How Much Do Cyber Security Consultants Earn?

We roll our eyes, but we're all secretly pleased when our aunties and grandpas ask us to check their computers for viruses after too many hands of internet blackjack on sketchy-looking websites. It feels good to share tech knowledge and even better when it keeps people safe from harm. _Cyber security consultants_ enjoy their jobs for these reasons—and many more. The possibIlity of cyber threats in modern computing seems to grow larger by the day, even as our world becomes smaller.

The importance of cyber security expertise makes this a field well worth considering for professionals who feel at home with technology and thrive on solving problems.

So, how much do cyber security consultants earn?

PayScale indicates the average entry-level salary for a cyber security consultant stands at $65,642 per year. Meanwhile, the Bureau of Labor Statistics data points to a median salary of $98,350 for someone with less than five years of experience.

What exactly do cyber security consultants do?

Cyber security consultants are responsible for keeping businesses, governments and other entities safe from threats to their IT infrastructure and protected data (no big deal). The role requires familiarity with industry-specific regulatory and compliance guidelines and a willingness to engage in ongoing learning, since privacy and data stewardship laws undergo regular revisions. Basically, you need to be a computer whiz.

Consulting on these matters may also require you to train staff members on security best practices and what emerging guidelines and laws mean for their daily workflows.

In some cases, cyber security consultants take on the role of a "white hat hacker" (or ethical computer hacker) to engage in penetration testing. This is where the consultant deliberately attempts to breach an organization's defenses to find and close any weak points.

All consultants in this field draw from a common set of skills, but they often find themselves settling into one or more specialized roles. These include computer forensics—discovering how a system's security can be undermined and advising on future protection—and application security, which involves proactively finding security exploits and writing new code to avoid vulnerabilities in software, industrial control systems and other digital technologies.

Maybe not so surprisingly, this role attracts several kinds of people.

First and foremost, cyber security consultants are detail-oriented and excellent problem-solvers. Security mentoring frequently comes with the territory, so patience and solid communication skills are additional characteristics of an ideal candidate. Most importantly, this job is for people who delight in doing the right thing and helping institutions keep people safe.

What affects earnings potential?

The BLS's median salary of $98,350 is only part of the story. Job listings compiled by Glassdoor indicate a slightly lower average of $85,427. ZipRecruiter found that job listings in 2019 averaged $111,225 per year, with a high of $186,500.

ZipRecruiter also noted a fairly small salary range of $58,500, which means there may be little room for advancement or ladder-climbing. The factors that are more likely to affect earnings are the applicant's skills, certifications, schooling, years of experience, and the location and size of the company.

Education requirements vary among employers, so much, that many active cyber security experts secured their positions without a college degree. PayScale indicates that applicants with bachelor's degrees in computer science take home an average salary of $83,990, while those with a master's degree average $95,942 per year.

Even if a formal college education isn’t required for employment in this field, IT certifications frequently are. The most common certification is known as CISSP, or Certified Information Systems Security Professional. An ISSA survey of IT workers turned up 71 certifications, and CISSP was the most common among those surveyed.

What's driving interest in this field?

A talent shortage is driving interest in cyber security today. The BLS expects this field to add jobs much more quickly than the average industry between 2016 and 2026. Other publications agree: U.S. News & World Report declared cyber security analyst/consultant one of the ten best jobs for technologists in 2017, and Cybersecurity Ventures predicts that up to 3.5 million cyber security jobs will remain unstaffed in 2021.

That 3.5 million unfilled jobs statistic indicates a zero percent rate of unemployment in this field. This kind of job security, in addition to the earnings potential, makes this one of the most desirable positions in technology today.

It's not hard to imagine why cyber security is so sought-after by companies of all sizes—not with major stories of data theft breaking on a seemingly weekly basis. Over the last few months, Quora, Marriott, Facebook, T-Mobile, Panera, Saks Fifth Avenue, MyFitnessPal, Orbitz and many others have all disclosed data breaches. Many smaller companies are also helping drive this trend, since they're some of the lowest-hanging fruit for potential data thieves.

These companies could use your help

Here are some of the major corporations that hire (and require) cyber security professionals:

• Apple: In addition to its carefully maintained reputation as a luxury tech brand, Apple is also making a point to draw a line in the sand when it comes to user privacy and cloud security. It also likely has an interest in making sure there are no further breaches of compromising celebrity photos.
• Federal Reserve Bank of New York: One of 12 Federal Reserve banks in the U.S. and likely one of the most tempting financial targets in the world for data thieves.
• Patient First: While the HIPAA patient privacy rule is well-established, breaches of health care companies are anything but old news. In fact, cybersecurity experts indicate medical data is many times more valuablet than credit card numbers on the deep web.
• Lockheed Martin: As a major defense contractor for the U.S., Lockheed Martin represents an attractive target for both independent and state-sponsored hackers.
• General Motors: In 2018, GM was one of 100 automakers implicated in a breach of trade secrets. These companies leverage huge supply chains in which just one weak link can spell disaster.

Where (in the country) will you earn the most?

Here are the top five cities in the U.S. for cyber security job prospects, along with their average salaries in 2016:

1. Minneapolis: $127,757
2. Seattle: $119,349
3. San Francisco: $119,346
4. Dallas: $117,890
5. Denver: $117,308

It’s no secret that location is one of the most significant determining factors when it comes to potential earnings. Take Target for example, a retail giant fell that victim to one of the highest-profile data breaches in recent memory, in which more than 40 million customers had their information compromised. The company’s corporate headquarters are in Minneapolis.

New York City also made the top ten, with an average salary of $102,271. Real estate data compiled by Savills indicates that New York is the top city in the world for tech companies—likely due to the city's status as a hub of commerce and its huge talent pool.

Did somebody say, “telecommuting?"

As remote work opportunities become more readily available and IT experts more mobile, location may become less of a differentiating factor when it comes to earnings. Between telecommuting and the cyber security talent shortage, companies will have to make their salaries more competitive with businesses located in other cities, regardless of where their preferred candidates hail from.

Nevertheless, there are few fields out there that provide a better balance between earnings potential, job prospects, satisfaction and proximity with some of the latest technologies and most cutting-edge companies. So, are you ready to hack?

Questions or feedback? Email editor@noodle.com