Can I make a lot of money in Cyber Security?

The truth about security salaries

February 20, 2024

Q: Can I make a lot of money in Cyber Security?

From entry-level security analysts to senior CISO roles, compensation packages for security professionals are influenced by factors such as expertise, years experience, industry, and location.

To answer the question: Yes, you can achieve a high paying salary in cyber security. But let me give you some more information so you can understand the complete picture.

Here’s what I’ll cover:

  • Role variance

  • Location

  • Compensation packages

  • How to get a raise

  • How to maximise your salary

  • How to negotiate your offer

Role variance

There are many areas that cyber security spreads across, primarily:

  • Leadership

  • Governance, Risk and Compliance

  • Security Operations & Incident Response

  • Security Architecture & Engineering

  • Identity & Access Management

  • Security Testing

Roles can range from entry-level analyst positions, to senior leadership positions as Heads of these domains.

Naturally, the more senior and skilled a security professional, the greater pay they can demand. However, there are higher paying sub-fields compared to others - see the image on the next section. Security engineers can be entry level to someone with 10 years experience.

Foolish influencers present numbers without context, creating a misconception in our industry. 6-figure pay is not a reality for many experienced people (at least in the short term). The numbers you see don’t account for where you live and the cost of living.

Location

Where you work has one of the most significant impacts on your earning potential. There is a reason most western organisations outsource technology operations to countries like India. But even in the west there is a disparity in pay based on location (see the graphic below comparing average salaries in the UK vs the US). Even in the UK, there is often a difference in pay between those living in the North vs the South.

The silver lining is that more organisations are embracing remote work, allowing you to live in places with lower costs of living, but work for an organisation paying top dollar. However, there are tax and regulatory barriers preventing certain regions of the world from working with UK and US companies.

To maximise your reward, relocation may be the best move for your career in the short term.

Disclaimer: being realistic, it’s highly unlikely that you will land an entry level job paying 6-figures in the US and it's almost certain you will not in the UK. But that doesn’t mean you can’t get there with time.

Compensation packages

What if I told you it's about more than your baseline salary?

There’s a long list of benefits that organisations offer employees to sweeten the deal:

  • Paid holidays

  • Paid sick leave

  • Pension contributions

  • Bonuses

  • Sales / output commissions

  • Health insurance

  • Child care support

  • Stock options

  • Training budget

  • Company car

  • Home working equipment

  • Gym memberships

  • Flexible working

The list goes on! Pushing for higher income at the expense of your quality of life declining is not worth it.

The lesson here is that if you’re only focused on salary and not negotiating other perks, you’re leaving money on the table. A job with a lower baseline salary may provide you with greater overall value due to the total comp package than a higher baseline salary.

Wiz - Cloud Security Salary Guide 2024

How to get a raise

The problem with how most people ask for a raise is that they demand a bump in pay based on industry benchmarks and declare they are underpaid to their boss. This gives your employer a yes or no scenario. If you do this more than once you’ll feel your relationship become more tense.

Stop viewing your job as an event and view it as a continuum. Sit down with your manager, express your ambitions and how you want help figuring out a path that gets you to your target salary.

Pro tip:

  • The journey to a raise in salary starts 12 months before the raise.

  • You need to define a plan with goals and targets, including stretch goals. You need to share this with your manager and express your desire for career advancement. Then go deliver on this plan.

  • Whilst you deliver on it, campaign your progress to the decision makers in the business, so that they are part of your journey. Your success will become their success.

How to maximise your salary

The data doesn’t lie. For the majority of people, moving companies every 2-3 years has proven to have an astounding impact on their total compensation. The reality is, most companies limit how much a salary can increase on an annual basis. Sometimes these restrictions on what they can offer you can be removed in the event you’re seeking to leave the company. But this isn’t something you can make an annual habit of - it’s uncomfortable for everyone involved.

If you’ve massively improved your skills and have gained experience that is valued in the market, you can typically exceed any offer your existing organisation puts on the table.

Pro tip: Don’t burn your bridges. I’ve seen people come, go and come again, like the organisation was a revolving door, increasing their salary significantly.

Note: Leaving your organisation does not signal a disloyalty on your half. I believe everyone should experience working in different teams, cultures and industries - it makes them more well-rounded professionals.

How to negotiate your offer

Try your best to not tell recruiters your target salary.

Ask for the range they have budgeted for the role:

  • “Can you tell me the salary range for this role? Happy to let you know if it’s within my range. We can discuss specific numbers later when I’ve met the team and learn more about the role.”

Tactics:

1/ Try to get information that will help you negotiate later

  • During the interview, ask questions like: What’s the biggest priority for the team right now? Why is this role open? What’s the biggest challenge for someone stepping into this role?

2/ Address misconceptions

  • If you’ve been made an offer that’s lower than expected and the reason is vague, seek to clarify the reason why and fix any misconceptions before negotiating. You can’t tell someone you deserve more money because of your top-tier cloud skills, whilst the team felt you didn’t really know what you were talking about.

3/ Startup offers are different

  • It’s very likely there is no range for the role and you’ll negotiate directly with the founder. You need to understand: the current state of the company (financing, runway, profitability), the plan for your role, the role of equity, and exit scenarios.

4/ Ask the right questions before saying yes

  • Before accepting an offer, consider: Is the offer competitive? If equity is on the table, how does it work and is all the information true? If my compensation is based on goals, does it all add up to a fair package?

5/ Remember:

  • Everyone expects you to ask for more money.

  • You don’t need to prove you have other offers to say you have other options to consider. You don’t need to say company names, but you can quote the expected salaries.

  • Never negotiate over email. To have meaningful, impactful conversations, pick up the phone.

  • Avoid using information you found online as justification. The best way to get more is to reaffirm what you bring to the table.

  • Negotiate your overall compensation, not individual aspects of it. It’s messy to talk salary one round, equity the next, and signing bonuses at the end.

Wrapping up

  • The salaries you see on social media are misleading. There are countless factors to consider before determining what a ‘good’ salary looks like for you.

  • There are many tactics you can use to increase your compensation over time. I hope the insights and advice in this post serve you in your cyber security career.

Quick Reminder:

  • We’re rebranding to Cyber Pro Club.

  • Keep a look out for us next Tuesday.

  • Follow us across socials!

Have a great day.