Data-Driven Insights for Hiring a Cybersecurity Analyst

August 2, 2021
Author: ThinkWhy Staff

The number and severity of cyberattacks are increasing, with ransomware more than doubling in North America since 2019. A cyberattack can take many forms, include malicious files, crypto-jacking and IoT hacking, with new malware emerging at an alarming rate. In a recent survey published by Cybersecurity Magazine, 76% of respondents reported that their business was impacted by a security vulnerability in the past year. Those breaches cost companies an average of $4.24 million per incident.

Cyberattack frequency and cost to business are rising, driving high demand for skilled cybersecurity professionals.

In this environment, the urgent need for cybersecurity professionals and solutions has recruiters scrambling to find suitable candidates for organizations who need to add experts in security applications and cloud security to their teams.

The current supply of experienced cybersecurity staff is not enough to meet the growing demand. The Information Systems Security Association (ISSA) reports more than 4 million unfilled cybersecurity positions globally, and 38% of its survey respondents point to pay as the top contributing factor.

A skills shortage also contributes to the gap. New graduates do not typically have the experience required for many roles, and the introduction of new cybersecurity tools in the market and ongoing escalation of attacks calls for an ever-evolving set of skills. Role-specific workforce onboarding and ongoing staff development for upskilling could help address this issue.

Focus on the U.S. Cybersecurity Market

In the U.S., LaborIQ® by ThinkWhy forecasts that Computer and Mathematical jobs, which include cybersecurity, are projected to grow 12.6% percent from 2021-2025, much faster than the 10.1% percent job growth average forecast for all occupations, and experience 15.6% wage growth in that timeframe.

While all organizations need cybersecurity, the demand is not consistent across the U.S. Heightened demand and thus competition for cybersecurity employees is seen in Virginia, Texas, Nevada, Maryland and North Carolina. In these high-demand areas, employers must ensure that their salary offers are based on current competitive compensation data.

For example, take the role of Cybersecurity Analyst. The current LaborIQ recommended salary for this role in Dallas is $106,932 and expected to increase 2.3% by the end of 2022.

Download a Sample Cybersecurity Analyst Total Compensation Report (PDF Format)

The salary report is for someone with four to six years of experience, across industries and company size. The recommended salary is 6.8% higher than the national median salary of $91,986. A recruiter would find that this compensation compares favorably to the recommended salary in the nation’s capital and Baltimore, Maryland, but is significantly higher than in Las Vegas or Chicago. Having this knowledge can make the difference in location planning and pinpointing the right compensation for talent-winning offers.

To address the skills gap, HR leaders and talent managers could consider supporting their organization’s critical cybersecurity needs by implementing programs similar to the National Security Agency (NSA). For example, the NSA offers paid developmental programs to attract, retain and keep employees current in their skills.


In the future, AI-based security advances may help reduce the need for more cybersecurity specialists, but the demand will remain high for the foreseeable future. For now, recruiters searching for candidates to fill open cybersecurity positions will find that it most likely will take more time to find the right candidate, a higher annual salary offer may be necessary, and your company may need to develop training to attract and keep your new hire up to speed.