• United States



Top 5 US states for cybersecurity jobs

Jan 01, 20209 mins

These states boast high average salaries and plenty of job opportunities, but that's not all that sets them apart.

It should come as no surprise that information security professionals remain a hot commodity. That has been the case for several years now.

Cyber threats continue to be on the rise in both frequency and intensity, cyber defenses remain inadequate to stem the tide, and demand for top cybersecurity talent is growing more urgent.

All of this is driving up salaries and benefits for cybersecurity pros, especially those with strong industry knowledge, business savvy and communication skills.

Comparitech, a reviews and comparison site for consumers, recently released the results of its cyber security salary and hiring study, which ranked states based on average annual salaries for information security analysts, number of workers currently employed in that role, rate of employment, and number of open positions, as well as long-term job projections, and other factors that make each state unique. All salary data was adjusted for cost of living, and a numeric score was obtained for each state.

Here’s a look at the five top-ranked states and what makes them great places to work in cyber security.

1. Virginia

Average annual salary: $111,780 Individuals currently in this role: 14,180 Job vacancies for this role: 4,570

If you believe the marketing, Virginia is for lovers. It is also a pretty sweet place for cybersecurity professionals. Virginia boasts the highest number of people currently in these roles in the country (at 14,180), has the highest employment of information security analysts per 1,000 total jobs (at 3.70), and the average salary for these cybersecurity pros here is over $110K.

Fueling much of that hiring, of course, are government agencies. But there are also plenty of jobs in the private sector. Top employers demanding plenty of cybersecurity talent include CapitalOne, Amazon and Neustar, as well as non-profits such as IMF and the World Bank.

“I think Virginia offers something unique to cyber pros in that they can build careers in both federal and commercial organizations,” explains Michelle Durante, recruiting manager at eGlobal Tech in Washington DC. “There are big technology corridors in Northern Virginia that offer flexibility to move from one organization to the next, such as Tysons Corner, Reston, Dulles, Arlington and Alexandria.”

Employers expect a cybersecurity job candidate to be well-rounded. They should have strong infrastructure and networking foundations, and strong core capabilities in other IT skill sets before moving into cyber security roles, Durante says.

“Federal consultants with clearances and certifications are in high demand,” Durante notes. “Hands-on technical skills with the combination of related degrees helps us maximize value to the federal government. Where we see the biggest gap is often in the soft skills as well as direct consulting skills with customers (both internal and external). Professionals with specific tool experience are also in high demand.”

2. Texas

Average annual salary: $104,170 Individuals currently in this role: 8,520 Job vacancies for this role: 4,128

Everything is big in Texas, of course, and that includes the number of individuals working in information security analyst jobs (at 8,520) and paychecks for these professionals (with an average annual salary of $104,170).

“Texas has a robust economy, the cost of living is low, and we have no income tax. Some folks are calling us the Silicon Valley of the South,” explains Barbara E. Lynch, director of cybersecurity and IT recruitment at GBit, Inc.

There are four diverse major cities in Texas: Austin, Dallas, San Antonio and Houston. “Dallas is home to many large Fortune 500 Companies,” Lynch says. “Austin is an innovation tech hub. San Antonio offers nationally recognized technology and research institutions as well as the 24th & 25th Air Force and NSA Texas. Houston offers robust oil and gas and healthcare employers. We can offer cybersecurity professionals a range of markets and experience within that space.” 

While all industries are hiring cybersecurity talent, Lynch says banking and finance, government, and healthcare are especially strong markets.

“Cybersecurity professionals are being paid on average 10% to19% more than IT professionals, due to lack of cybersecurity talent,” Lynch says.

As in Virginia, employers here are picky about who they hire into cybersecurity roles.

“Curiosity, passion and emotional intelligence are now being discussed by employers when evaluating their ideal candidate,” Lynch explains. As to technical skills, “More and more companies are migrating to the cloud. l am seeing more companies searching for talent in this area.  As a result, cloud security engineer is a hot job.”

Automation and artificial intelligence are also hot topics. So is data privacy, with GDPR in effect in Europe, CCPA coming into effect in January, and more data privacy regulations likely to emerge over the coming years. 

3. Colorado

Average annual salary: $102,820 Individuals currently in this role: 3,590 Job vacancies for this role: 1,372

With average annual salaries for information security analysts at over $100,000, and a labor pool of 3,590 individuals doing this work, Colorado is one of the top job markets, coming in at number 3 in the rankings.

Colorado also performed better than number-one ranked Virginia when it comes to recent salary increases for cybersecurity pros. According to Comparitect, recent salary increase percentages for information security analysts were slightly higher in Colorado over both a one-year and a five-year period.

With its mile-high elevation, many Colorado businesses and industries definitely have clouds on their mind, and that is reflected in job postings for open cybersecurity positions. As noted by Jennifer Reid, corporate recruiter at Blackstone Technology Group, the best way to understand what is happening with the local cybersecurity space is to follow the ads for these professionals, what the respective employers are seeking, and how long the requisitions stay open.

Blackstone itself is seeking cloud network engineers, cybersecurity network engineers, cyber systems engineers, cypersecurity computer network defense engineers, identity and access management administrators, information security engineers and a director of information technology security and compliance.

4. New York

Average annual salary: $122,000 Individuals currently in this role: 6,930 Job vacancies for this role: 2,600

If a top-dollar paycheck is the goal, the Big Apple is the market that cybersecurity pros should set their sights on. Ranked the number four top market in the study, New York boasts the highest average salaries in the country for information security analysts, at $122,000.

‘Average salary’ is a relative term, of course. “It depends on the level of experience a candidate has,” notes Tade Reen, director of information security search at StevenDouglas Staffing & Recruiting in New York. “Right now, a 3- to 5-year candidate with strong experience at reputable firms can command $140,000 to $160,000 per year. From there it only goes up.”

New York has a large population of information security analysts, estimated at 6,930, with another 2,600 unfilled jobs for this role. And it’s easy to see why the city that never sleeps has both eyes on the lookout for cyber talent.

It’s “the same reason New York is such a hotbed for almost any other kind of business entity: The size of the market, and the sheer amount of companies and industries that are potential employers,” Reen stresses. “Above a certain size (below which IT/security is usually outsourced) every shop from a VC/PE backed startup to a tier one investment bank needs cyber security talent.”

With top salaries at stake, job candidates here should be well-rounded in business, technology and security. Equally important are communication skills, both written and verbal.

“There are many penetration testers who can hack into an application or website, but much fewer who can pass along that information succinctly and in an understandable manner to those up the corporate chain that are less ‘in the weeds’ as they say,” explains Reen. “It is always highly advantageous to be able to explain complexities in a simplified manner.”

5. North Carolina

Average annual salary: $104,430 Individuals currently in this role: 3,570 Job vacancies for this role: 1,397

Average annual salaries for information security analysts in the six figures, relatively mild winters, and a robust economy, make North Carolina attractive to workers. And there are multiple locations that have their own sort of “personality,” note Charlie Dillon, director of business development and Joe Hudson, principal recruiting lead at Hunt Source in North Carolina.

“Although Charlotte is often thought of as a ‘banking city,’ it really has been growing as a technology center,” Dillon says. “Bank of America, Wells Fargo and Ally employ over 5,000 people in their cyber programs alone.  These three banks have helped create a talent pool like no other city on the east coast. This has attracted Truist (BB&T/SunTrust), MUFG and Honeywell to set up technology hubs here in Charlotte.  And with Duke Energy, you have one of the nation’s more prominent energy companies exuding a very strong focus on security.”

“Raleigh also has a lot to offer. The city has multiple top ranked universities, a big bio-pharma and technology hub. The town of Cary, NC is one of the most highly sought after cities to live in the US.  Its ISSA Chapter is one of the biggest in the country,” Dillon says.

With an estimated 1,397 unfilled jobs for information security analysts, “hiring managers are starting to get more flexible on industry knowledge and are really looking for people who have a set of technical skills, resourcefulness and self-sufficient drive to learn.  Many candidates are finding it quicker to learn the industry content as opposed to the security elements,” Dillon explains. 

Top traits for successful cybersecurity professionals include being able to communicate to a variety of audiences at multiple levels (junior SOC analysts vs. CISO, offshore developers or lawyers) and really understanding the appropriate jargon for that audience is the winning ticket. 

“The ability to create buy-in to a new process or technology is also something often required to build out a successful team, project or implementation.  Additionally, having a level head in the moment of a potential breach or disagreement on strategy is paramount,” Dillon says.