Government IT security pay trails private sector

Security pays. A new 2007 survey of information security professionals found that those working in government positions earned an average of $84,500 ' higher than information technology professionals across many industries based on separate data released last year (See But the study, conducted by the SANS Institute, also found public-sector IT security professionals earned 10 percent to 18 percent less in salaries and bonuses than their nongovernment counterparts. The gap proved significantly smaller among security people with strong technical backgrounds.

The study also found:

  • Government raises are restrained ' increases are one-fourth less than raises for nongovernment security professionals (3.9 percent vs. 4.6 percent).
  • Higher education pays off ' those with a college degree earn 18 percent more than those without; and those with master's degrees earn 16 percent more than those with a bachelor's degree.
  • Training improves effectiveness ' with half of respondents mentioning skills improvement being the best way to improve government security.

Salaries of security professionals

Security professionals in government make less than their counterparts in the private sector.

Job Responsibility Government Non-Government
CISO, CSO, chief compliance officer, chief privacy officer, chief of audit $103,500 $125,000
Director or manger in information security or audit $93,400 $110,000
Intrusion detection, forensics, patch testing, secure configuration development and testing $79,600 $88,200
Security assessments, application security reviews $78,000 $96,300
Security architect $87,700 $103,500
Security consultant $90,900 $107,800
Security or IT auditor or security analyst for regulatory review $73,100 $86,900
System and/or network administrator with some security responsibility $70,700 $74,000
Systems or network management with significant security responsibility $82,600 $83,200
Average salary (including bonus) $84,500 $94,000
Median salary (including bonus) $68,500 $71,600

Source: SANS Institute. Based on 2,146 responses. Nongovernment respondents included a cross-section of small firms (less than 2,000 employees), medium and large firms (more than 20,000 employees) representing a variety of industries: financial services (19%), education (14%), consulting/systems integration for government (13%) and business (12%), telecom & IT (9%), health care (8%), manufacturing (6%).

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected