Cybersecurity Salaries and Compensation: Negotiate the Best Deal
Deidre Diamond
Founder and CEO, CyberSN | Founder, Secure Diversity | Co-Founder, Day of Shecurity Conference | Cyversity Board Member
In today’s competitive cybersecurity job market, being comfortable having conversations with employers about compensation gives you an advantage. Cyber pros are in high demand, so understanding what to ask for, as well as how various compensation packages are structured, will help you get the best possible offer.
Cybersecurity salaries vary depending on company, industry, and the city where the job is located. With more companies making positions permanently remote today, there are far more opportunities for cyber pros looking to up their salary and if you're experienced, you're in luck—experience is one factor that employers look at more than education or superlatives.
When talking about money, make sure the conversation is about what your total compensation will be. The job may seem to be a good fit culturally, but if you don’t understand the full compensation package, you have no way of knowing if the job truly is the right fit for you.
What roles pay the best
Salaries for cybersecurity jobs are going to vary, but knowing the roles that have the most potential for higher earnings can provide direction for your career path. Like most industries, jobs that require more skills, experience, and responsibility are going to pay more. Someone who is starting a new role as a penetration tester with only a few years of cyber experience is going to be paid less than a cybersecurity engineer with an extensive background in the computer science field.
Leadership roles, from security manager to CISO, are going to be the top of the pay scale, both in salary and bonuses. But what about mid-level roles? Here are some cybersecurity jobs that are earning the most in compensation right now, many earning $150,000 annually and more.
- Application Security Engineer
- Senior Security Consultant
- Cloud Engineer
- Risk Manager
- Network Security Engineer
While the role and responsibilities are a large determining factor in salary, salary surveys in the cyber industry indicate that skills and experience are most important.
The Cynet 2020 Cybersecurity Salary Survey found that experience matters far more than the degree you hold. According to the survey results, salaries were similar for both those with and without computer science-related degrees. Even more important than experience when determining salary, the survey found, was quality of work. “Surprisingly, across all analyzed positions, we have found both individuals with little experience at the top of the payment curve and seasoned veterans at its bottom,” the survey reported.
Does where I’m located matter?
Large metropolitan areas and tech hubs promise the most opportunities for on-site cybersecurity positions, including Washington, D.C., New York City, and Los Angeles. However, there are cybersecurity jobs available across the country, some in high-growth areas, that are offering generous compensation packages to entice workers.
According to Infosec, New York offers the best compensation, California has the highest number of jobs, while Texas and Colorado are the states with the most growth potential. What does this mean for job seekers? While compensation is going to be the highest in New York, it’s also one of the most expensive cities on the planet. Cost of living, quality of life, and the structure of your compensation will all be important factors to consider.
Take Colorado, where the cost of living is lower than most major East or West coast metro areas. The quality of living is very high, with natural beauty and many outdoor activities to enjoy. Although people don’t immediately think of Colorado as a tech hub, it’s fifth in the nation in concentration of tech workers and compensation tends to be competitive.
For those looking for fully remote work, this opens a range of possibilities, some offering great compensation packages. Understand that, for example, West Coast tech companies may offer lower salaries but higher bonuses and stock options, will help you negotiate the best deal.
What about cybersecurity compensation beyond salary?
As we mentioned, some industries and companies prefer to offer different types of compensation beyond salary. Ask about what an expected annual bonus might look like. What is the percentage given? Is it company based, performance based, or do both factor into the total bonus package? Knowing the bonus has a base percentage of 1.5% with potential for an additional 1% based on company performance, for example, helps you calculate what you will receive.
Stock options can be a game changer when it comes to your overall income. This is often something you’ll find in compensation packages at companies on the West Coast, in the tech industry, or at a startup. Companies will often offer stock options to employees because it increases an employee’s compensation without impacting profit. By including stock options and restricted stock units (RSUs) in total compensation structures, Silicon Valley and West Coast companies are paying significantly more than everyone else.
How can I negotiate for more money?
Do your research. Find out what that position typically gets in your city and use that as a starting point. Think about cost of living and how this salary compares to what you’re making now. Also, consider what the demands of the job will be and if the salary is fair. Is this a fast-paced job where you’ll be putting in 60 hours each week and are expected to be on call 24-7? If so, the pay should reflect this.
Once you’ve researched typical salaries and evaluated what you want, come up with a firm number at the top of the salary range for your area. This way, you can open the discussion talking about what you’re worth, not what you’re willing to take.
Next, focus on experience and skills, not degrees and high-profile names. While it may be impressive to some you have three years at a top tech company, it’s not nearly as impressive if you didn’t grow, show leadership, or improved your skills while there.
Some people may be shy about revealing past experience if not directly related to cyber, but they shouldn’t be. All employment experience helps shape your career, even if outside the field. For example, the Cynet survey found that people with IT backgrounds have on average higher salaries than people who started in cyber. Employers seem to value this variety in experience.
Finally, be transparent about what you make now and what kind of compensation you’d like to get. You can get more information about negotiating tactics in this previous blog post, but essentially you will want to open the salary conversation by describing you compensation.
Today my compensation looks like this: my base salary is X, my bonus is X amount paid X times a year, and my next raise is going to be X amount on X date. My stock is X and my vacation days are X. I receive X in health benefits for X amount of people to be insured in my family, I have X for 401k, (name any/all retirement plans worth if you stay), and here is everything and anything else that my current employer spends on me.
Few people take a new job for the same or less total compensation, so laying these facts on the table helps the interviewing employer understand your expectations. When it comes to asking for a dollar amount, don’t cheat yourself or them by giving a number that you don’t want to accept.
Software Engineering Manager - AI Services at Red Hat
4 年Great information Deirdre. I might also add to the bonus question, are they paid regularly, or do they have a past of not paying based on the parameters set.
Researcher
4 年Louanne C, M.S, CISSP, CISM, CISA, CDPSE