Experts in cybersecurity are among the most sought-after professionals in the tech sector, with demand for workers in that field outpacing other IT jobs by a wide margin.
A new survey by Semper Secure, a public-private partnership in Virginia formed to advance the cybersecurity profession, offers a fresh glimpse at what security workers earn, what they look for in an employer and where the hubs of innovation are located.
Cybersecurity Salaries Three Times National Average
Cybersecurity professionals report an average salary of $116,000, or approximately $55.77 per hour. That's nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.
But it's more than just the money. Cybersecurity professionals say that they actively seek employers with strong reputations for integrity and those that are recognized as leaders in their field.
"For top talent, cybersecurity isn't about just a job and a paycheck," says Jim Duffey, secretary of technology at the office of the governor of Virginia. "It is about the hottest technology, deployed by honorable organizations, for a purpose that is inherently important."
Asked to identify the most important attributes of an employer, respondents cite these characteristics:
- Reputation for integrity; code of honor: 44 percent
- Reputation as a leader in cybersecurity: 34 percent
- Known for addressing leading challenges in cybersecurity: 33 percent
- Relatively high compensation scale: 31 percent
- Expansive cybersecurity career opportunities: 30 percent
- Excellence of leadership: 30 percent
- Excellence of coworkers: 23 percent
Respondents to the survey also indicated that they have a strong interest in the nature of the work they do. Asked what interests them most about the profession, challenging and meaningful topped the list.
- Interesting, challenging work: 56 percent
- Important and meaningful work: 44 percent
- Love the technology: 39 percent
- Constant change/dynamic industry: 31 percent
- Job security: 27 percent
- High salary and benefits: 25 percent
- Validates my talent and skill: 18 percent
- Opportunity to work with the best people: 13 percent
Where Do the Cybersecurity Pros Go to Work
Where are the great hubs of innovation in the cybersecurity sector? Perhaps not surprisingly, respondents identified California (home to so much of the IT sector) and the greater Washington-D.C. area, with its heavy concentration of government workers, contractors and the defense industry.
One-third of respondents said that California is the center of cybersecurity innovation, while 44 percent believe that innovation is most heavily concentrated in D.C., Northern Virginia and Maryland.
"Government agencies and defense/aerospace firms remain magnets for cybersecurity professionals," Duffey says.
Asked to name the company they would most like to work for, respondents ranked Google at the top, followed by the federal government, self-employment and Cisco. Respondents cited Symantec-Norton, IBM, McAfee and Cisco as industry leaders in cybersecurity.
The survey also suggested that there is relatively little churn in the industry, with 65 percent of cybersecurity pros polled saying that they have worked at two or fewer organizations throughout their career.
"These people aren't jumping from job to job looking for salary bumps and signing bonuses," says Lee Vorthman, CTO of NetApp's Federal Civilian Agencies unit. "Many of them want to work for federal agencies and most of them tend to stick with employers for the long term. For companies, that means they better get them early or risk not getting them at all."
The survey also probed security professionals' career aspirations, finding that 22 percent anticipate taking on more difficult challenges, 18 percent envision themselves in a leadership role, while 16 percent are seeking to start their own company or consult, and 15 percent are aiming to become a CIO or CISO.
What Cybersecurity Pros Know
Finally, the survey shed some light on the educational profile of the cybersecurity workforce. Eight-five percent of respondents said that they hold a professional certification, naming the Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional Security (CCNIP), and Certified Ethical Hacker (CEH) as the most popular credentials.
Forty-four percent of respondents said that they hold a bachelor's degree in computer science, mathematics or electrical engineering, and 34 percent said they hold a master's degree in those fields. Just 5 percent said that they hold a doctoral degree in those subjects.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com. Follow Kenneth on Twitter @kecorb. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn.