Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

10/9/2019
05:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Virginia a Hot Spot For Cybersecurity Jobs

State has highest number of people in information security roles and the most current job openings, Comparitech study finds.

Virginia currently ranks as one of the hottest states for cybersecurity professionals from a job opportunity and salary standpoint.

New analysis placed the state in top spot for the number of people currently employed in cybersecurity roles (14,180), close to the top spot for average annual salaries for cybersecurity professionals ($111,780) and for number of current job opportunities (4,570).

Virginia also leads other states in employment per 1,000 jobs with 3.7 jobs out of 1,000 being cybersecurity-related. Over the next five years, the number of cybersecurity jobs in the state is expected to grow over 32%.

U.K-based Comparitech's "2019 US Cybersecurity Salary & Employment Study" used 10 different and equally weighted criteria to identify the best and the worst states in the US for cybersecurity professionals.

The metrics that Comparitech considered for its study included state annual salaries for cybersecurity roles; the number of people currently employed in cybersecurity jobs; the number of advertised cybersecurity jobs; and 10-year projections for cybersecurity roles in each state.

The study showed that in 2018, the national average salary for an information security professional was $92,789. Comparitech found that average annual cybersecurity salaries in each state are greater—sometimes substantially so—than average annual salaries for all other employment, in every single US state. The state with the biggest difference in salaries was New Mexico where the average annual salary of $106,360 for a cybersecurity professional was 80.34% higher than the state average for other employment.

The numbers are a reflection of the high level of concern over data breaches and cyber risk in general—and the premiums that organizations are willing to pay for professionals who can help them manage it.

For purposes of the study, Comparitech considered "information security analysts" jobs, which it defined as jobs involving the planning and implementation of cybersecurity measures, installation of security technologies, investigation of breaches and management of security vulnerabilities.

Some states such as Arkansas, Indiana, Wisconsin, and Wyoming don't have "information security analysts" roles in their 10-year employment projections. In these cases, Comparitech used the closet description available for its projection scores says, Paul Bischoff, lead researcher at Comparitech. "The roles also vary somewhat between companies, so it's perhaps best to think of this as a category of job rather than a specific job," he says.

Top 5 States

Comparitech's analysis showed the top five states for cybersecurity jobs are Virginia, Texas, Colorado, New York and North Carolina. The average annual salaries for cybersecurity roles in each of these states topped $100,000 with New York having the highest average at $122,000.

While organizations in Virginia currently employ more cybersecurity professionals than in any other state, it is California that currently has the most job openings for them, with over 5,000 at the time the Comparitech report was compiled.

Interestingly, some of the highest-scoring states in several of the categories that Comparitech analyzed were states not normally associated with a lot of high-tech activity. Utah, for instance, leads all other states in terms of projected cybersecurity job growth in the long term—likely because it is starting with a much smaller base. Over the next 10 years the number of security jobs in the state will increase by 50%, Compartech found.

Similarly, it was cybersecurity professionals in Arkansas—a state not usually associated with high-tech—that had the biggest increase in average annual salaries over the past five years. Even so, the $81,710 that security professional's in the state average is lower than a majority of other states.  Security professionals in Kansas saw their average annual salary increase by over 10.5% to $86,160 between 2017 and 2018—the fastest one-year growth rate among all states.

On the flipside, among the states that fared the worst in Comparitech's study were Vermont, Indiana, Montana, and Maine. The average cybersecurity salaries in each of these states were substantially lower than the national average.

Cybersecurity professionals in Montana — which number only 120 — earned a relatively paltry $64,790 in 2018 versus the national average of more $92,000. In Maine, people in information security jobs earned on average 25% less in 2018 than they did in 2017.

Puerto Rico placed at the bottom of the list of the states and territories that Comparitech evaluated in the study. Salaries for information security professionals in the territory averaged a dismal $42,440 in 2018 — a 9.8% decline from 2013.

Several factors account for the salary differences between states, besides just supply and demand. "Cost of living comes to mind," Bischoff notes. "There might also be a difference based on the type of employer," he says.  Salaries, for example, can differ significantly based on whether someone is working in government, a large corporation, or small business. "We did not examine these factors in the study," Bischoff says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Can the Girl Scouts Save the Moon from Cyberattack?"

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
afarngalo221
50%
50%
afarngalo221,
User Rank: Apprentice
10/10/2019 | 4:21:07 PM
Very good article
Excellent article and it is true that Virginia has lots of Cybersecurity openings. With that said, Navy Federal Credit Union is hiring for Cybersecurity Analyst (solid hands on experience with Rapid7 Nexpose experience), Cybersecurity Engineering (solid hands on experience with Cisco Firepower).

 
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...