With an ever-growing shortage of computer security professionals and the growing risk of cybercrime, companies are paying cyber security analysts top-dollar to protect their most sensitive data. Here’s what you can expect to earn in 2020.
Image description
Mairead Kelly
Noodle Expert Member

March 10, 2021

It’s estimated that cybercrime will cost the world $6 trillion annually by 2021. Add the devastating impact that cyberattacks have had on personal lives, professional careers, and business relationships, and it’s only fitting that companies are paying cyber security analysts top-dollar to protect their most sensitive data.

What does the phrase, “buyer’s market" bring to mind? Chances are, you’ve heard it applied to the real estate market, particularly when houses tend to sell for less and sit on the market for a longer period before receiving an offer. While this is likely the term’s most common use, it can apply to any type of market where supply exceeds demand—and purchasers have an advantage over sellers in price negotiations.

What does this have to do with the field of cyber security? On the surface, not much, unless you’re looking for an office space to house your malware protection company. But there is a connection when considering today’s job market—which for cyber security professionals, is a place where they undoubtedly have the upper hand.

According to a Cybersecurity Workforce Study from the professional cyber security organization (ISC)2, in 2019, 65 percent of organizations reported a shortage of staff dedicated to cyber security. By 2021, the global cyber economy research and publishing firm Cybersecurity Ventures predicts there will be as many as 3.5 million unfilled positions worldwide—and an estimated $6 trillion in damages as a result of cybercrime.

“DDoS attacks, ransomware, and an increase in zero-day exploits are contributing to the cybercrime damages prediction becoming a reality," says Robert Herjavec, founder and CEO at Herjavec Group, a security services provider. “What really worries me though, is that all the hype around cybercrime—the headlines, the breach notices—makes us complacent. The risk is very real and we can’t allow ourselves to be lulled into a sense of inevitability."

There’s no getting around the fact that data breaches and hacks are here to stay, but at the same time, Herjavec is right. As an ever-increasing number of organizations recognize the growing need to protect their interests, they offer competitive salaries to avoid missing out on the talent they need—cyber security analysts included.

In this article, we'll cover:

  • What is a cyber security analyst?
  • What degrees do you need to become a cyber security analyst?
  • The employment outlook for cyber security analysts
  • How much do cyber security analysts earn?
  • What impacts a cyber security analyst’s salary?

What is a cyber security analyst?

Cyber security analysts (sometimes called information security analysts) are in charge of keeping intruders and hackers out of their organizations’ networks to protect their digital files and information systems (IS) from unauthorized access.

Their work involves searching out weaknesses in their organizations’ infrastructure across software, hardware, and networks, and finding creative ways to protect their companies. They also provide direction to management on what would be best for the protection of the organization, as well as advising on safety measures, policies, and any necessary training.

According to the Bureau of Labor Statistics (BLS), cyber security analysts’ key responsibilities include:

  • Monitoring their organization’s networks for security breaches and investigating a violation when one occurs
  • Installing and using software, such as firewalls and data encryption programs, to protect sensitive information
  • Preparing reports that document security breaches and the extent of the damage caused by them
  • Conducting penetration testing, or simulated attacks, to look for vulnerabilities in their systems before they can be exploited
  • Researching the latest information technology (IT) security trends
  • Developing security standards and best practices for their organization
  • Recommending security enhancements to management or senior IT staff
  • Helping company employees install or learn about new security products and procedures

What degrees do you need to become a cyber security analyst?

Given that this specialized area of information technology is relatively new, the path to working in this field isn’t quite as clear cut as others. Typically, cyber security analysts need at least a bachelor’s degree in computer science, information assurance, programming, or a related area to begin work in the field.

According to the BLS, some employers may prefer applicants who have a Master of Business Administration (MBA) in information systems or information technology, two degree tracks that include both business and computer-related training.

Having said that, many current analysts chose slightly unexpected routes into their profession by starting in more generalized IT roles, gaining IT experience, and then making the transition. Others may seek out certification in areas ranging from general information systems security to systems auditing.

Common certifications for cyber security analysts include:

According to the (ISC)2’s survey, 38 percent of cyber security professionals in 2019 had at least a bachelor’s degree, while 28 percent had a master’s degree and 10 percent had a doctoral or post-doctoral degree. What’s more, 40 percent held degrees in the fields of computer and information sciences. Of non-IT-focused degrees, 19 percent had engineering degrees and 10 percent had business degrees.

The employment outlook for cyber security analysts

According to Data USA, a project by the media lab at the Massachusetts Institute of Technology and Deloitte, 91,500 cyber security analysts were employed nationwide in 2017. As demand in the field increases, the BLS notes that the employment of cyber security analysts is projected to grow 32 percent and encompass a workforce of over 147,000 by 2028.

The (ISC)2 reports that in 2019, the employment of cyber security analysts was distributed the following industries:

  • IT services: 22 percent
  • Financial services: 8 percent
  • Government: 7 percent
  • Manufacturing: 6 percent
  • Healthcare: 6 percent
  • Education: 5 percent
  • Engineering: 5 percent
  • Retail: 5 percent

How much do cyber security analysts earn?

According to the BLS, cyber security analysts pulled in a median annual wage of $98,350 in 2018. PayScale, on the other hand, reports that those in the field make an average salary of $75,746 per year, with salaries ranging from as low as $51,000 to as high as $117,000. Meanwhile, the company review site, Glassdoor, indicates a national average pay of $76,410 annually.

What impacts a cyber security analyst’s salary?

Several factors can impact a cyber security analyst’s salary. They include:

  • Employer
  • Experience
  • Education
  • Specialization
  • Location


You know that cyber security skills are in peak demand, and you can look to Glassdoor's list of the highest-paying U.S. companies in 2019 to prove it.

The cyber security firm Palo Alto Networks tops the list and offers its workers a median annual salary of $170,929. With headquarters in Santa Clara, California, this figure dwarfs San Francisco’s median per capita income of $64,157. Bay Area tech companies like Twitter and Google also dominate this list. Both are known for innovating in the cyber security space—and offering median salaries of over $160,000 a year.


As in most industries, cyber security analyst salaries increase based on years of experience. Here’s how PayScale breaks down the average annual salary for cyber security analysts as they garner more time in the field:

  • Entry-level: $61,647
  • Early career: $69,972
  • Mid-career: $87,708
  • Experienced: $100,397
  • Late career: $111,442


Not every decision to head back to school can seem like a sound investment, especially for cyber security analysts, who can usually find work with a bachelor’s degree—and sometimes, even less.

But even in a field where candidates with non-traditional educational backgrounds are welcome, professionals who have a master’s degree or above are more likely to see significant salary increases.

According to PayScale, candidates who hold a bachelor’s degree in cyber security or a similar field make an average salary of $69,000 per year. Those who have an MBA in information systems or information technology can expect average salaries of $91,000 and $109,000, respectively.


As hacks and data breaches no longer affect only “the big firms" and the rise in cloud services allow databases to be accessible from virtually anywhere, hackers pose a threat to companies of all sizes.

The field itself is becoming more complex, requiring professionals to not only have technical skills, but also an understanding of their industry’s security concepts and principles. The BLS notes that in 2018, the top-paying industries for cyber security analysts were as follows:

  • Computer systems design and related services: $102,620
  • Finance and insurance: $101,130
  • Information: $96,580
  • Management of companies and enterprises: $94,180
  • Administrative and support services: $94,120


The Bay Area may be a hot spot for cyber security analyst jobs, opportunities for employment in this field are available nationwide. So, where should you look?

According to the BLS, the highest cyber security salaries are dominated by another geographic region, the East Coast, with one state offering as much as $23,650 more than the occupation’s median national wage.

Here’s how they break down by average mean salary:

  • New York: $122,000
  • New Jersey: $121,600
  • District of Columbia: $118,080
  • Connecticut: $112,900
  • Virginia: $111,780

Questions or feedback? Email editor@noodle.com