IT security jobs by the numbers: 12 stats

IT security skills remain red hot, but just how many security positions are open now? What do top security pros earn? We round up instructive data
928 readers like this.
CIO Data Quants

Security positions – whether in data, information, network, systems, or cloud – make the list of “hard-to-staff” positions in Robert Half Technology’s 2019 Salary Guide.

You’ve heard that one before. But scroll down to the report’s national average salary tables for security-related jobs and “hard-to-staff” begins to sound like a laughable understatement, with the lowest percentiles for the least-skilled or least-experienced roles still commanding near-six-figure salaries. That’s the floor, folks.

The national average salary for a chief security officer is $270,000. (Source: Robert Half Technology)

Get into more experienced, higher-ranking security roles and the salaries increase significantly. At the highest level, the national average salary for a chief security officer is $270,000 (95th percentile). That’s second only to the CIO’s national average pay of $293,000 (also 95th percentile. Robert Half defines 95th percentile as: “A significantly high level of relevant expertise, including specialized certifications, can command a salary in the highest percentile. The role may be very complex or in a market where the competition for talent is extremely high.)

Sure, that’s the C-suite, but you don’t need to sit anywhere near it to earn a hefty paycheck as a security pro these days. At the high end of Robert Half’s average salary tables, a top information systems security manager brings in nearly $200,000 per year.

[ Read our related story: Hiring security gurus: 3 strategies to find scarce talent. ]

All those lofty projections about a cybersecurity talent gap? Employers seem to already be pricing them into the job market. It’s not just salary data, either: There’s a range of numbers that quantify the current (and future) state of IT security talent. Below, we’ll share 12 of them (and then some) that paint a sharp picture of what IT leaders face in the hunt for security pros – and what job seekers can expect.

3.5 million: The number of unfilled cybersecurity jobs worldwide expected in 2021, according to a commonly cited projection from Cybersecurity Ventures. Research firm Frost & Sullivan has previously predicted 1.5 million unfilled security jobs by 2020.

$93,000: The lowest national average salary for a security-related position in the U.S. in Robert Half Technology’s 2019 Salary Guide.

43,467: The number of open positions returned for a recent national search for “information security” on jobs site Glassdoor. Consider the wide variety of potential titles in the security field and you get broader sense of the job market. For example, “IT security analyst” returns 15,348 jobs on Glassdoor. Naturally, wider searches, such as “IT security” (20,457 results) produce bigger numbers, whereas the results shrink for more specific title searches, such as IT security specialist (2,244). There is a significant range of security-related job titles and specialty areas, including in emerging technologies such as containers.

129,173: The number of results for a national job search for “information security” on LinkedIn. LinkedIn itself is advertising a senior information security engineer position, working in vulnerability research and assessment – another reminder of the diverse menu of potential titles in the security job market.

78 percent : The percentage of companies (with internal security resources) that also hire an outside security firm for help, according to CompTIA’s recently published report, “2018 Trends in Cybersecurity: Building Effective Security Teams.” Half of the companies that contract with external resources actually work with two or three different security-related firms.

72 percent : In that same CompTIA report, nearly three out of four companies said they view their security center of operations (SOC) as an internal function.

25 percent of companies say "significant improvement" is needed in network security skills.

25 percent : The CompTIA report notes that certain bedrock security skills, such as network security and access control, are relatively strong in today’s businesses. Yet even when some good news arrives, there’s a caveat: One in four companies still say “significant improvement” is needed in network security skills, for example.

$93,000: The lowest national average salary for a security-related position in the U.S. in Robert Half Technology’s 2019 Salary Guide. We repeat: It’s the lowest. This is the 25th percentile average salary for a network security administrator. Robert Half says the 25th percentile (the lowest in its salary tables) “most often fits candidates who are newer to the role and still developing their skills.”