Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
At the end of November 2022, just weeks after a highly-publicized ransomware attack by Russian hackers, the Los Angeles Unified School District began advertising to hire a Chief Information Security Officer. Under the heading "Experience must include," the job posting specifies "possession of the Certified Information Systems Security Practitioner (CISSP) or equivalent."
There are equivalent cybersecurity credentials out there. But Certified Information Systems Security Practitioner (No. 9 on our most recent Salary Survey 75 list) is the one that employers ask for by name. It's not for nothing that CISSP quite probably has better brand recognition than the organization that manages it, cybersecurity professional association ISC2.
Here's what the salary picture looks like for CISSP holders who responded to the Salary Survey:
All U.S. Respondents
Average Annual Salary: $140,230
Median Annual Salary: $141,390
How satisfied are you with your current salary?
Completely Satisfied: 12.3 percent
Very Satisfied: 27.6 percent
Satisfied: 39.9 percent
Not Very Satisfied: 17.2 percent
Not At All Satisfied: 3 percent
All Non-U.S. Respondents
Average Annual Salary: $82,370
Median Annual Salary: $70,280
How satisfied are you with your current salary?
Completely Satisfied: 5.7 percent
Very Satisfied: 16.2 percent
Satisfied: 39.8 percent
Not Very Satisfied: 30 percent
Not At All Satisfied: 9.3 percent
The largest single body of CISSP holders to participate in the survey is made up of U.S. residents (56.1 percent of respondents), but we also heard from credential holders in an eye-popping 98 other countries: Afghanistan, Albania, Algeria, Andorra, Antigua and Barbuda, Argentina, Armenia, Australia, Austria, Bahamas, Bahrain, Bangladesh, Belgium, Bermuda, Bhutan, Botswana, Brazil, Bulgaria, Canada, Chile, China, Colombia, Congo (Brazzaville), Costa Rica, Cote d'Ivoire, Croatia, Cyprus, Czech Republic, Denmark, Djibouti, Dominican Republic, Egypt, El Salvador, Estonia, Ethiopia, Finland, France, Germany, Ghana, Greece, Guatemala, Honduras, Hungary, Iceland, India, Indonesia, Iran, Ireland, Israel, Italy, Jamaica, Japan, Jordan, Kazakhstan, Kenya, Kuwait, Latvia, Luxembourg, Malaysia, Malta, Mauritius, Mexico, Netherlands, New Zealand, Nigeria, Norway, Oman, Pakistan, Panama, Peru, Philippines, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Singapore, Slovenia, South Africa, South Korea, Spain, Sri Lanka, Sweden, Switzerland, Taiwan, Thailand, Trinidad and Tobago, Tunisia, Turkey, Uganda, United Arab Emirates, United Kingdom, Uruguay, Uzbekistan, Vietnam, and Zambia.
Cybersecurity is typically a male-dominated profession and that's true here as well: 85.4 percent of CISSP holders who participated in the survey are men, compared to just 10.3 percent who are women. Rounding out the survey population are 3.2 percent who chose not identify their gender, 0.7 percent who are transgender male, 0.2 percent who are transgender female, and 0.2 percent who are gender variant/nonconforming. CISSP is an advanced credential, and most of the credential holders we heard from are mid-career professionals, with more than 65 percent of respondents either between the ages of 35 and 44 (32.2 percent) or between the ages of 45 and 54 (33.7 percent). That leaves the 0.1 percent of those surveyed who are 18 or younger, the 0.7 percent who are between the ages of 19 and 24, the 14 percent who are between the ages of 25 and 34, and the 20 percent who are 55 or older, either between the ages of 55 and 64 (16.6 percent) or between the ages of 65 and 74 (2.7 percent).
Nearly 90 percent of the CISSP holders we heard from have an educational background that includes time spent at a college or university. The highest level of education completed by most CISSP holders is either a master's degree (41.9 percent of respondents), bachelor's degree (37.4 percent), associate's degree (4.9 percent), doctorate (2.5 percent), or professional degree (2.4 percent). The rest either exited the realm of formal education after completing some level of post-high school technical training (5.9 percent of those surveyed), checked out after graduating from high school (4.2 percent), are currently furthering their education (0.4 percent), or entered the workforce without any formal education (also 0.4 percent).
A potent 93.7 percent of CISSP holders who participated in the survey are employed full-time, with 2.1 percent holding part-time jobs, 1.5 percent taking a sabbatical, 0.8 percent attending school, and 1.9 percent unemployed. Among those with full-time jobs, most are at work either between 41 and 50 hours per week (39.6 percent), for the standard 40 hours per week (35.4 percent), or for more than 50 hours per week (11.4 percent). The outliers are the fortunate few whose full-time work schedule consists of either between 31 and 39 hours per week (10.2 percent), between 20 and 30 hours per week (2 percent), or fewer than 20 hours per week (1.4 percent).
Reflecting the new post-COVID workplace reality, just 37 percent of CISSP holders who responded to the survey are spending most of those hours at a traditional workplace, working from home either fewer than 10 hours per week (22.6 percent of respondents) or for between 10 and 20 hours per week (14.6 percent). The rest of the survey group are a mixed bag, with 14 percent working from home between 21 and 30 hours per week, 13.9 percent at home for between 31 and 39 hours per week, and a notable 35 percent working from home for either 40 hours per week (15.2 percent) or more than 40 hours per week (19.7 percent).
In terms of workplace standing, the largest single group of CISSP holders we heard from (32.2 percent of respondents) are employed at the senior specialist level. The rest, in descending order, are either senior managers (17.9 percent of those surveyed), managers (17 percent), directors (12.5 percent), executives (8 percent), specialists (7.7 percent), or rank-and-file employees (4.6 percent).
A bit more than half (52.8 percent) of the CISSP holders who responded to the survey are IT veterans, having worked in a role that directly utilizes their certified skills for more than a decade. The rest have been plying their certified skills for between zero years (1 to 11 months) and 2 years (6 percent of respondents), between 3 and 5 years (17.9 percent), between 6 and 8 years (14.4 percent of respondents), or between 9 and 10 years (8.9 percent).
Finally, here's the view of CISSP holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 46.2 percent
Several times a week: 29.8 percent
Several times a month: 13.5 percent
Occasionally: 8.2 percent
Rarely: 2.2 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 40.4 percent
Agree: 39.2 percent
Neither Agree nor Disagree: 15.4 percent
Disagree: 3.3 percent
Strongly Disagree: 1.7 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 27.1 percent
Agree: 41.5 percent
Neither Agree nor Disagree: 22.9 percent
Disagree: 5.6 percent
Strongly Disagree: 2.9 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 23.8 percent
Agree: 39.2 percent
Neither Agree nor Disagree: 28 percent
Disagree: 5.8 percent
Strongly Disagree: 3.2 percent
PAST CISSP DEEP FOCUS FEATURES
Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)