It should come as no surprise that information security professionals remain a hot commodity. That has been the case for several years now.Cyber threats continue to be on the rise in both frequency and intensity, cyber defenses remain inadequate to stem the tide, and demand for top cybersecurity talent is growing more urgent.All of this is driving up salaries and benefits for cybersecurity pros, especially those with strong industry knowledge, business savvy and communication skills.Comparitech, a reviews and comparison site for consumers, recently released the results of its cyber security salary and hiring study, which ranked states based on average annual salaries for information security analysts, number of workers currently employed in that role, rate of employment, and number of open positions, as well as long-term job projections, and other factors that make each state unique. All salary data was adjusted for cost of living, and a numeric score was obtained for each state.Here's a look at the five top-ranked states and what makes them great places to work in cyber security.1. VirginiaAverage annual salary: $111,780Individuals currently in this role: 14,180Job vacancies for this role: 4,570If you believe the marketing, Virginia is for lovers. It is also a pretty sweet place for cybersecurity professionals. Virginia boasts the highest number of people currently in these roles in the country (at 14,180), has the highest employment of information security analysts per 1,000 total jobs (at 3.70), and the average salary for these cybersecurity pros here is over $110K.Fueling much of that hiring, of course, are government agencies. But there are also plenty of jobs in the private sector. Top employers demanding plenty of cybersecurity talent include CapitalOne, Amazon and Neustar, as well as non-profits such as IMF and the World Bank.\u201cI think Virginia offers something unique to cyber pros in that they can build careers in both federal and commercial organizations,\u201d explains Michelle Durante, recruiting manager at eGlobal Tech in Washington DC. \u201cThere are big technology corridors in Northern Virginia that offer flexibility to move from one organization to the next, such as Tysons Corner, Reston, Dulles, Arlington and Alexandria.\u201dEmployers expect a cybersecurity job candidate to be well-rounded. They should have strong infrastructure and networking foundations, and strong core capabilities in other IT skill sets before moving into cyber security roles, Durante says.\u201cFederal consultants with clearances and certifications are in high demand,\u201d Durante notes. \u201cHands-on technical skills with the combination of related degrees helps us maximize value to the federal government. Where we see the biggest gap is often in the soft skills as well as direct consulting skills with customers (both internal and external). Professionals with specific tool experience are also in high demand.\u201d2. TexasAverage annual salary: $104,170Individuals currently in this role: 8,520Job vacancies for this role: 4,128Everything is big in Texas, of course, and that includes the number of individuals working in information security analyst jobs (at 8,520) and paychecks for these professionals (with an average annual salary of $104,170).\u201cTexas has a robust economy, the cost of living is low, and we have no income tax. Some folks are calling us the Silicon Valley of the South,\u201d explains Barbara E. Lynch, director of cybersecurity and IT recruitment at GBit, Inc.There are four diverse major cities in Texas: Austin, Dallas, San Antonio and Houston. \u201cDallas is home to many large Fortune 500 Companies,\u201d Lynch says. \u201cAustin is an innovation tech hub. San Antonio offers nationally recognized technology and research institutions as well as the 24th & 25th Air Force and NSA Texas. Houston offers robust oil and gas and healthcare employers. We can offer cybersecurity professionals a range of markets and experience within that space.\u201d\u00a0While all industries are hiring cybersecurity talent, Lynch says banking and finance, government, and healthcare are especially strong markets.\u201cCybersecurity professionals are being paid on average 10% to19% more than IT professionals, due to lack of cybersecurity talent,\u201d Lynch says.As in Virginia, employers here are picky about who they hire into cybersecurity roles.\u201cCuriosity, passion and emotional intelligence are now being discussed by employers when evaluating their ideal candidate,\u201d Lynch explains. As to technical skills, \u201cMore and more companies are migrating to the cloud. l am seeing more companies searching for talent in this area.\u00a0 As a result, cloud security engineer is a hot job.\u201dAutomation and artificial intelligence are also hot topics. So is data privacy, with GDPR in effect in Europe, CCPA coming into effect in January, and more data privacy regulations likely to emerge over the coming years.\u00a03. ColoradoAverage annual salary: $102,820Individuals currently in this role: 3,590Job vacancies for this role: 1,372With average annual salaries for information security analysts at over $100,000, and a labor pool of 3,590 individuals doing this work, Colorado is one of the top job markets, coming in at number 3 in the rankings.Colorado also performed better than number-one ranked Virginia when it comes to recent salary increases for cybersecurity pros. According to Comparitect, recent salary increase percentages for information security analysts were slightly higher in Colorado over both a one-year and a five-year period.With its mile-high elevation, many Colorado businesses and industries definitely have clouds on their mind, and that is reflected in job postings for open cybersecurity positions. As noted by Jennifer Reid, corporate recruiter at Blackstone Technology Group, the best way to understand what is happening with the local cybersecurity space is to follow the ads for these professionals, what the respective employers are seeking, and how long the requisitions stay open.Blackstone itself is seeking cloud network engineers, cybersecurity network engineers, cyber systems engineers, cypersecurity computer network defense engineers, identity and access management administrators, information security engineers and a director of information technology security and compliance.4. New YorkAverage annual salary: $122,000Individuals currently in this role: 6,930Job vacancies for this role: 2,600If a top-dollar paycheck is the goal, the Big Apple is the market that cybersecurity pros should set their sights on. Ranked the number four top market in the study, New York boasts the highest average salaries in the country for information security analysts, at $122,000.\u2018Average salary\u2019 is a relative term, of course. \u201cIt depends on the level of experience a candidate has,\u201d notes Tade Reen, director of information security search at StevenDouglas Staffing & Recruiting in New York. \u201cRight now, a 3- to 5-year candidate with strong experience at reputable firms can command $140,000 to $160,000 per year. From there it only goes up.\u201dNew York has a large population of information security analysts, estimated at 6,930, with another 2,600 unfilled jobs for this role. And it\u2019s easy to see why the city that never sleeps has both eyes on the lookout for cyber talent.It\u2019s \u201cthe same reason New York is such a hotbed for almost any other kind of business entity: The size of the market, and the sheer amount of companies and industries that are potential employers,\u201d Reen stresses. \u201cAbove a certain size (below which IT\/security is usually outsourced) every shop from a VC\/PE backed startup to a tier one investment bank needs cyber security talent.\u201dWith top salaries at stake, job candidates here should be well-rounded in business, technology and security. Equally important are communication skills, both written and verbal.\u201cThere are many penetration testers who can hack into an application or website, but much fewer who can pass along that information succinctly and in an understandable manner to those up the corporate chain that are less \u2018in the weeds\u2019 as they say,\u201d explains Reen. \u201cIt is always highly advantageous to be able to explain complexities in a simplified manner.\u201d5. North CarolinaAverage annual salary: $104,430Individuals currently in this role: 3,570Job vacancies for this role: 1,397Average annual salaries for information security analysts in the six figures, relatively mild winters, and a robust economy, make North Carolina attractive to workers. And there are multiple locations that have their own sort of \u201cpersonality,\u201d note Charlie Dillon, director of business development and Joe Hudson, principal recruiting lead at Hunt Source in North Carolina.\u201cAlthough Charlotte is often thought of as a \u2018banking city,\u2019 it really has been growing as a technology center,\u201d Dillon says. \u201cBank of America, Wells Fargo and Ally employ over 5,000 people in their cyber programs alone.\u00a0 These three banks have helped create a talent pool like no other city on the east coast. This has attracted Truist (BB&T\/SunTrust), MUFG and Honeywell to set up technology hubs here in Charlotte.\u00a0 And with Duke Energy, you have one of the nation\u2019s more prominent energy companies exuding a very strong focus on security.\u201d\u201cRaleigh also has a lot to offer. The city has multiple top ranked universities, a big bio-pharma and technology hub. The town of Cary, NC is one of the most highly sought after cities to live in the US.\u00a0 Its ISSA Chapter is one of the biggest in the country,\u201d Dillon says.With an estimated 1,397 unfilled jobs for information security analysts, \u201chiring managers are starting to get more flexible on industry knowledge and are really looking for people who have a set of technical skills, resourcefulness and self-sufficient drive to learn.\u00a0 Many candidates are finding it quicker to learn the industry content as opposed to the security elements,\u201d Dillon explains.\u00a0Top traits for successful cybersecurity professionals include being able to communicate to a variety of audiences at multiple levels (junior SOC analysts vs. CISO, offshore developers or lawyers) and really understanding the appropriate jargon for that audience is the winning ticket.\u00a0\u201cThe ability to create buy-in to a new process or technology is also something often required to build out a successful team, project or implementation.\u00a0 Additionally, having a level head in the moment of a potential breach or disagreement on strategy is paramount,\u201d Dillon says.