What’s the average cyber security engineer salary? Is it a dying profession, or is there room for a new technologist to grow in the role over the next few decades? The answers to those questions (and more!) can help determine whether you want to jump into the training and education involved in a cyber security role.
What’s clear is that cyber security engineers are vital parts of any organization. They help keep a company’s tech stack safe from attack, educate their team members and fellow employees about social engineering and other cyber security dangers, and advise senior management about how to keep data safe—all while often wrestling with a tight budget. In fact, a cyber security engineer’s role can vary greatly from company to company.
Fortunately, that kind of complexity can translate into high demand and generous compensation. Let’s jump into the numbers.
What is a cyber security engineer’s average salary?
Cyber security engineers make a median salary of $96,765 per year, which is quite high by technologist standards. That salary, of course, can rise considerably with experience, education, and specialization. For example, those engineers with more than a decade in the cyber security industry could make upwards of $122,000—and potentially much more, if they head onto a management track or if they specialize. Check out the breakdown:
Education also has an impact on cyber security engineer salary, although the vast majority of jobs demand a bachelor’s degree; employers are generally less focused on whether you have an advanced degree, and more on your skills and knowledge:
Is cyber security engineer a dying career?
The answer to that question is a resounding “no.” Cyber security engineering jobs are expected to grow 28.5 percent over the next 10 years, according to Burning Glass. Internal and external threats to companies’ security stacks aren’t going away; in fact, with the rise of increasingly powerful tools powered by A.I. and machine learning, the complexity and severity of cyberattacks will only increase in coming years.
What’s important to remember, however, is that cyber security engineers must always keep their technical skills updated if they want to continue landing jobs (and/or advancing within their companies). The constantly mutating nature of security threats means you need to stay aware of what’s new and how to combat it.
Over the long term, cyber security engineers must keep their soft skills, such as communication and empathy, finely polished at all times. These engineers end up interacting with numerous stakeholders throughout the organization, from C-suite executives to help-desk specialists and even retail workers, which means that they must communicate security concerns as clearly and concisely as possible, especially to folks with a non-technical background. In order to accurately gauge threats to an organization, they must also listen to what others tell them about suspicious activity.
Is this role in demand?
In the short term, cyber security engineers also remain in high demand. According to Burning Glass, the average time to fill an open cyber security engineer position is 41 days, slightly higher than a “generalized” software developer/engineer position (39 days). In other words, it’s taking employers a lot of time to find available cyber security engineers, suggesting a tight market.
There are other signs of a “cyber security gap” that’s left companies eager for cyber security engineering talent. For example, a recent survey conducted by Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) found that seven out of 10 cyber security experts reported that their organization has been affected by a worldwide cyber security skills shortage. That can translate into significant opportunity for cyber security engineers, even those at the beginning of their careers.
What skills do you need to become a cyber security engineer?
As mentioned above, cyber security engineers need a mix of technical and soft skills to fully succeed in the role. It’s important to note that those who succeed in the position often have a masterful grasp of concepts and procedures such as vulnerability analysis and threat modeling. Those kinds of skills will allow you to step into pretty much any company and evaluate its cyber security needs, as well as propose solutions.
A solid grasp of programming languages such as Python is also invaluable; even if you’re not picking through the code yourself, you’ll need to fully recognize the vulnerabilities that others might point out in code. Knowledge of how operating systems and networks is likewise key.
A growing number of cyber security jobs also ask for certifications. Based on a Burning Glass analysis, here are some of the most popular:
CISSP is a vendor-neutral and advanced-level credential offered by the ISC2 (International Information Systems Security Certification Consortium); it’s broad, making it applicable to a number of positions. Similarly, CompTIA Security+, is approved by the United States Department of Defense and is compliant with the standard for ISO-17024, making it a good “generalist” certification that pops up frequently in job postings.
If you’re interested in cyber security-related management, also consider the CISM, from the Information Systems Audit and Control Association – ISACA, which certifies that the technologist can manage security infrastructure across an organization.
Of course, not all cyber security engineers have to ascend to management; quite a few are perfectly happy with becoming an increasingly skilled practitioner. But whatever route you choose for your career, gaining experience and skills can translate into improved compensation, including a higher base salary.
Related Cyber Security Jobs Resources: