Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
The CISSP credential offered by cybersecurity professional association (ISC)² is not for beginners. As noted by (ISC)² itself, becoming CISSP-certified "proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program."
If your cybersecurity career has a solid foundation, on the other hand, then Certified Information Systems Security Practitioner (No. 11 on our most recent Salary Survey 75 list) is a professional benchmark that will open a lot of doors. Indeed, many employers ask for it by name.
Here's what the salary picture looks like for CISSP holders who responded to the Salary Survey:
All U.S. Respondents
Average Annual Salary: $135,560
Median Annual Salary: $135,000
How satisfied are you with your current salary?
Completely Satisfied: 10.8 percent
Very Satisfied: 27.7 percent
Satisfied: 39.4 percent
Not Very Satisfied: 18.5 percent
Not At All Satisfied: 3.6 percent
All Non-U.S. Respondents
Average Annual Salary: $82,290
Median Annual Salary: $80,320
How satisfied are you with your current salary?
Completely Satisfied: 6.9 percent
Very Satisfied: 15.9 percent
Satisfied: 42.9 percent
Not Very Satisfied: 28.4 percent
Not At All Satisfied: 5.9 percent
The largest single body of CISSP holders to participate in the survey is made up of U.S. residents (54 percent of respondents), but we also heard from credential holders in an eye-popping 82 other countries: Afghanistan, Albania, Algeria, Andorra, Angola, Argentina, Armenia, Australia, Austria, Bahamas, Bahrain, Bangladesh, Belarus, Belgium, Botswana, Brazil, Bulgaria, Canada, Chile, China, Colombia, Costa Rica, Czech Republic, Denmark, Dominican Republic, El Salvador, Finland, France, Germany, Ghana, Greece, Guatemala, India, Indonesia, Ireland, Israel, Italy, Jamaica, Japan, Jordan, Kenya, Kuwait, Lebanon, Luxembourg, Malaysia, Malta, Mauritius, Mexico, Morocco, Nepal, Netherlands, New Zealand, Nigeria, Norway, Pakistan, Panama, Peru, Philippines, Poland, Portugal, Qatar, Romania, Russia, Saudi Arabia, Senegal, Singapore, Slovakia, South Africa, South Korea, Spain, Sri Lanka, Sweden, Switzerland, Taiwan, Thailand, Trinidad and Tobago, Turkey, Uganda, Ukraine, United Arab Emirates, United Kingdom, Uruguay, and Zambia.
Cybersecurity is typically a male-dominated profession and that's definitely reflected here: 87 percent of CISSP holders who participated in the survey are men, compared to just 9.7 percent who are women, with 3 percent choosing not identify their gender, 0.2 percent who are transgender male, and 0.05 percent apiece who are either transgender female or gender variant/nonconforming. As noted above, CISSP is an advanced credential, and most of the credential holders we heard from are mid-career professionals, with more than 65 percent of respondents either between the ages of 35 and 44 (35.6 percent) or between the ages of 45 and 54 (31.2 percent). That leaves the 0.1 percent of those surveyed who are 18 or younger, the 0.2 percent who are between the ages of 19 and 24, the 12.6 percent who are between the ages of 25 and 34, and the 21 percent who are 55 or older, either between the ages of 55 and 64 (17.6 percent), between the ages of 65 and 74 (2.6 percent), or age 75 or older (0.1 percent).
Nearly 90 percent of the CISSP holders we heard from have an educational background that includes time spent at a college or university. The highest level of education completed by most CISSP holders is either a master's degree (40.3 percent of respondents), bachelor's degree (37.9 percent), associate's degree (5.7 percent), doctorate (2.8 percent), or professional degree (2.2 percent). The rest either exited the realm of formal education after completing some level of post-high school technical training (6.3 percent of those surveyed), checked out after graduating from high school (4.5 percent), are currently furthering their education (0.2 percent), or entered the workforce without any formal education (0.1 percent).
A potent 96.2 percent of CISSP holders who participated in the survey are employed full-time, with 1.7 percent holding part-time jobs, 1 percent taking a sabbatical, and 1.1 percent unemployed. Among those with full-time jobs, most are at work either between 41 and 50 hours per week (42 percent), more than 50 hours per week (12.1 percent), or for the standard 40 hours per week (32.6 percent). The outliers are the fortunate few whose full-time work schedule consists of either between 31 and 39 hours per week (11.5 percent), between 20 and 30 hours per week (0.2 percent), or fewer than 20 hours per week (0.1 percent).
Reflecting the new post-COVID workplace reality, just 30 percent of CISSP holders who responded to the survey are spending most of those hours at a traditional workplace, working from home either fewer than 10 hours per week (19.5 percent of respondents) or for between 10 and 20 hours per week (10.4 percent). The rest of the survey group are a mixed bag, with 8.6 percent working from home between 21 and 30 hours per week, 13.3 percent at home for between 31 and 39 hours per week, and a telling 48 percent at home for either 40 hours per week (18.6 percent) or more than 40 hours per week (29.6 percent).
In terms of workplace standing, the largest single group of CISSP holders we heard from (35.5 percent of respondents) are employed at the senior specialist level. The rest, in descending order, are either managers (19 percent of those surveyed), senior managers (16.1 percent), directors (10.7 percent), specialists (8.9 percent), executives (6 percent), or rank-and-file employees (3.8 percent).
A bit more than half (53.4 percent) of the CISSP holders who responded to the survey are IT veterans, having worked in a role that directly utilizes their certified skills for more than a decade. The rest have been plying their certified skills for between zero years (1 to 11 months) and 2 years (5.1 percent of respondents), between 3 and 5 years (16.4 percent), between 6 and 8 years (15.2 percent of respondents), or between 9 and 10 years (9.9 percent).
Finally, here's the view of CISSP holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 46.3 percent
Several times a week: 30.8 percent
Several times a month: 13.1 percent
Occasionally: 8.3 percent
Rarely: 3.8 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 39.1 percent
Agree: 41 percent
Neither Agree nor Disagree: 15.5 percent
Disagree: 3.3 percent
Strongly Disagree: 1.1 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 24.1 percent
Agree: 43.9 percent
Neither Agree nor Disagree: 24.8 percent
Disagree: 5.2 percent
Strongly Disagree: 2 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 21.9 percent
Agree: 40.6 percent
Neither Agree nor Disagree: 29.1 percent
Disagree: 6.4 percent
Strongly Disagree: 2 percent
PAST CISSP DEEP FOCUS FEATURES
Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)