The best cybersecurity jobs in 2023: Trends, roles and salaries
Cybersecurity trends in the job market
Skilled cybersecurity professionals are in high demand. North America has more than 1.34 million cybersecurity workers, and an additional 436,000 are needed to close the workforce gap, (ISC)² reports. Over the past year, CyberSeek reported 663,434 total cybersecurity job openings in the U.S., but “only enough cybersecurity workers in the United States to fill 69% of the cybersecurity jobs.”
In addition to the overall need, most cybersecurity job openings request specific certifications:
-
97,555 requested a Certified Information Systems Security Professional (CISSP)
-
86,066 requested a Security+
-
75,040 requested a Certified Information Systems Auditor (CISA)
-
49,519 requested a Certified Information Security Manager (CISM)
-
8,797 requested a Certified Information Privacy Professional (CIPP)
Various GIAC® certifications are also commonly requested.
The cybersecurity workforce is still predominantly male, but the number of women in cybersecurity has risen to 24%, up from 11% in 2017. There will likely be even more parity in the coming years.
With so many organizations reporting a shortage of cybersecurity professionals, there are increased opportunities for existing employees to upskill as well. This helps organizations keep their workforce up-to-date on the latest threats and retain them by investing in their careers.
What should you learn next?
The best cybersecurity jobs in 2023
1. Cybersecurity architect
-
Job title: Cybersecurity architect
-
Related job titles: Computer network architect, solutions architect, enterprise architect, infrastructure architect, security architect
-
Level of experience: Senior-level
-
Estimated salary: $187,603 per year (Glassdoor)
Job description: As a cybersecurity architect, you plan, design, test, implement and manage an organization's computer and network security infrastructure. Security architects develop information technology rules and requirements that describe baseline and target architectures and support enterprise mission needs. Advanced technical knowledge of network and web protocols, infrastructure, authentication, enterprise risk management, security engineering, communications and network security, identity and access management and incident response are critical to success in this role.
Learning paths and education
For this high-level cybersecurity job, you typically need a bachelor’s degree in cybersecurity, computer science or a related field.
The security architect learning path covers these core topics:
-
Security engineering
-
Enterprise security risk management
-
Cloud security architecture
-
Security architecture
-
AWS essentials
-
Incident response
-
NIST cybersecurity framework
-
Web server protection
-
NIST DOD RMF
-
SIEM architecture and process
-
Threat modeling
Below are some common cybersecurity certifications that may help land you a cybersecurity architect job:
-
(ISC)² Certified Information Systems Security Professional (CISSP)
-
(ISC)² Information Systems Security Architecture Professional (ISSAP) (CISSP concentration)
-
OT/ICS Certified Security Professional (ICSP) (formerly CSSA)
This is an advanced-level role, so plan to gain at least five years of experience — potentially more — in entry- and mid-level cybersecurity jobs on your way to becoming a cybersecurity architect.
2. Cybersecurity analyst
-
Job title: Cybersecurity analyst
-
Related job titles: SOC analyst, systems security analyst, security analyst, information security analyst
-
Level of experience: Entry- to mid-level
-
Estimated salary: $106,337 (Glassdoor)
Job description: A cybersecurity analyst is responsible for analyzing and monitoring network traffic, threats and vulnerabilities within an organization’s IT infrastructure. This includes monitoring, investigating and reporting security events and incidents from security information and event management (SIEM) systems. Security analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts. The job of a cybersecurity analyst is a common entry-level cybersecurity role.
Learning paths and education
If you’re wondering how to become a cybersecurity analyst, this job usually requires a bachelor’s in information systems, computer science or similar disciplines — although some organizations have loosened those requirements in recent years.
Your core learning will include topic and domain knowledge in the following topics:
-
Network traffic analysis for incident response
-
Incident response
-
Vulnerability assessment
-
Computer forensics
-
Cyber threat hunting
-
Threat analysis
Common certifications that give your security analyst career a boost include:
As you start, you might hold an entry-level cybersecurity job as a junior or Tier 1 SOC analyst working alongside more senior analysts, forensic investigators, incident responders, security engineers and security managers in a security operations center (SOC).
After becoming a cybersecurity analyst, you may go on to become a SOC manager, a cybersecurity engineer or a variety of other roles — analyst skills provide a strong foundation for future career growth.
3. Chief information security officer (CISO)
-
Job title: Chief information security officer (CISO)
-
Related job titles: Director of information security, head of cybersecurity
-
Level of experience: Senior-level
-
Estimated salary: $300,304 (Glassdoor), but can vary significantly depending on the size of the organization
Job description: The chief information security officer (CISO) oversees an organization's information security program and develops and implements policies to ensure the confidentiality, integrity and availability of data. You are responsible for managing the security team, coordinating with other departments on security matters and responding to security breaches. The CISO also plays a crucial role in educating staff about security protocols and best practices and ensuring the organization is compliant with relevant security regulations and standards.
Learning paths and education
Discovering how to become a CISO is a long journey, as this is a senior position. These senior executives need a wide range of expertise, education and experience.
To excel as a chief information security officer (CISO), you must master several key areas. A profound understanding of technology is crucial, as CISOs are responsible for outlining and implementing technology approaches to safeguard data. This encompasses securing various data areas, including applications, infrastructure, databases and digital ecosystems that comprise cloud, IoT, AI and analytics engines. This role requires you to stay current with cybersecurity trends and strategies. A CISO must also have robust data governance and compliance knowledge to ensure the organization adheres to relevant regulations and standards.
To be a good CISO, mastering technical areas isn't enough. A CISO must also have strong business acumen. You align security measures with business needs and objectives, which entails constant collaboration with other management members. You must have excellent communication skills to advocate for security effectively and keep all stakeholders informed about the organization’s security posture.
It's also beneficial for CISOs to understand organizational dynamics and create a structure that best serves the company's security needs. A CISO must be a strategist, technologist, manager and diplomat, ensuring security while facilitating business operations.
If you aspire to the CISO role, you might consider working toward these certifications:
-
(ISC)² Certified Information Systems Security Professional (CISSP)
-
(ISC)² Information Systems Security Management Professional (ISSMP) (CISSP concentration)
-
ISACA Certified in Risk and Information Systems Control (CRISC)
4. Security engineer
-
Job title: Security engineer
-
Related job titles: Cybersecurity engineer, information security engineer, IT security engineer
-
Level of experience: Mid- to senior-level
-
Estimated salary: $142,144 (Glassdoor)
Job description: A security engineer is responsible for implementing and continuously monitoring security controls that protect computer assets, networks and organizational data. Security engineers often design security architecture and develop technical solutions to mitigate and automate security-related tasks. Technical knowledge of network and web protocols, infrastructure, authentication, log management and multiple operating systems and databases is critical to success in this role.
Learning paths and education
The security engineer career path usually starts with earning your degree and working in entry-level cybersecurity jobs for at least a few years, as it is a higher-level position.
Your core learning topics will include:
-
System administration
-
System architecture
-
Enterprise security risk management
-
NIST Cybersecurity Framework
-
Incident response
-
Information technology assessment
-
Systems integration
-
Data privacy and protection
Certifications that may help you succeed in this role include:
-
(ISC)² Certified Information Systems Security Professional (CISSP)
-
(ISC)² Information Systems Security Engineering Professional (ISSEP) (CISSP concentration)
5. Database administrator
-
Job title: Database administrator
-
Related job titles: Data warehouse architect, database engineer
-
Level of experience: Varies from entry- to senior-level
-
Estimated salary: $105,216 (Glassdoor)
Job description: A database administrator (DBA) is responsible for storing, organizing and securing an organization's data using specialized software. You ensure databases operate efficiently and securely, perform regular backup operations and restore information if an error occurs. DBAs also design and build databases, perform database maintenance and updates and troubleshoot issues while ensuring compliance with data laws and regulations.
Learning paths and education
Infosec offers a number of database administration courses, and the Database Security Learning Path will help you learn the applicable rules and regulations to protect sensitive data.
The learning path covers these main topics:
-
Data security
-
NIST framework
-
Threats and vulnerabilities
-
Database protection methods
-
NoSQL cloud database
-
Data masking
-
Column-level encryption
-
Least privilege access management
-
Auditing
Database administrators may find the following certifications useful:
What should you learn next?
6. Incident manager
-
Job title: Incident manager
-
Related job titles: Incident response analyst, information security engineer, information security specialist, cyber defense incident responder
-
Level of experience: Entry- to mid-level
-
Estimated salary: $84,413 (Glassdoor)
Job description: An incident manager is responsible for leading the response to security incidents, ensuring they are correctly identified, analyzed, communicated and rectified. You develop and implement incident response protocols and oversee the execution of these protocols during security breaches. This role also includes coordinating with various teams to mitigate risks, recover systems, minimize damage and perform post-incident analysis to prevent future incidents.
Learning paths and education
Infosec offers a variety of incident response courses to help make becoming an incident manager more attainable. The Incident Response and Network Traffic Analysis for Incident Response learning paths help you master the stages of incident response and dive deep into the technical tools of the trade. You can also take the live Incident Response and Network Training Boot Camp to fast-track your journey.
Incident managers typically need knowledge of the following core topics:
-
Incident response procedures and protocols
-
Cybersecurity threats and vulnerabilities
-
Digital forensics and investigations
-
Risk impact assessments
-
Crisis management and communication
The following certifications may help in this role:
7. Cybersecurity data scientist and SME
-
Job title: Cybersecurity data scientist and SME (subject matter expert)
-
Related job titles: Business intelligence (BI) analyst, data analytics specialist, data engineer
-
Level of experience: Mid- to senior-level
-
Estimated salary: $148,424 (Glassdoor)
Job description: A cybersecurity data scientist and subject matter expert (SME) leverages extensive data science and cybersecurity knowledge to create models that identify and predict cyber threats. You analyze large datasets to uncover hidden patterns, unknown correlations and other useful insights related to cybersecurity threats. The role also involves developing and enhancing machine learning algorithms, providing guidance on best cybersecurity practices and contributing to the development of innovative cybersecurity solutions.
Learning paths and education
Infosec offers cybersecurity data science courses to get you started, and you can follow our Cybersecurity Data Science Learning Path to gain a foundational understanding of data science principles.
The core topics essential to this cybersecurity job role include:
-
Data science and analytics
-
Python
-
Statistical analysis
-
Data visualization
-
Machine learning techniques
-
Network security
-
Vulnerability management
-
Incident response
-
Threat intelligence
-
Risk assessment
-
Compliance frameworks
Common certifications for this profession include:
These certifications augment the knowledge and capabilities of the cybersecurity data scientist and the SME and open career advancement and networking opportunities within the field.
8. Security manager
-
Job title: Security manager
-
Related job titles: Cybersecurity manager, information technology manager, information security director
-
Level of experience: Mid- to senior-level
-
Estimated Salary: $169,604 (Glassdoor)
Job description: A security manager develops security strategies that align with the organization's goals and objectives. You direct and monitor security policies, regulations and rules that the technical team implements. Knowledge in areas like information security governance, program development and management, incident response and risk management are important to success in any security management role.
Learning paths and education
In addition to a broad understanding of technical topics, security managers need to have a firm grasp of the following:
-
Information systems and network security
-
Security risk assessment and management
-
Incident management and business continuity
-
Cybersecurity frameworks, such as those offered by NIST and NICE
-
Cybersecurity management
-
Cybersecurity leadership
It’s common for security managers to hold the following certifications:
-
(ISC)² Certified Information Systems Security Professional (CISSP)
-
(ISC)² Information Systems Security Management Professional (ISSMP) (CISSP concentration)
-
ISACA Certified in Risk and Information Systems Control (CRISC)
9. Cloud security architect
-
Job title: Cloud security architect
-
Related job titles: Security architect, cloud security engineer, senior cloud architect, network security architect
-
Level of experience: Senior-level
-
Estimated salary: $239,784 (Glassdoor)
Job description: A cloud security engineer or architect designs, develops, manages and maintains a secure infrastructure leveraging cloud platform security technologies. You use technical guidance and engineering best practices to securely build and scale cloud-native applications and configure network security defenses within the cloud environment. You must be proficient in identity and access management (IAM), container security, networking, system administration, zero-trust architecture and using cloud technology to provide data protection.
Learning paths and education
Infosec offers a number of cloud security training courses, including training related to Amazon Web Services (AWS) and Microsoft Azure.
As a cloud security architect, you’ll need to master the following domains:
-
Infrastructure design
-
Identity management
-
Data privacy and protection
-
System administration
-
Vendor-specific technologies, such as AWS, Azure or Google Cloud Platform (GCP)
You may want to consider a combination of vendor-neutral and vendor-specific certifications:
Cybersecurity salary and career questions
Can you make $300,000 in cybersecurity?
The median cybersecurity salary in the U.S. is $134,800, according to the most recent (ISC)² Cybersecurity Workforce Study. In addition, the study found those with a doctorate or post-doc earned $150,000 while those with an associate degree or high school diploma earned $127,750.
Your location also plays a significant role in salary. If you look at Payscale for CISO salaries, those in New York earn 30.1% more than the national average, while those in Indianapolis, Indiana, earn 11.4% less than the average. So the total pay, including base salary, bonuses and profit sharing, ranges from $155k–$324k in New York to $143k–$174k in Indianapolis.
So yes, you can make over $300k annually working in cybersecurity. However, it’s most likely to happen if you have a high level of education, live in a high-cost-of-living area and have a high level of experience.
How much do CIA hackers make?
CIA hackers typically make cybersecurity salaries in line with other government employees. According to the CIA.gov cybersecurity jobs page, the salary for a cybersecurity researcher ranges from $69,000 to $122,000 per year, depending on experience and other factors. Of course, wages within the CIA may differ from other government agencies. Your salary may vary depending on your cybersecurity job title and associated level of responsibility.
What should you learn next?
What is the highest-paying IT job?
Various companies provide lists of the highest-paying roles and highest-paying certifications. For example, Indeed’s top five cybersecurity jobs include cloud engineer, penetration tester, application security engineer, director of information security and software architect.
ISACA certifications, such as CRISC, CISM and CGIET, also frequently make top lists. Various cloud-based certifications around AWS, Azure and Google Cloud also make those lists. So roles related to the cloud, managing organizational risk and securing applications are commonly near the top. However, remember that salary can vary significantly depending on the industry, location, size of the organization and experience requirements.
Can cybersecurity professionals work from home?
Many cybersecurity professionals work from home. The Covid pandemic led to advancements in technology and the widespread availability of remote work options, and that trend has continued across many organizations. Ultimately, whether or not a cybersecurity professional works from home will depend on their specific job requirements and employer policies.