Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/9/2019
05:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Virginia a Hot Spot For Cybersecurity Jobs

State has highest number of people in information security roles and the most current job openings, Comparitech study finds.

Virginia currently ranks as one of the hottest states for cybersecurity professionals from a job opportunity and salary standpoint.

New analysis placed the state in top spot for the number of people currently employed in cybersecurity roles (14,180), close to the top spot for average annual salaries for cybersecurity professionals ($111,780) and for number of current job opportunities (4,570).

Virginia also leads other states in employment per 1,000 jobs with 3.7 jobs out of 1,000 being cybersecurity-related. Over the next five years, the number of cybersecurity jobs in the state is expected to grow over 32%.

U.K-based Comparitech's "2019 US Cybersecurity Salary & Employment Study" used 10 different and equally weighted criteria to identify the best and the worst states in the US for cybersecurity professionals.

The metrics that Comparitech considered for its study included state annual salaries for cybersecurity roles; the number of people currently employed in cybersecurity jobs; the number of advertised cybersecurity jobs; and 10-year projections for cybersecurity roles in each state.

The study showed that in 2018, the national average salary for an information security professional was $92,789. Comparitech found that average annual cybersecurity salaries in each state are greater—sometimes substantially so—than average annual salaries for all other employment, in every single US state. The state with the biggest difference in salaries was New Mexico where the average annual salary of $106,360 for a cybersecurity professional was 80.34% higher than the state average for other employment.

The numbers are a reflection of the high level of concern over data breaches and cyber risk in general—and the premiums that organizations are willing to pay for professionals who can help them manage it.

For purposes of the study, Comparitech considered "information security analysts" jobs, which it defined as jobs involving the planning and implementation of cybersecurity measures, installation of security technologies, investigation of breaches and management of security vulnerabilities.

Some states such as Arkansas, Indiana, Wisconsin, and Wyoming don't have "information security analysts" roles in their 10-year employment projections. In these cases, Comparitech used the closet description available for its projection scores says, Paul Bischoff, lead researcher at Comparitech. "The roles also vary somewhat between companies, so it's perhaps best to think of this as a category of job rather than a specific job," he says.

Top 5 States

Comparitech's analysis showed the top five states for cybersecurity jobs are Virginia, Texas, Colorado, New York and North Carolina. The average annual salaries for cybersecurity roles in each of these states topped $100,000 with New York having the highest average at $122,000.

While organizations in Virginia currently employ more cybersecurity professionals than in any other state, it is California that currently has the most job openings for them, with over 5,000 at the time the Comparitech report was compiled.

Interestingly, some of the highest-scoring states in several of the categories that Comparitech analyzed were states not normally associated with a lot of high-tech activity. Utah, for instance, leads all other states in terms of projected cybersecurity job growth in the long term—likely because it is starting with a much smaller base. Over the next 10 years the number of security jobs in the state will increase by 50%, Compartech found.

Similarly, it was cybersecurity professionals in Arkansas—a state not usually associated with high-tech—that had the biggest increase in average annual salaries over the past five years. Even so, the $81,710 that security professional's in the state average is lower than a majority of other states.  Security professionals in Kansas saw their average annual salary increase by over 10.5% to $86,160 between 2017 and 2018—the fastest one-year growth rate among all states.

On the flipside, among the states that fared the worst in Comparitech's study were Vermont, Indiana, Montana, and Maine. The average cybersecurity salaries in each of these states were substantially lower than the national average.

Cybersecurity professionals in Montana — which number only 120 — earned a relatively paltry $64,790 in 2018 versus the national average of more $92,000. In Maine, people in information security jobs earned on average 25% less in 2018 than they did in 2017.

Puerto Rico placed at the bottom of the list of the states and territories that Comparitech evaluated in the study. Salaries for information security professionals in the territory averaged a dismal $42,440 in 2018 — a 9.8% decline from 2013.

Several factors account for the salary differences between states, besides just supply and demand. "Cost of living comes to mind," Bischoff notes. "There might also be a difference based on the type of employer," he says.  Salaries, for example, can differ significantly based on whether someone is working in government, a large corporation, or small business. "We did not examine these factors in the study," Bischoff says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Can the Girl Scouts Save the Moon from Cyberattack?"

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
afarngalo221
50%
50%
afarngalo221,
User Rank: Apprentice
10/10/2019 | 4:21:07 PM
Very good article
Excellent article and it is true that Virginia has lots of Cybersecurity openings. With that said, Navy Federal Credit Union is hiring for Cybersecurity Analyst (solid hands on experience with Rapid7 Nexpose experience), Cybersecurity Engineering (solid hands on experience with Cisco Firepower).

 
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.