Question: How much do cybersecurity professionals earn annually? Cybersecurity salaries by degree and position
Updated: November 10, 2025
Answer: Salaries for cybersecurity professions depend on a number of important variables, including but not limited to an individual’s qualifications, level of educational attainment, and professional certifications. In addition, pay varies by specialization and by region. However, cybersecurity ranks at or near the top for in-demand IT positions, which translates to relatively high salaries, even for entry level professionals. Entry level salaries in cybersecurity often start around $50,000 per year, and that number goes up based factors such as years of experience in the field, educational attainment, and professional certifications.
Cybersecurity is a rapidly growing field in which demand for trained professionals continues to outpace the supply of new talent. As businesses throughout the economy, organizations of all types, and government agencies at the federal, state, and local level deploy networked IT systems, they create opportunities for incursions by bad actors. That translates to job openings for technicians who have cyber defense and information security skills. According to the U.S. Bureau of Labor Statistics (BLS.gov), cyber specialists are among the highest paid professionals throughout the IT workforce*, earning more on average than all but the most highly skilled engineers, architects, and developers.
In addition, CyberSeek, a workforce analytics platform developed by the National Initiative for Cybersecurity Education (NICE) in partnership with the labor market analytics company Lightcast and CompTIA, estimates there are 514,359 open job listings in the U.S. for cybersecurity positions as of their latest market data reporting period (which was accessed in November 2025).
Median Annual Salaries for Cyber and Information Security Professionals
BLS.gov has the median annual wage for information security analysts at $124,910 in its 2024 Occupational Outlook Handbook. That is approximately $20,000 higher than the median salary for all computer and information technology occupations (which BLS.gov has a median annual wage of $105,990). BLS.gov also expects the number of professionals employed in information security analysis positions to grow by 29% in the next decade, which should keep both demand strong and salaries high.
Using a different methodology and a number of different designations for cyber professionals, Glassdoor, a jobs and recruiting marketplace, lists a broader range of salaries in cybersecurity fields, with information security officers earning between $166,000 and $280,000 per year, and computer security specialists earning between $105,000 and $190,000 per year. The software and salary survey company Payscale shows a similar variance in compensation by title, with information security analyst earning an average of $81,488 per year and information security managers earning an average of $128,602 per year.
The table below provides an overview of median salaries for cyber and information security professionals as determined by the BLS.gov, Glassdoor, and Payscale (data collected in November 2025).
| Title | Annual Average Salary** |
|---|---|
| Information Security Officer (Glassdoor) | $163,500 |
| Information Security Engineer (Glassdoor) | $139,000 |
| IT Security Consultant (Glassdoor) | $133,000 |
| Information Security Manager (Payscale) | $128,602 |
| Information Security Specialist (Glassdoor) | $125,500 |
| Information Security Analyst (BLS.gov) | $124,910 |
| Computer Security Specialist (Glassdoor) | $117,000 |
| Cyber Security Engineer (Payscale) | $106,300 |
| Cyber Security Analyst (Glassdoor) | $106,000 |
| Cyber Security Analyst (Payscale) | $83,049 |
| Information Security Analyst (Payscale) | $81,488 |
| **Payscale and Glassdoor values are for base salary and do not include bonuses or additional pay which can increase an employee's total yearly compensation. | |
Variations in Salary by Experience, Geography, Professional Certification, and Educational Attainment
As noted above, salaries in the field of cybersecurity can vary greatly based on several factors, including: experience level, where a professional lives, any relevant professional certifications, and whether a professional has earned a degree in cybersecurity. Each one of these factors is explored in the sections below.
Average Salary Levels By Experience Level
As in any field, salaries are lower for entry-level cybersecurity jobs than for positions that require five or more years of experience. Salary.com, a service provider that provides salary information to businesses and individuals, has median pay ranges for different levels of information security analysts, which can be used to estimate salaries for beginning, intermediate and advanced cybersecurity specialists. The ranges (25th to 75th percentile) are as follows:
- Information Security Analyst I: $71,960 to $85,711 with an average of $78,069
- Information Security Analyst II: $84,577 to $100,537 with an average of $91,863
- Information Security Analyst III: $111,302 to $130,233 with an average of $119,689
Average Salary Levels by Geography
It is important to note that demand for cybersecurity professionals does vary depending on location. For example, CyberSeek tracks job postings by state, revealing asymmetries in demand for cyber talent. Larger states, including California, Colorado, Florida, Illinois, New York, Pennsylvania, Texas, and Virginia have the largest number of job openings for cyber professionals. Postings are lowest in states with smaller populations, such as Wyoming, Montana, and South Dakota. However, salaries do not align precisely with the volume of job postings. Instead, they depend on multiple factors, including levels of demand, available talent pool, and cost of living.
The table below provides an overview of average cybersecurity salaries by a selection of states, based on data collected by job search engine ZipRecruiter and data from BLS.gov (May 2024, accessed November 2025) on the average annual salaries for Information Security Analysts.
| State | Annual Average Cybersecurity Salary (ZipRecruiter) | Annual Average Information Security Analyst Salary (BLS.gov) |
|---|---|---|
| Alabama | ||
| Arizona | ||
| California | ||
| Colorado | ||
| Florida | ||
| Massachusetts | ||
| Michigan | ||
| Minnesota | ||
| New York | ||
| North Carolina | ||
| Ohio | ||
| Pennsylvania | ||
| Texas |
Note: It is important to note that even salaries within a state can vary based on a professional’s location and demand in their area of residence.
Average Salary Levels by Professional Certification
Professional certifications in relevant fields such a cybersecurity, information assurance, computer science, and information technology are typically correlated with salary levels. CompTIA’s Security+ certification was the most commonly required or requested professional credential in CyberSeek job postings, followed by ISC2’s Certified Information Systems Security Professional (CISSP), SANS Institute’s Global Information Assurance Certification (GIAC), and ISACA’s Certified Information Systems Auditor (CISA).
Several of the top paying IT certifications in 2025, based on analysis by the software company Skillsoft, are the cybersecurity credentials listed below, along with average salary data:
- AWS Certified Security – Specialty: $203,597
- ISC2’s Certified Cloud Security Professional (CCSP): $171,524
- Cisco’s Cisco Certified Network Professional (CCNP) Security: $168,159
- ISC2’s Certified Information Systems Security Professional (CISSP): $168,060
- ISACA’s Certified Information Security Manager (CISM): $$157,189
- ISACA’S Certified Information Systems Auditor (CISA): $155,362
- EC-Council’s Certified Ethical Hacker (CEH): $146,260
Average Salary Levels by Degree Level
Employers typically pay more for cybersecurity professionals who hold a bachelor’s or a master’s degree, and some may require or prefer candidates who have a degree in cybersecurity or a related technical field. Payscale’s salary data shows the progression from a two-year associates degree to an advanced graduate degree in cybersecurity:
- Associate of Applied Science (A.A.S.) in Cybersecurity: $56,000
- Bachelor of Science (B.S.) in Cybersecurity: $78,000
- Master of Science (M.S.) in Cybersecurity: $96,000
It is important to note that earning a degree in cybersecurity does not guarantee a certain level of pay and that average salaries by educational attainment vary over time. In addition, degree programs in cybersecurity are a relatively new offering by colleges and universities; therefore, related degree programs in computer science, information technology, electrical engineering, or another relevant field can often be used to enter the field of cybersecurity. Finally, cybersecurity is an applied field in which being able to do the work — i.e., having the knowledge, skills, and abilities (KSAs) detailed in our Guide to Careers in Cybersecurity — is paramount. Those KSA can be cultivated in degree programs, bootcamps, professional certification programs, on the job, in the military, or through any combination of these and other formal and applied learning experiences.
*Disclaimer: Please note, the salaries and compensation levels mentioned in this FAQ are not guaranteed and should only be used by students and professionals as one piece of data as they research careers and salaries. Compensation can and does vary significantly based on a person’s geographical region, experience in the field, technical competency, educational background, professional certifications, and more.
Careers in Cybersecurity FAQs:
Be Informed
For more information on our research methods, data sources, program classifications, and other important information to consider while visiting this site, please review our Sources and Disclaimers page.