What are Average Cybersecurity Salaries in 2025?

These days, the technology everyone is talking about is AI, and, more specifically, generative AI (GenAI). Ever since OpenAI’s breakthrough app, ChatGPT, was launched, AI has permeated every conversation — from executives in the boardroom to teenagers on social media.

While the true potential (and pitfalls) of AI is still relatively unknown, IT leaders are well aware that as these AI technologies become more sophisticated, so too do the threats they pose. Traditional security measures are no longer sufficient to combat the nuanced tactics employed by malicious actors leveraging generative AI tools to create realistic phishing attacks, deepfakes, and automated intrusion attempts.

As a result, organizations find themselves needing to prioritize the recruitment of cybersecurity roles, such as cybersecurity engineers, analysts, specialists, consultants, and architects. 

Yes, cybersecurity professionals are in demand. Why? Security professionals are essential to counteract the new security challenges posed by generative AI, as well as continue fighting back against cybercriminals who are always finding new avenues for cyber theft, IP and financial infringement, fraud, and increasingly aggressive cyber-crime.

The demand for cybersecurity professionals also highlights a broader trend: companies must be proactive in building resilient teams that can navigate an increasingly complex digital landscape. These teams, inclusive of technical and non-technical professionals, must be cyber-aware and understand attack vectors, risks and their role in safeguarding information.

The problem is, according to our latest IT Skills and Salary Report, too few have these skills. Thirty-eight percent of IT decision-makers, for example, say cybersecurity professionals are the toughest to hire for. Cybersecurity as a domain is their second greatest priority behind AI. 

Why? Less than one in five IT leaders feel their teams’ security skills are advanced. The rest feel less confident. And skill gaps pose a risk to their ability to protect their organizations. 

Most realize this. Seventy-two percent of leaders plan to invest in training their teams to close gaps, while others will look to hire outside help or add to their teams. For anyone reading this as a hiring manager, it’s important to know that 30% of your peers can’t pay candidates what they want. It’s a common reason for existing gaps on their teams, leaving many with vacant positions. 

Cybersecurity jobs in the United States can range from $50,000 per year to well over $500,000. This broad range reflects the nuances of cybersecurity and the those who work within in. Skills, certifications, years of experience, location and several other factors will affect a professional's salary.

However, in this line of work, organizations are willing to pay top dollar for cybersecurity professionals to stay a step ahead of bad actors and protect their businesses, partners, and customers. After all, they need people who have the skills to protect their company’s most valuable assets.

Looking at our IT Skills and Salary survey, 1,049 survey respondents globally — 479 responses in the U.S. — reported working in a cybersecurity or information security role. 

Below, we break down the current average U.S. salary by role: 

It is important to note that these salaries can vary widely depending on numerous factors, including the individual's additional skills, education, certifications, and years of experience. 

For example, this table shows the average U.S. salaries based on the years of experience of respondents:

Furthermore, certified professionals tend to enjoy higher salaries than those without. Some of the highest-paying certifications in the industry focus on cybersecurity, including those below: 

1. AWS Certified Security - Specialty averages $203,597
2. CCSP - Certified Cloud Security Professional averages $171,524
3. CCNP Security averages $168,159
4. CISSP - Certified Information Systems Security Professional averages $168,060
5. CRISC - Certified in Risk and Information Systems Control averages $165,890

See a complete list of the highest-paying certifications here.

Certifications are an important way for professionals to prove they have the skills they need to succeed in cybersecurity, but they're also valuable to employers beyond hiring qualified employees. Earning certification helps a professional build new skills and sharpen existing ones, making them even more effective in their roles. 

In fact, according to our IT Skills and Salary Report, 96% of respondents claim that certified staff added measurable monetary value to their organization every year. In other words, certifications are sources of real, concrete value for organizations and a great place for those looking to jumpstart their cybersecurity careers. 

If you’re looking for some of the top cybersecurity certifications, check out this list of the 20 of the Best Cybersecurity Certifications in 2024 (and What They Pay) → 

At Skillsoft, we also offer virtual and live instructor-led training courses for cybersecurity. You can get started with one of our numerous cybersecurity journeys, which are curated role- and skill-based learning paths designed to transform careers.