Contents
Updated on
5/1/2026
 •
11 min
read
Contents

If you've looked into a cybersecurity career, you've seen the headlines: six-figure salaries, explosive demand, a field practically begging for talent. The reality is more interesting than the hype — and a lot more specific. The pay is strong. What you actually take home depends on your role, how long you've been doing it, where you live, and what you specialize in.

The U.S. Bureau of Labor Statistics puts the median annual wage for Information Security Analysts at $124,910 as of May 2024. That's a useful number, and it's only a midpoint. Entry-level professionals typically start between $65,000 and $90,000. Senior specialists and managers pull $150,000 to $220,000+. Chief Information Security Officers at large organizations? Total compensation often lands between $300,000 and $600,000.

This guide breaks down cybersecurity salaries by role, experience, location, and industry — using authoritative sources and real market data — so you can set honest expectations and map a path that actually works.

How Much Do Cybersecurity Professionals Actually Make?

The honest answer: it depends. "Cybersecurity salary" covers dozens of distinct roles — from a SOC analyst triaging alerts on the night shift to a senior architect designing defenses across an entire enterprise.

The BLS rolls most of this work into Information Security Analysts, a category projected to grow 29% from 2024 to 2034 — far faster than the average occupation. The growth is real. It doesn't mean every open role pays six figures on day one.

National Salary Benchmarks by Experience Level

Realistic expectations at each stage, drawn from BLS data, CyberSeek, and industry salary aggregators:

  • Entry-level (0–1 year): $65,000–$90,000
  • Junior (1–3 years): $75,000–$105,000
  • Mid-level (3–6 years): $95,000–$145,000
  • Senior (6–10 years): $130,000–$190,000+
  • Lead/Manager (8–12 years): $150,000–$220,000
  • Executive (12+ years): $200,000–$350,000 base; total comp can clear $600,000 at large firms

These are mostly base salaries. Add bonuses, equity, and on-call premiums and total compensation climbs another 10–40% — especially in tech and finance.

Cybersecurity Salary by Role

Not every cybersecurity job pays the same. Cloud security, application security, and incident response command premium salaries. Compliance-focused roles tend to cluster near the median.

Cybersecurity Salary Ranges by Role and Experience Level
Role Entry-Level Median Senior
SOC Analyst (L1) $60,000–$80,000 $75,000–$95,000 $95,000–$115,000
SOC Analyst (L2) $75,000–$95,000 $90,000–$110,000 $110,000–$130,000
Cybersecurity Analyst $70,000–$90,000 $100,000–$125,000 $130,000–$155,000
Security Engineer $90,000–$120,000 $130,000–$160,000 $170,000–$210,000
Penetration Tester $85,000–$110,000 $115,000–$140,000 $145,000–$180,000
Cloud Security Engineer $110,000–$140,000 $145,000–$180,000 $185,000–$230,000
Security Architect $130,000–$160,000 $170,000–$210,000 $220,000–$260,000+
GRC/Compliance Analyst $70,000–$95,000 $95,000–$120,000 $125,000–$150,000
Incident Responder $85,000–$110,000 $115,000–$145,000 $150,000–$185,000
Application Security Engineer $110,000–$140,000 $145,000–$180,000 $185,000–$230,000
Security Manager $140,000–$170,000 $170,000–$210,000 $220,000–$260,000
CISO $200,000–$275,000 $275,000–$350,000 $400,000–$600,000+ total

Worth noting: Aiming to become a security engineer? Expect a higher starting salary than a SOC analyst role — and steeper technical requirements going in. Cloud and application security specialists sit at the top of the range because the skills are genuinely hard to find and the business stakes are high.

Why some roles pay more

The highest salaries cluster around three things:

  1. Technical depth. Roles that need coding, scripting, or cloud-native security skills (AWS, Azure, GCP) pay more than monitoring-focused work.
  2. Business impact. AppSec engineers and architects protect revenue-generating systems directly — and that visibility justifies higher comp.
  3. Scarcity. Incident responders, pen testers, and cloud security engineers are genuinely hard to hire, especially with hands-on experience.

How Location Affects Your Cybersecurity Salary

Where you work — or where your employer is headquartered — still matters enormously. BLS metro-level data shows Information Security Analysts in the New York City metro earned a mean annual wage of $146,540 as of May 2023, nearly 20% above the national median.

Top-paying states and metros

Markets that consistently offer higher cybersecurity salaries:

  • California (San Francisco Bay Area and Los Angeles especially)
  • New York
  • Massachusetts (Boston)
  • Virginia / Washington, D.C. (cleared roles carry a premium here)
  • Washington (Seattle)
  • Texas (Austin, Dallas)
  • Colorado (Denver)
  • Illinois (Chicago)
  • Florida (Miami, Tampa)
  • Georgia (Atlanta)

The CyberSeek heat map gives a real-time look at demand by state and metro — useful if you're weighing a relocation.

The remote work reality

Remote cybersecurity roles are still common, but fully location-agnostic pay is getting rarer. Many employers have moved to geo-banded compensation, paying 10–25% less for remote workers outside major metros. A security engineer earning $150,000 in San Francisco may see the same role offered at $120,000 if they work remotely from a lower-cost city.

Cleared roles in the D.C. corridor often pay a premium despite less schedule flexibility. A security clearance is scarce, non-transferable, and time-consuming to obtain — which gives cleared professionals real leverage.

Industry and Employer Type: Who Pays the Most?

The sector you land in makes a real difference. How industries compare to the national baseline:

  • Big Tech / SaaS: +10% to +30%, often with significant equity.
  • Finance / Fintech: +10% to +25%, especially at trading firms and payment processors.
  • Government / Defense: Moderate base pay, but clearance adds meaningful long-term value.
  • Consulting: Competitive pay with faster advancement; expect client pressure and travel.
  • Healthcare: Near median, with steady demand driven by HIPAA requirements and ransomware risk.

On startups: Early-stage companies may offer a lower base but meaningful equity. Look hard at vesting schedules and the company's trajectory before signing.

Do Certifications Increase Your Cybersecurity Salary?

Certifications correlate with higher pay — they don't directly cause it. What they actually signal is experience, specialization, and commitment. Hiring managers notice that.

(ISC)² reports that CISSP holders in North America average around $147,375 in annual salary. Keep in mind CISSP requires five years of experience, so it's a mid-to-senior credential by design.

Certification impact by role

  • Security+: Solid for entry-level access, especially in government-adjacent roles; modest salary bump on its own.
  • CEH (Certified Ethical Hacker): Mixed employer reception; helpful for pen testing credibility.
  • CISSP / CISM: Strong signals for management, architecture, and senior analyst positions.
  • OSCP / GPEN / GCIH: Highly regarded in offensive security and incident response.
  • CCSP (Certified Cloud Security Professional): Growing premium as cloud roles multiply.

One practical note: Certifications open doors and clear HR filters. Hands-on skills move hiring managers. Pair credentials with real work — labs, GitHub repos, CTF participation — and you'll be in a much stronger position.

Can You Make $200,000 in Cybersecurity?

Yes. Just not right away. Getting to $200,000+ in base salary usually means one or more of these:

  • A senior technical role: security architect, senior cloud security engineer, or principal AppSec engineer.
  • Moving into management: security manager or director overseeing a team.
  • Working in a high-cost metro: Bay Area, NYC, or D.C.
  • Deep specialization: cloud, DevSecOps, threat intelligence, or AI security.
  • The right industry: Big Tech or finance.

Total compensation — base plus bonus plus equity — can clear $200,000 earlier if you join a well-funded startup or a public tech company with a strong equity program.

CISOs and other executive leaders routinely earn $300,000–$600,000+ in total comp at large organizations. Those roles take 12+ years of experience, real leadership credentials, and enough business acumen to hold a room of executives.

What About Entry-Level Cybersecurity Salaries?

This is where expectations and reality often collide. Six-figure headlines lead career changers to assume every entry-level role pays $100,000+. Most SOC Analyst Level 1 and junior security analyst positions actually start between $60,000 and $80,000, depending on location.

The (ISC)² Cybersecurity Workforce Study confirms a global workforce gap of nearly 4.8 million — and the shortage is concentrated in experienced talent, not first-job candidates. Employers want people who can contribute immediately, which creates a real catch-22 for newcomers.

Breaking in: realistic paths

If you're switching careers, these moves will matter most:

  1. Structured learning. Bootcamps like TripleTen's Cybersecurity bootcamp deliver project-based training built around real-world scenarios.
  2. Certifications. Security+ or a comparable credential to clear HR screening.
  3. Home labs and CTFs. Practical, demonstrable experience on platforms like Hack The Box or TryHackMe.
  4. Networking. InfoSec communities, local meetups, and mentors already working in the field.

Entry-level pay feels modest, but the upward trajectory is real. With two to three years of solid experience, moving into the $95,000–$125,000 range is a reasonable target.

Market Outlook: Is Cybersecurity Still a Growth Field?

Without question. The BLS projects 29% growth for Information Security Analysts through 2034, driven by escalating threats, regulatory requirements (GDPR, CCPA, SOC 2), and rapid adoption of cloud and AI infrastructure.

2026 trends shaping salaries

  • AI security. Protecting AI systems and AI-driven operations is creating new specializations — and early premium pay.
  • Cloud security. AWS, Azure, and GCP expertise stays in high demand; cloud security engineers consistently earn at the top of the range.
  • AppSec and DevSecOps. Shift-left security practices mean more demand for engineers who can actually write code.
  • Compliance and GRC. Regulatory complexity keeps governance and compliance hiring steady.
  • Geo-adjusted remote pay. Expect location-based pay bands to become standard, not the exception.

The talent shortage is genuine for experienced professionals. At the entry level, competition is stiffer than the headlines suggest. Practical skills and a portfolio will set you apart more than credentials alone.

Ready to Start Your Cybersecurity Career?

The pay is strong, the work matters, and the long-term outlook is solid. The field rewards people who come in prepared, specialize thoughtfully, and stay realistic about the timeline.

If you want to build the hands-on skills employers actually hire for, take a look at TripleTen's Cybersecurity bootcamp — a flexible-schedule, project-based bootcamp built for working professionals. Real projects, AI-powered features and AI-skills integration, instructors and learning coaches who answer questions, and mindset-shifting career coaching with group career training that gets you ready for real interviews. Backed by Nebius Group, a global leader in AI infrastructure, and ranked among CourseReport's Top-3 bootcamps. We back the bet with our money-back guarantee — get hired in 10 months or get refunded. A shared-risk investment in a new career you'll actually keep.

Not sure where you fit? Take the Career Quiz to find the tech path that matches your background and goals.