The Highest Paying Jobs in Cyber Security

In our interconnected age, there are more than one connected device per person on the planet. With this cornucopia of connectivity comes many conveniences, and things undreamt of even a handful of years into the past. For each connected device, however, there also comes the threat that your personal information can be comprised regarding it’s confidentiality, integrity, or availability (C.I.A.).

C.I.A., as it’s abbreviated in cyber security circles, cuts to the heart of what’s at risk in every connected device. Pending a successful exploit, or carelessness on the part of the administrator, every connected device can have it’s data exposed, altered, or access to said data taken away.

These are the risks tasked to today’s current and future cyber security professionals. Risks that grow ever higher day by day due to an extreme shortage of skilled cyber security professionals.

It’s estimated that by 2021, there will be 3.5 million unfilled cyber security jobs in America alone. This has led to a wide variety of positions highly important to fill (and highly compensated). So, with no more ado, we present our list of the 10 highest-paid jobs in cyber security for 2019.

10. Vendor Risk Management Director

In today’s vast and quickly changing tech-scape, no one organization can create all of the underlying technology they rely on to provide services. Even the likes of Google or Amazon use third-party vendors for some services and devices. And the thing is, while most upstanding third-party vendors provide outstanding and necessary products, they simply aren’t under your direct control. When using third-party vendors, there is inherently some level of risk in how they may use your data, prioritize granting you services over or under another client, or even remain in business.

This doesn’t mean that organizations should be wary of third-party vendors. Vendors are often the only way to realistically achieve your own technological offering. And a robust risk management process can elimate a great deal of uncertainty when dealing with vendors. Many vendor offerings are central to an organizations tech offerings. If other central areas of service also have their own dedicated teams, why not vendor management?

Risk management of vendors is a complex multidisciplinary endeavor. Those skilled in this role will understand enough of the technical details to properly negotiate and set-up vendor relations. They must be skilled at risk analysis and management processes, requiring a good bit of business knowledge. Finally, vendor risk management directors must be good at working with a variety of stakeholders. With such a diverse skillset, it’s no wonder that top-paid vendor risk management directors can bring in over $160,000.

  • Average Salary Nationwide: $98,100
  • Certifications pertinent to the position:Certified Regulatory Vendor Program Manager

9. Network Security Engineer

Today, nearly every device is connected. And not just to it’s neighboring nodes. Remote work, mobile devices, wireless access points, and client-facing interfaces, each pose potentially large security burdens. Particularly compared to the “old days” where all the computers in an office were connected to the same hub. Additionally, new technologies including cloud computing, virtualization, and network automation all have security implications.

With such a complex tapestry of networking technologies employed, it’s no wonder that network security engineers are in high demand. The list of skills required of network security engineers is varied and long, including:

  • VPN configuration and maintenance
  • Writing of virus and malware detection scripts
  • Maintencence of LAN, WAN, and Servers
  • Developing scripts to track network behavior
  • Maintaining hardware and software integrity
  • And at times developing your own security products

The highest paid network engineers make over $120,000. Nationwide, earnings vary slightly but are quite strong.

  • Average Salary Nationwide: $111,000
  • Certifications pertinent to the position: Certified Information Systems Security Professional, GIAC Certifications, Certified Ethical Hacker, Network+, Others

8. Information Systems Security Manager

Whether working for an organization that provides cyber security as a primary product or service, or working within the cyber security branch of a larger organization, skilled information systems security managers are highly sought after individuals. As with other engineering fields, the integration of cyber security features and best practices often follows the unique management strictures of software development. Managers in the space are often required to be masters of agile development, scrum, or related development management frameworks. Additionally, the best managers have an in-depth understanding of the product type being delivered.

This means that the best information systems security managers have often worked in technical roles related to cyber security and excel in the other requirements of managers. Additional requirements of managers often include being able to communicate about technical topics with a variety of stakeholders, be able to hold a strategic view of the undertakings of a team, being able to manage personalities, hire and fire individuals, among other things.

It’s no wonder why skilled information security managers are highly compensated. The top 10% of earners in this discipline make an average of $138,000 a year.

  • Average Salary Nationwide: $119,915
  • Certifications pertinent to the position: certified information security manager, certified scrum master, certified agile manager, Certified Information Systems Security Professional

7. Incident Responder Lead

No matter how much cyber security organizations bolster their defenses, there will come a day when an attacker attempts to mess with the confidentiality, integrity or availability of their services. It’s in those moments, when your app, or service, or server stack is being overwhelmed by a petabyte of data a second, that a capable incident response team can potentially save you organization-crippling damage.

Incident response leads typically work either in larger organizations that have their own dedicated incident response team, or for third-party incident response firms. Incident responders are typically highly adept in a wide range of technical disciplines (any disciplines concerned with an “attack vector”), and possess very good decision making skills. Many of the largest cyber security attacks in history have been over in a matter of minutes thanks to highly adept and quick-thinking incident response teams. In 2018, Github was victim to the largest ever DDOS attack (for the time). The attack lasted less than 20 minutes with third-party incident response teams redirecting over a petabyte of data a second to their own servers, scrubbing the data, and blocking the bad actors.

For those highly skilled at incident response, salaries can reach as high as $170,000 a year.

  • Average Salary Nationwide: $120,000
  • Certifications pertinent to the position: certified information security manager, certified scrum master, certified agile manager, Certified Information Systems Security Professional

6. Senior Cyber Security Consultant

Senior Cyber Security Consultants can command a wide range of fee levels. An abundance of work is available for the best consultants. Common tasks include auditing engineering, policies, networking, and legal issues related to cyber security. Jobs may occur in organizations that have their own dedicated cyber security team and are looking for an outside opinion, or among organizations that do not have a dedicated cyber security team.

While senior cyber security consulants are likely experienced in a wide range of cyber security disciplines, most specialize and are an expert in one or more areas of cyber security. Some of the most in-demand concentrations for cyber security consultants include intrusion detection, risk analyis, secure software development, risk mitigation, cloud security, and privacy auditing.

While the highest-paid cyber security consultants can take home millions of dollars a year (often paid to a larger business they run), many individuals can make up to and over $160,000 a year.

  • Average Salary Nationwide: $130,000
  • Certifications pertinant to the position: GIAC Security Certifications, Certified Protection Professional, Certified Information Systems Security Professional, Certified Ethical Hacker, Certified Security Consultant

5. Security Architects

Security architects are the individuals tasked with the security of the information technology infrastructure (or one portion of said infrastructure) for an organization. Security architects engineer organization-wide security solutions meant to shore up weak points and future proof technologies. At their core, security architect jobs are essentially senior security engineers that often hold leadership positions.

Security architects may focus on a single cyber security offering type within a large organization, or be a stand-in for all cyber security leadership in organizations that do not have “higher-ups” like chief information security officers.

Common job requirements in this role include:

  • Planning, implementing and determining security requirements
  • Testing of security systems
  • Creation of security policies
  • Mentoring of team members
  • Taking ownership of security-related products

With such a wide range of leadership and technical know-how skills required, it should come as no surprise that top-paid security architects can make $200,000 a year.

  • Average Salary Nationwide: $145,770
  • Certifications Pertinant to Position: Certified Information Security Manage, Certified Ethical Hacker, Certified Information Systems Security Professional, Information Systems Security Architecture Professional

4. Director of Privacy

Gone are the days when tech services operated in a black box, wowing consumers who had no clue how the service works. Consumers have wised up, and with an entire generation of digital natives now in the game, organizations have to spell out exactly what they’re doing with consumer data.

Directors of privacy are at the heart of communicating cyber security objectives between consumers, upper-level management, organization members, and regulatory bodies. If you don’t think this is an important job, just think about what happens when an organization is implicated in a privacy breach!

Some of the most common job duties of directors of privacy:

  • Build a comprehensive privacy program
  • Establish multi-party governance efforts of privacy party
  • Oversee risk assessment for privacy
  • Delivers or oversees delivery of privacy training
  • Work with legal counsel, public relations, engineering teams, regulatory bodies, and management

In this senior-level role, the highest-paid directors of privacy manage to take home salaries of $180,000 a year.

  • Average Salary Nationwide: $147,000
  • Certifications pertinant to the position: Certified in Healthcare Privacy and Security

3. Cloud Security Architect

If you’ve worked with technology in any capacity, you’re likely aware that many digital service providers are moving “to the cloud.” In essense, this means that organizations and digital service providers are storing the massive amount of data they create and utilize on highly optimized servers external to their own business. While moving more traditional technology services to the cloud enhances uptime, availability, and scalability, it doesn’t come without downsides. Where organizations used to have more control over where their data was held, moving to the cloud physically removes one’s data to another location. Furthermore, it requires working with a vendor of cloud services, who may very well have different security expectations than your organization.

Enter the cloud security architect. Cloud security architects are well versed in the emerging intricacies of cloud computing as well as a wide range of cyber security tools and best practices. While cloud computing inhabits the same general intersection between networking and software that a great deal of cyber security does, the speed with which users have massively adopted this new technology has put strains on our ability to secure it.

As many organizations are currently on or seeking to move to the cloud, cloud security architects are in high demand. The highest 10% of earners in this role bring in over $250,000 a year.

  • Average Salary Nationwide: $158,000
  • Certifications pertinent to the position: certified cloud security professional, AWS Certified Solutions Architect, Certified OpenStack Administrator (COA), Certified Ethical Hacker, Among Others

2. Director of Compliance

As cyber security has entered the mainstream more and more, so to have government and industry mandates on cyber security professionals. Protecting sensetive information that’s been entrusted to an organization’s computer systems is vital to retaining trust with users. And more and more governmental bodies are now enforcing this fact. Queue the director of compliance. A position once more at home in non-technology fields is now integrally tied to many large information service providers.

Director of compliance jobs blend legal knowledge, technical understanding, judgement, and public relations. This multifaceted role is a great fit for those without quite the degree of technical chops as other positions. That’s the great thing about cyber security, it’s becoming such an all-encompassing field that there are positions for almost every skill set.

And for information services companies, not-meeting compliance can be a total game changer. Being non-compliant can result in fines, lawsuits, having your products taken from digital marketplaces, and even criminal action. For this reason, tech-centered organizations that are beginning to feel the pressure of regulation are hiring directors of compliance in far greater numbers than ever before. Top-paid directors of compliance with a focus on cyber security can make close to $200,000 a year.

  • Average Salary Nationwide: $171,836
  • Certifications pertinant to the position:

1. Chief Information Security Officer (CISO)

It should come as no surprise that the very highest-paid cyber security jobs are located in the “C-Suite.” These positions generally report to the chief operating officer and are present in organizations that have large and robust cyber security operations.

A common job description for a chief information security officer position centers around establishing and maintaining an organization-wide information security management program. In organizations requiring enough cyber security manpower to require a CISO, the information security management program may include:

  • Penetration testing
  • Threat analysis
  • Original research into information security challenges
  • Educational efforts
  • Infrastructure planning
  • Legal and regulatory compliance
  • And incident response

Needless to say, CISO positions require a great deal of understanding in a diverse set of cyber security disciplines. Experienced CISO’s are in high demand and have been known to gain compensation upwards of over $400,000 a year.

  • Average Salary Nationwide: $204,000
  • Certifications Pertinant to Position: Certified Information Security Manager (CISM), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP)