Here's what they found were the most important factors for making sure you earn as much as possible:
1) Choosing the right type of cybersecurity role and building your skill set
The cybersecurity role you're in clearly makes a difference: the average salary for penetration testers is $55,000 according to U.S. data from Glassdoor. But cybersecurity engineers should expect to earn about $140,000—and engineers have a more natural path to becoming architects, who can earn even more. Cybersecurity analysts are somewhere in between, averaging about $80,000 a year.
Of course, becoming a cybersecurity engineer requires more skills and experience than becoming a penetration tester, but you should know what path you are on.
Building on your cybersecurity skill set and that you're aiming for the right role within cybersecurity can make a difference of tens of thousands of dollars in terms of your annual earnings, so make sure you're picking the right role for your skills.
Typically, engineers and architects will require more coding knowledge and the ability to take their security knowledge and scale it out through large-scale products.
You have to be ready to design systems rather than simply testing them. That requires experience, a deliberate foundation in both security and programming knowledge and systems thinking about vulnerabilities and threat.
Make sure you're in the right role and focused on how to advance to the next one if you want to maximize your earnings. Here, it can be very helpful to get guidance from somebody working in the industry or a career coach.
2) Experience
Once you've chosen the right role, the years of experience significantly impact how much you can earn. For example, entry-level cybersecurity analysts earn on average $8,000 less than a component of all cybersecurity analysts according to Payscale data. This curve goes up as your career progresses.
3) Location
Many lucrative cyber security jobs are located in the United States, where this analysis is focused. You'll want to get work eligibility in the United States if you want to take full advantage: this can be done with employer-sponsored visas or work/study visas.
Cybersecurity practitioners in certain cities will earn much more than others, Payscale data shows. In Seattle, a thriving ecosystem for cybersecurity hires means you'll earn on average 19 percent more than the national average—the highest average bump we've seen.
You could see 15+ percent increases to your salary if you worked in New York City or Washington, DC. Where you live and work could have compounding returns to your cybersecurity career, and even within America, regional variations and city-by-city differences can add up to tens of thousands of dollars over the course of a few years.
4) Certifications
Certifications can bump up your salary quite a bit. Springboard found using Payscale data, that a CISM certificate can mean a $25,000 difference in yearly salary between information security analysts and a CISSP can make a $15,000 difference for information security analysts.
Across the board, certifications can help boost your yearly salary by between 5% to 25%—a huge difference if you can compound that difference across your career. Getting a CISM, CISSP, CISA or CEH certification can help your cybersecurity career immensely.
5) Portfolio
The amount of work you've done in cybersecurity certainly helps you secure positions with hiring managers. The more you can demonstrate that you have detected vulnerabilities and worked to address them in production-level settings, the better.
This can be the first obstacle between somebody and starting a cyber security career: the chicken and egg problem of needing cybersecurity experience in order to get a cyber security job.
If you're interested in making sure you're on the right path in your cybersecurity career or looking into practical, personalized training to advance or start that career and bridge the gap between theory and career outcomes, look no further than our partner Springboard's Cybersecurity Career Track.
