Security Experts:

High Demand Pushes Average Cyber Security Salary Over $93,000

Despite concerns over unemployment and the challenging job market, the IT job market has been fairly healthy, and demand for cyber-security professionals remained high in 2013, according to a new jobs study.

The number of job postings for cyber-security positions grew twice as fast as the number for overall IT job postings in 2013, Burning Glass Technologies found in its latest installment of the Job Market Intelligence report. There were 209,749 national postings for cyber-security jobs in 2013, and the average salary for a cyber-security posting was $93,028, according to the report, which is compiled by reviewing job postings across 32,000 online sites daily. In comparison, the average salary for all IT job postings was $77,642.

“These postings are growing twice as fast as IT jobs overall, and now represent 10 percent of all IT job postings,” the report said.

Cyber Security Salary When considered against the backdrop of increased number of data breaches, distributed denial-of-service attacks, online fraud, and cyber-espionage being reported each day, it's no surprise the cyber-security job market is booming. Over 17 major retailers and financial institutions were targeted in 2013 alone, and according to the FBI, nearly 300,000 cyber-crimes were reported in the past year, resulting in losses of over $525 million.

Security is no longer restricted to just technology companies or financial institutions, as retailers such as Target and organizations in charge of critical infrastructure such as the electric grid grapple with skilled adversaries who take advantage of holes in the network defenses to cause damage. “If you have sensitive data, you are a security company,” David Lindsay, a senior product manager at Coverity, said in an earlier interview.

Burning Glass released the report last week, hours after the Labor Department reported the U.S. Economy added 175,000 jobs in February. The Labor Department said the biggest growth nationwide was in the professional services sector, which includes technology jobs. According to the Burning Glass report, 38 percent of those technology jobs are cyber-security positions. Manufacturing, defense, finance, insurance, and health care sectors also had high demand for cyber-security jobs, Burning Glass found.

While there are many jobs, Burning Glass said they are concentrated in three major hubs: Washington, D.C., New York, and San Francisco/Bay Area. The Washington, D.C. metropolitan area had the most cybersecurity job postings in 2013, with more than 23,000 listings, followed by New York City with just over 15,000, Burning Glass said in its report. The San Francisco-San Jose corridor, which includes the Silicon Valley, had more than 12,000 listings. Chicago and Dallas rounded out the top 5.

The demand for skilled cyber-security professionals in the federal government and for the contracting firms that work on government contractors explains the high numbers for the D.C.-area. In a state-by-state analysis, Burning Glass found that Virginia ranked second in the number of cybersecurity job listings, and Maryland ranked sixth. As would be expected considering its concentration of technology companies, California ranked first in the number of open jobs.

The report highlighted the oft-discussed skills gap, as well. The demand is there for cyber-security professionals, but cyber-security jobs took 24 percent longer—45 days as opposed to 36 days for other IT jobs—to fill, Burning Glass found. Cyber-security jobs also took 36 percent longer than all job postings.

“The demand for cybersecurity talent appears to be outstripping supply,” said Matt Sigelman, CEO of Burning Glass.

One reason for the gap may be because employers are looking for significant educational background and experience, with two-third of postings requiring at least four years of experience and 84 percent looking for applicants with at least a bachelor's degree. About half of all cyber-security positions requested at least one professional certification, such as Certified Information System Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (Security+), and Certified Information Security Manager (CISM).

Sigelman noted that 50,000 job postings in 2013 required applicants to have the Certified Information Systems Security Professional (CISSP) credential, but there were only 60,000 such certified professionals at the moment. And considering that CISSP requires four years of full-time cyber-security experience, it's not possible to “fast track” professionals to meet the demand.

“This is a huge gap between supply and demand,” Sigelman said.

The difficulty in finding cyber-security professionals to fill positions was part of the conversation at last month's RSA Conference in San Francisco, as well.

Andy Ellis, CSO of Akamai, noted on the security gaps panel that the problem wasn't a dearth of skilled individuals, but rather that “We’re writing job descriptions that are unrealistic.” The panel emphasized that cyber-security professionals need to be able to communicate with business stakeholders and be able to show how security affects the business bottom line.

With the jobs market booming for cyber-security professionals, it seems there are plenty of opportunities for them to show off what they can do.

Related: Report Shows Extreme Demand for Skilled Security Professionals

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.