflecting this job's entry-level position on the career ladder. About 41% of respondents earn between $51,000 and $110,000. Time on the job did not necessarily mean more money with 42% of people with one to three years of experience and 44% of people with four to eight years of experience making less than $50,000. Among people with nine to 15 years on the job, 36% made more than $111,000. A college degree had little impact for analysts at lower pay levels but 5% of people without a degree earned more than $131,000 compared to only 1% among degree holders.
This person is responsible for managing the security team, leading recruitment, setting procedures and workflow, and connecting the security team and company management.
This role also showed more variation in salaries. Only 17% made under $50,000 while 18% made $191,000 and up. Experience did not have as much influence on salary in this role. Among people with one to three years on the job, 31% made under $50,000 but 15% made between $131,000 and $150,000.
For people with four to eight years of experience, 29% made under $50,000, 24% made between $151,00 and $170,000 with 14% in the $231,000 - $250,000 range. Most managers with 16 years or more on the job were in the $111,000 to $130,000 range with 14% in the top bracket of $251,000 to $290,000.
Among the five positions, there were more women in the security director job, at 10%, than in any other role.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)