Average CISSP Salary in 2024 (All Locations)

CISSP Salary

CISSP is probably the most well-known and coveted cyber security certification, but it’s difficult to attain. 

Many cyber security students and prospective candidates wonder whether the salary a CISSP certification can give you will make up for this difficulty.

Your CISSP salary will depend on which job role you choose. However, because CISSP is an advanced certification that covers both technical and managerial aspects of cyber security, overall job prospects are good, and salaries are high.

We’ve broken down the most common job titles for CISSP holders and combed through salary data for these jobs.

So, if you’re wondering what kind of salary a CISSP certification can help you achieve, read on.

Overview of Certified Information Systems Security Professional

Certified Information Systems Security Professional (CISSP) is an incredibly popular advanced cyber security certification offered by the International Information Systems Security Certification Consortium (ISC2)

It validates a candidate’s skills and knowledge over a wide range of advanced cyber security topics required for more managerial roles with technical emphasis and requires five years of experience in cyber security roles. 

The certification’s challenging exam validates a candidate’s competency in many areas of cyber security—from technical skills to compliance and risk management—using the CAT system. This adjusts the exam difficulty dynamically; the more questions you answer correctly, the harder the questions become.

Want to increase your chances? Here’s how to pass the CISSP exam on your first attempt.

The 2024 CISSP exam update made minor content changes within different knowledge domains. The exam now focuses less on Software Development Security and more on Security and Risk Management.

What Does CISSP Prepare You For?

The CISSP certification prepares you for advanced roles in IT and cyber security. 

The breadth of knowledge it covers, including the implementation and management of organizational security, makes it ideal for cyber security professionals looking to step into a senior technical role or managerial role with technical crossover

It’s also desirable for purely executive and directorial roles. In fact, it’s a good choice for almost any cyber security career path.

CISSP holders qualify for job roles such as:

Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO) is the most advanced cyber security managerial role. A CISO is a senior executive who implements and manages an entire organization’s data and information security policies and implementations

Chief Information Officer (CIO)

Chief Information Officer (CIO) is an advanced IT managerial role. A CISO, like a CIO, is a senior executive who implements and manages an entire organization’s technology policies and procedures

Unlike a CISO, however, a CIO manages the organization’s general IT policies and procedures—not just its cyber security ones—although a CIO’s responsibilities can include cyber security management too.

IT Manager

Like CIO, an IT Manager has an advanced IT managerial role. An IT Manager ensures that an organization’s IT systems are operating correctly, which involves tasks as diverse as overseeing company-wide software installations and coaching IT staff.

Want to land a job in security management? Check out our guide on the best security management certificates out there

IT Director

IT Director is a more advanced role than IT Manager. An IT Director is usually less involved in technical day-to-day operations than an IT Manager and instead directs an organization’s IT systems and procedures, which the IT Manager then implements.

Cyber Security Consultant

Cyber Security Consultants are advanced cyber security professionals who lend organizations their cyber security skills, knowledge, and expertise for a fee. They advise organizations on which information security procedures they should implement or change, as well as how to implement these changes.

Senior Cyber Security Analyst

Cyber Security Analyst is an intermediate role requiring diverse defensive cyber security skills and knowledge. Cyber Security Analysts perform hands-on tasks such as monitoring networks to detect threats, implementing network security measures, and responding to or escalating cyber security incidents. A CISSP holder should be better equipped for a Senior Analyst role than a Junior one.

Want to improve or brush up on your defensive cyber security skills? Check out some of the Best Blue Team Courses Online.

CISSP Certification Salary and Job Opportunities

A CISSP certification demonstrates not just advanced technical know-how in the cyber security field but also managerial know-how. This broadens the range of jobs CISSP certified professionals can apply for compared to candidates lacking this advanced generalist certification.

It is one of the most sought-after certifications on the market. 

In the UK, for example, it’s often considered equivalent to a Master’s degree. It also qualifies you for up to IAT Level III and IASAE Level III DoD clearance, opening the door for additional state jobs in the US.

Apart from state jobs, thousands of private companies list CISSP as a required or recommended certification. For example, there are 9,758 US-based jobs that mention CISSP listed on Indeed.

GlassDoor lists 6,326 US-based CISSP jobs, CyberSecurityJobs.com lists 374, and LinkedIn lists a whopping 34,828 jobs that mention CISSP.

According to ZipRecruiter, a CISSP-certified professional can expect an average salary of $112,302 per year.

The displayed bottom end of this range ($21,000) is likely due to a mistake—perhaps a misclassification of contract pay—because few jobs requiring a CISSP qualification pay less than $80,000 per year.

Some CISSP jobs salary is in the lower end of the average—between, say, $60k and $90k—will be for positions that don’t require CISSP but list it as a desirable certification. 

Often, employers list CISSP as a preferred qualification even for entry-level roles, but this is an error on the employer’s behalf because CISSP is an advanced certification.

Many of the jobs that CISSP is the best fit for, such as managerial roles, fall into the middle and upper end of this average salary range. We can see this more clearly by looking at specific CISSP job roles.

Want to know how the salaries for these roles stack up against others? Check out our guide on how much cyber security jobs pay.

Chief Information Security Officer (CISO)

CISO is one of the best-paying cyber security roles, and CISSP is one of the most desirable certifications for it. Indeed shows 454 US-based CISO jobs for CISSP holders—or 390 if we spell out the job title instead of using the acronym—and GlassDoor shows 273.

The average salary for a CISO role is $148,746 and can reach up to $232,500. Salaries start at about $70,000. This position has a high average salary because it’s a career endgame on the managerial and governance side of cyber security. 

Chief Information Officer (CIO)

That of CIO is one of the best-paying IT roles, and a CISSP certification is often desired. Indeed shows 201 US-based CIO jobs for CISSP holders—or 393 if we spell out the job title—and GlassDoor shows 162.

The average salary for a CIO role is $159,486 and can reach up to $245,500. Salaries can start at about $59,000, but a salary this low is rare. 

A more realistic lower-salaried CIO role would be closer to $100,000 than $50,000. As with CISO, there’s no such thing as an entry-level CIO because all CIO roles are advanced.

The average salary and salary cap for a CIO are a bit higher than for a CISO because CIOs are responsible for all aspects of an organization’s IT systems and policies, including cyber security governance. CIO salaries are some of the highest among IT and cyber security jobs.

IT Manager

Ignoring consulting work, managerial roles usually pay better than technical roles, so it’s no surprise that the pay is good for IT Manager roles. IT Manager is also one of the most popular jobs for CISSP holders. Indeed shows 3,141 US-based IT Manager jobs for CISSP holders, and GlassDoor shows 2,065.

The average salary for an IT Manager role is $109,707 and can reach up to $149,500. Salaries for the role start at about $50,000, though most managerial roles pay above $80,000. As with CISO and CIO, there’s no such thing as an entry-level IT Manager. All IT Manager roles are advanced.

IT Director

IT Directors are one rung above IT Managers and have a high salary. Because these are the top dogs of IT governance alongside CISOs and CIOs, there are fewer IT Director job advertisements than there are for more technical, hands-on roles. Indeed shows 900 US-based IT Director jobs for CISSP holders, and GlassDoor shows 623.

The average salary for an IT Director role is $133,749 and can reach up to $195,000. Salaries start at about $62,500 but are usually found between $80,000 and $150,000. Salaries on the lower end are probably listed by smaller companies in low-cost locations.

As with IT Manager, CISO, and CIO roles, there’s no real entry-level salary for this position because it’s already an advanced role. The Director role is one of the most advanced job titles on the governance side of IT and cyber security.

Cyber Security Consultant

Looking at Cyber Security Consultant salaries isn’t as simple as for other roles because consultants are often self-employed, and job advertisements are seeking contracted services rather than a salaried employee.

There are, however, plenty of companies looking for Cyber Security Consultants. Indeed shows 904 US-based Cyber Security Consultant roles for CISSP holders, and GlassDoor shows 149.

The average contracted salary for a Cyber Security Consultant is $131,892 and can reach up to $195,000. Salaries start at about $60,500 but, again, note that consultants are usually contracted and might not work these roles full-time all year round.

Senior Cyber Security Analyst

Cyber Security Analyst jobs can range from entry-level to advanced, depending on the role in question. CISSP holders should aim for the more senior analyst roles, which pay better. Indeed shows 1,052 such Senior Cyber Security Analyst jobs for CISSP holders, and GlassDoor shows 555.

The average salary for a Senior Cyber Security Analyst role is $99,400 and can reach up to $150,000. Salaries start at about $43,000, but most CISSP holders should be looking at above $80,000 for a senior Analyst role.

Because some organizations misleadingly include CISSP as a desired certification for more entry-level roles, we can expect CISSP holders to have salaries higher than the bottom end of this salary range.

CISSP Average Salary Globally

The average CISSP salary depends greatly on the job position (CISOs make more than Analysts) and specific location (major cites tend to pay more). Sources also vary depending on their criteria (median vs average). Based on our research, here are what we feel to be a realistic expected salary in different countries.

CountryCISSP Annual Salary
United States$118,000 - $131,000
India₹20,00,000 (**See note below)
United Kingdom£75,000 - £120,000
CanadaCAD$ 90,000 - CAD$ 125,000
AustraliaAU$90,000 - AU$150,000
Germany€60,000 - €90,000
France€42,000 - €80,000
Netherlands€60,000 - €100,000
Japan¥6,000,000 - ¥8,000,000
Hong KongHKD 600,000 - HKD 900,000+

**The potential salary in India seems to have a drastic range, with sources like KnowledgeHut claiming averages of ₹10,00,000 to ₹20,00,000, while theknowledgeacademy claims ₹50,00,000 on the high end of the spectrum. PayScale states a range of  ₹728,000 to ₹4,000,000 depending on position and experience.

Based on the different sources we’ve looked at, we believe ₹20,00,000 to be the most accurate average. 

CISSP vs Competing Certifications

There are other advanced cyber security certifications than CISSP. For instance, CompTIA’s Advanced Security Practitioner (CASP+) and ISACA’s Certified Information Systems Auditor (CISA) are both advanced-level certifications for established cyber security professionals.

CISSP covers both technical and managerial cyber security topics, CISA covers auditing procedures and technical know-how as well as IT governance and management, and CASP+ focuses solely on technical topics and is more of a specialized certification.

Here are the number of jobs listed for each of these certifications on four major job sites.

GlassDoor6,326 Postings702 Postings2,684 Postings
LinkedIn34,828 Postings10 Postings7,858 Postings
Indeed9,758 Postings1,917 Postings3,853 Postings
CyberSecurityJobs.com374 Postings112 Postings141 Postings

As you can see, there are far more jobs listed for CISSP holders than for CISA or CASP+ certification holders.

Want to compare CISSP to these two certifications in more detail? Check out our guides:

CISSP vs CASP+: Which Is Better?

CISSP vs CISA: Which Certification Is Best for You?

CISSP Salary: Conclusion

CISSP is one of the most sought-after and advanced cyber security certifications. It validates not just a candidate’s technical knowledge and abilities but also their managerial prowess and prior hands-on cyber security job experience.

Because it’s so advanced and covers management and governance, being CISSP certified is desired or required for many high-paying jobs, especially those on the governance side, such as CISO, CIO, and IT Director.

The certification is also highly required by organizations looking to hire for more senior technical roles such as Senior Cyber Security Analyst, as well as those looking to pay a lot of money for a Cyber Security Consultant on a contract basis.

Attaining your CISSP certification isn’t unachievable. In addition to knowledge and practice, dedication, motivation, and persistence can help you achieve your cyber security goals. 

The StationX Accelerator Program can help with this. It gives you access not just to 1000+ projects, courses, and labs but also a community and mentorship program to keep you motivated on your path towards cyber security expertise and perhaps even a CISSP certification. 

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Jacob Fox

    Jacob is a professional technology writer, academic researcher, and cyber security buff. When he's not working towards his PhD in philosophy, he's writing about the latest computer hardware developments or fiddling with his most recent technology impulse buy. If you'd like to talk tech or writing with Jacob, you can contact him or connect with him on LinkedIn.