How Much Do Cyber Security Consultants Earn?

We roll our eyes, but we’re all secretly pleased when our aunties and grandpas ask us to check their computers for viruses after too many hands of internet blackjack on sketchy-looking websites. It feels good to share tech knowledge and even better when it keeps people safe from harm. Cyber security consultants enjoy their jobs for these reasons—and many more. The possibIlity of cyber threats in modern computing seems to grow larger by the day, even as our world becomes smaller.

The importance of cyber security expertise makes this a field well worth considering for professionals who feel at home with technology and thrive on solving problems. In this article, we explore:

• How much do cyber security consultants earn?
• What do cyber security consultants do?
• What affects earning potential?
• What’s driving interest in this field?
• Where can I earn the most as a cyber security consultant?
• Can I telecommute as a cyber security consultant?

So, how much do cyber security consultants earn?

PayScale indicates the average entry-level salary for a cyber security consultant stands at $64,100 per year. Meanwhile, the Bureau of Labor Statistics data points to a median annual income of $102,600. Those in the information industry earn the most (almost $129,000 per year) followed by professionals in finance and insurance ($105,000) and corporate management ($101,000).

What exactly do cyber security consultants do?

Cyber security consultants are responsible for keeping businesses, governments and other entities safe from threats to their IT infrastructure and protected data. The role requires familiarity with industry-specific regulatory and compliance guidelines and a willingness to engage in ongoing learning, since privacy and data stewardship laws undergo regular revisions. Basically, you need to be a computer whiz.

Consulting on these matters may also require you to train staff members on security best practices and what emerging guidelines and laws mean for their daily workflows.

In some cases, cyber security consultants take on the role of a “white hat hacker” (or ethical computer hacker) to engage in penetration testing. This is where the consultant deliberately attempts to breach an organization’s defenses to find and close any weak points.

All consultants in this field draw from a common set of skills, but they often find themselves settling into one or more specialized roles. These include computer forensics—discovering how a system’s security can be undermined and advising on future protection—and application security, which involves proactively finding security exploits and writing new code to avoid vulnerabilities in software, industrial control systems and other digital technologies.

Maybe not so surprisingly, this role attracts several kinds of people.

First and foremost, cyber security consultants are detail-oriented and excellent problem-solvers. Security mentoring frequently comes with the territory, so patience and solid communication skills are additional characteristics of an ideal candidate. Most importantly, this job is for people who delight in doing the right thing and helping institutions keep people safe.

What affects earnings potential?

The BLS’s median salary of $102,600 is only part of the story. Job listings compiled by Glassdoor indicate a slightly higher average of $109,000. ZipRecruiter found that job listings in 2019 averaged $116,000 per year.

Factors that impact earnings include system- and program-specific skills, certifications, schooling, years of experience, and the location and size of the company.

Education requirements vary among employers, so much so that many active cyber security experts secured their positions without a college degree. Salary.com indicates that a master’s degree provides only a nominal boost in cyber security consultant salaries over a bachelor’s degree.

Even if a formal college education isn’t required for employment in this field, IT certifications frequently are. The most common certification is known as CISSP, or Certified Information Systems Security Professional. An ISSA survey of IT workers turned up 71 certifications, and CISSP was the most common among those surveyed.

What’s driving interest in this field?

A talent shortage is driving interest in cyber security today. The BLS expects the job market in this field to grow by 35 percent between 2021 and 2031, adding 57,000 new jobs. Attrition and advancement should open nearly 20,000 jobs in this field every year.

Other publications agree: U.S. News & World Report declared cyber security analyst/consultant its second-best technology job of 2023. Cybersecurity Ventures predicts that up to 3.5 million cyber security jobs will remain unstaffed in 2025.

That 3.5 million unfilled jobs statistic suggests a zero percent rate of unemployment in this field. This kind of job security, in addition to the earnings potential, makes this one of the most desirable positions in technology today.

It’s not hard to imagine why cyber security is so sought-after by companies of all sizes—not with major stories of data theft breaking on a seemingly weekly basis. Cybercrime caused $8.4 trillion in business losses in 2022, an annual figure that should swell to almost $24 trillion by 2027. It’s the Wild West out there, and everyone’s looking for good sheriffs.

Where (in the country) will you earn the most?

Here are the top five cities in the U.S. for cyber security job prospects, along with their average salaries in 2023:

1. Santa Clara: $137,000
2. Mountain View: $134,000
3. San Francisco: $132,000
4. Fremont: $129,000
5. Marysville: $128,000

According to the BLS, cyber security jobs are plentiful in Virginia (think northern Virginia and the federal government), Texas, Florida, New York, and Maryland (think Virginia). The five top-paying states are:

1. California: $135,000
2. New York: $133,000
3. Maryland: $126,000
4. Iowa: $126,000
5. Districct of Columbia: $125,000

Did somebody say “telecommuting?”

As remote work opportunities become more readily available and IT experts more mobile, location may become less of a differentiating factor when it comes to earnings. Between telecommuting and the cyber security talent shortage, companies will have to make their salaries more competitive with businesses located in other cities, regardless of where their preferred candidates hail from.

Nevertheless, there are few fields out there that provide a better balance between earnings potential, job prospects, satisfaction and proximity with some of the latest technologies and most cutting-edge companies. So, are you ready to hack?

Questions or feedback? Email editor@noodle.com