Cyber security professionals - which industry gives you the best salary for your skill set?
You could earn nearly 50 per cent more depending on which industry you work in. In some, the CISO is paid more than the CIO...
It's official - organisations are taking more notice of cyber security; upping their investment in the area and recruiting talent accordingly.
And yes, that has meant there is a growing need for cyber security specialists, and of course as it is a (relatively) new area - there is a lack of specialists available, and so consequently salaries have shot up. Indeed one survey from global professional services consultancy Procorre, found that nearly one sixth (15 per cent) of cyber security professionals are paid at least £100,000 a year.
But while numerous reports and surveys have confirmed much of the above, there is scant information for cyber security talent as to which industry they should actually work within - or in other words - what industry will give them the best pay package for their skill set.
But before Computing delves into different industries, let's take a look at what salaries security professionals are earning around the country right now...
The table below indicates general salary ranges in the UK; salary ranges can vary depending on size of organisation and location.
Global recruitment consultancy Harvey Nash's 2015 Cyber Security Survey based on 156 responses from information security personnel across the UK gave us further data on jobs in security as a whole. The average salary for all security job titles and sectors was £98,083. Here are some specific job titles in the area - note how the average base salary for CISOs is higher than both Stott and May's findings, and ReThink recruitment's findings.
Stephanie Crate, head of information security practice at Harvey Nash, explained that in some sectors, for instance in finance and retail, the company is seeing the CISO being paid the equivalent or more than the CIO.
"This reflects the increasing focus the board is having on infosec. It may also be in reaction to some of the more high-profile breaches that have been focused in these sectors over the last few years," she said.
She said that senior security experts commanding the highest salaries tended to be the ones that have the ability to "sell security" to the board.
"It is of course valuable to understand the security technology landscape but much like we have seen with the evolution of the CIO, the CISO is now at the centre of the internal political debate and far more removed from the technologies," Crates said.
"We have a saying here which highlights the ongoing need for personable and business minded CISOs: ‘culture will eat strategy for breakfast'. If the board don't understand the risk and your workforce aren't educated then you will not succeed with technology alone," she added.
The following table gives average base salaries by sector from the same survey. Harvey Nash was keen to highlight that with such a new area of research, the sample sizes when divided by sector can be quite low (fewer than 20), and while there might be an ‘average' salary, there isn't necessarily a ‘typical' one. But the below table does at least, give a first glimpse at remuneration by sector.
Crates said that the salary does not only depend on industry but also on the size of the organisation and the approach to a global security strategy. For instance, those with a global remit would be paid more than those organisation that are UK-only based.
James Milligan, director at Hays IT, said that the highest salaries it has seen have been offered in financial services, IT security consultancies and organisations with an online trading or e-commerce presence such as retailers and utility firms.
Milligan added that a surge in social media use has led to an increase in salaries for cyber security professionals working for social media companies to protect the personal data these networks hold.
He said that experienced security architects, CLAS consultants and penetration testers will all command high salaries.
Comparing industries to the average
Taking the mean salary for every single respondent of the 2015 Harvey Nash Cyber Security Survey of £98,083 and comparing it to each particular sector gives us the variance or comparison of the two.
This means that cyber security talent in the finance and banking area get paid 13 per cent more on average than the average cyber security worker, and infosec specialists in government get paid an average of 24 per cent less than the mean for all sectors and job titles. Or in order words, cyber security workers in finance and banking are paid, on average, about 50 per cent more than people in government.
What this means is that cyber security talent in finance and in retail are earning above average, while those in telcos, media and in government are all getting less than the average infosec wage in the UK.
Cyber security professionals that really want to earn more should move to the US; Stott and May found that in New York, San Francisco and LA, the equivalent roles will see security professionals earning a third, if not 50 per cent more than their UK counterparts.