Government IT security pay trails private sector

Security pays. A new 2007 survey of information security professionals found that those working in government positions earned an average of $84,500 ' higher than information technology professionals across many industries based on separate data released last year (See But the study, conducted by the SANS Institute, also found public-sector IT security professionals earned 10 percent to 18 percent less in salaries and bonuses than their nongovernment counterparts. The gap proved significantly smaller among security people with strong technical backgrounds.

The study also found:

  • Government raises are restrained ' increases are one-fourth less than raises for nongovernment security professionals (3.9 percent vs. 4.6 percent).
  • Higher education pays off ' those with a college degree earn 18 percent more than those without; and those with master's degrees earn 16 percent more than those with a bachelor's degree.
  • Training improves effectiveness ' with half of respondents mentioning skills improvement being the best way to improve government security.

Salaries of security professionals

Security professionals in government make less than their counterparts in the private sector.

Job Responsibility Government Non-Government
CISO, CSO, chief compliance officer, chief privacy officer, chief of audit $103,500 $125,000
Director or manger in information security or audit $93,400 $110,000
Intrusion detection, forensics, patch testing, secure configuration development and testing $79,600 $88,200
Security assessments, application security reviews $78,000 $96,300
Security architect $87,700 $103,500
Security consultant $90,900 $107,800
Security or IT auditor or security analyst for regulatory review $73,100 $86,900
System and/or network administrator with some security responsibility $70,700 $74,000
Systems or network management with significant security responsibility $82,600 $83,200
Average salary (including bonus) $84,500 $94,000
Median salary (including bonus) $68,500 $71,600

Source: SANS Institute. Based on 2,146 responses. Nongovernment respondents included a cross-section of small firms (less than 2,000 employees), medium and large firms (more than 20,000 employees) representing a variety of industries: financial services (19%), education (14%), consulting/systems integration for government (13%) and business (12%), telecom & IT (9%), health care (8%), manufacturing (6%).

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.