Cybersecurity analysts earn a median salary of $124,910 in the United States according to the Bureau of Labor Statistics, with senior roles reaching $194,514 and CISOs at Fortune 500 companies exceeding $500,000 in total compensation. The field has 4.8 million unfilled positions globally, maintains effectively 0% unemployment, and is projected to grow 29% over the next decade — nearly 10x the average for all occupations. If you're evaluating cybersecurity as a career, here's what you can actually expect to earn.
Salary by experience level
Entry-level cybersecurity analysts (0-2 years) typically earn between $55,000 and $80,000, with SOC Analyst Level 1 roles at the lower end. Mid-level professionals (3-7 years) earn $85,000 to $110,000 base, with specializations like threat intelligence and incident response pushing toward the higher end. The average across all cybersecurity roles in the U.S. sits at $135,969.
Senior cybersecurity professionals (7+ years) earn $120,000 to $165,000 base, with Glassdoor reporting an average of $194,514 for Senior Cyber Security Analysts. At the executive level, mid-market CISOs earn $200,000 to $420,000, while Fortune 500 CISOs regularly exceed $500,000 with equity.
Top paying cities
Location has a dramatic impact on cybersecurity salaries. San Jose-Sunnyvale-Santa Clara leads at $175,520 average, followed by San Francisco-Oakland-Hayward at $168,160. The Washington D.C. metro area pays 20-30% above the national average (roughly $163,000-$177,000) due to proximity to the Pentagon, NSA, CISA, and the intelligence community.
Emerging hubs like Raleigh, Austin, and Atlanta offer growing cybersecurity markets with housing costs 40-60% lower than coastal cities — meaning your dollar goes significantly further. The top five states for cybersecurity job openings are Virginia, California, Texas, Maryland, and Florida.
Which certifications actually boost your salary
Certifications have an outsized impact in cybersecurity. The average salary increase per certification is approximately $18,000, and 91% of business leaders prefer certified candidates. Here's how the major certs stack up:
- CISSP — the gold standard. +$25,000 to $35,000 salary premium (+22%). Has the highest correlation with six-figure salaries among all security certifications. Certified professionals earn $130,000-$165,000.
- CCSP (Cloud Security) — +25% salary boost, with ISC2 data showing 35% higher earnings vs non-certified peers. Demand is growing faster than almost any other security certification in 2026. Salary range: $135,000-$170,000.
- CISM — +$20,000 to $28,000 premium (+18%). Particularly valuable for management-track professionals. Salary range: $125,000-$160,000.
- CEH (Certified Ethical Hacker) — +$12,000 to $18,000 premium (~15%). Strong for penetration testing roles. Salary range: $95,000-$130,000.
- CompTIA Security+ — +$5,000 to $10,000 premium (+11%). The essential entry-level gateway certification. Required for many DoD positions.
The cybersecurity skills gap is massive — and getting worse
There are 4.8 million unfilled cybersecurity positions globally according to ISC2, and the workforce needs to grow by 87% to meet current demand. In the U.S. alone, over 514,000 cybersecurity job openings were posted in the past 12 months — up 12% year-over-year. CyberSeek reports a supply ratio of just 74%, meaning only 74 qualified workers are available for every 100 positions demanded.
The consequences are real: 88% of organizations experienced a significant cybersecurity event tied to skills shortage in the past 12 months, and organizations with significant staff shortages face breach costs $1.76 million higher on average. BLS projects approximately 16,000 new openings per year over the next decade.
Cybersecurity is the only tech sector that remained above pre-pandemic hiring levels throughout 2023-2025, while the rest of tech experienced significant layoffs. The field maintains effectively 0% unemployment.
Remote vs on-site salary differences
Fully location-agnostic pay is getting rarer in cybersecurity. Employers have shifted to geo-banded compensation, meaning remote workers outside major metros earn 10-25% less than on-site equivalents in those markets. ZipRecruiter reports the average remote cybersecurity analyst salary at $99,400, compared to the overall average of $129,750 across all arrangements.
However, this is changing. Many cybersecurity roles require access to secure environments and clearance-level work, which limits full-remote availability. The trend is toward hybrid arrangements, with employers absorbing the gap through overwork and outsourcing rather than posting new fully-remote roles.
Government vs private sector — the total comp surprise
On paper, private sector cybersecurity roles pay more: $110,000+ base compared to $80,000-$90,000 in government. Entry-level government roles start 15-20% lower. But total compensation tells a very different story.
A GS-14 federal employee earning $163,000 base, when you factor in FERS pension, TSP matching, and federal health benefits, actually out-earns a $185,000 private sector contractor in total compensation. And the security clearance premium is substantial: cleared professionals earn 20-40% above commercial rates, with clearance holders in the D.C. area commanding a $20,000-$40,000 premium over comparable non-cleared private sector roles.
Fastest growing specializations
- AI/ML Security — 87% of World Economic Forum respondents say AI vulnerabilities are the fastest-growing risk. 41% of security teams cite AI/ML as their #1 skill need. Median salary: $175,000.
- Cloud Security — driven by accelerating cloud migration. CCSP demand is growing faster than almost any other certification. Salary range: $120,000-$170,000.
- Penetration Testing — Glassdoor average of $154,377 with 33% projected growth. Entry roles start at $90,500, with 75th percentile reaching $206,243.
- Security Architecture — among the fastest-growing specializations. Salary range: $150,000-$200,000+.
- GRC (Governance, Risk, Compliance) — growing strategic importance. CISM certification delivers 18% salary boost. Salary range: $125,000-$160,000.
What most people get wrong about cybersecurity salaries
First, budget has overtaken talent as the primary barrier. For the first time, economic pressures and budget cuts (33%) have surpassed lack of qualified candidates as the #1 reason for cybersecurity staffing shortages. The talent exists — organizations are just choosing not to pay for it.
Second, over half (52%) of cybersecurity leaders say the real issue is skills, not headcount. The gap is qualitative, not just quantitative — having the right skills matters more than simply having a cybersecurity title.
Third, job postings are down 36% from the 2022 peak, but the shortage keeps growing. Employers are absorbing the gap through overwork and outsourcing rather than posting new roles — meaning the crisis is worse than job board data suggests.
How to maximize your cybersecurity salary
- Get certified early — each certification averages $18,000 in salary boost. Start with CompTIA Security+, then pursue CISSP or CCSP within 2-3 years.
- Specialize in AI security or cloud security — these are the fastest-growing and highest-paying niches, with median salaries of $168,000-$175,000.
- Consider government + clearance — the total compensation package, job security, and pension can outperform higher-salary private sector roles.
- Target high-paying metros strategically — San Jose, SF, and D.C. pay $40,000-$50,000 more than the national average. Remote roles from emerging hubs like Austin or Raleigh offer a strong cost-of-living advantage.
- Stack complementary skills — cybersecurity professionals who also understand cloud architecture, DevOps, or AI/ML command premium salaries.