Cybersecurity professionals are still commanding high salaries in an extremely tight labor market, but frustration with limited job growth, compensation gaps, demanding work environments, and inflexible workplace policies are convincing many to consider changing jobs in the next 12 months.
In a study released last week, analysts with IANS Research and recruiting firm Artico Search wrote that in a highly competitive talent market, such issues can cause organizations problems in attracting and retaining experienced people in an increasingly complex cybersecurity field.
It also could push some companies to consider outsourcing at least some of their security operations to MSSPs, adding to the upward trend in a global managed cybersecurity services market that could hit $28.15 billion by 2029, according to market research firm Statista.
Organizations take on MSSPs and other partners for a range of reasons, such as capacity, prioritization, cost, and to assume operational or technical responsibilities, letting company security leaders and teams to focus on strategic initiatives and other higher-level tasks, according to Steve Martano, an IANS Faculty member and executive cyber recruiters at Artico.
“Another reason security leaders leverage MSSPs is talent management,” Martano told MSSP Alert. “With high attrition and mobility among earlier-career technical associates, MSSPs can provide continuity and consistency in processes and procedures for more tactical tasks. An additional reason is the cost associated with hiring, training, and retaining talent in certain domains, such as security operations.”
Pay is Good but Not Enough
The study by IANS and Artico – the 2025 Cybersecurity Staff Compensation Benchmark Report – indicates a highly dynamic cybersecurity employment environment and wide dissatisfaction among security pros in a talent market where demand is greatly outpacing supply, particularly in specialized roles.
The World Economic Forum, in a report last year, said 4 million more cybersecurity professionals are needed to close the global talent gap, noting that the industry’s continual demand for talent means few believe the supply will catch up despite ramping pressure driven by need.
Overall pay for security architects and engineers is strong, with compensation averaging $206,000 and $191,000, respectively. Mid-level security analysts with about five years of experience pull in an average of $133,000 every year.
However, compensation varies widely, with the West and Northeast regions in the United States paying the highest while the Central and Southeast regions lag, with the disparity between the highest- and lowest-paying areas being $61,000. Canada trails all U.S. regions, according to IANS and Artico, which surveyed 525 cybersecurity staff members across multiple industries and company types in the United States and Canada.
A Demanding Work Environment
Despite the decent pay levels for many security pros, there appears to be broad job dissatisfaction. Only a third of those surveyed said they’d recommend their current employer and 60% said they’re considering changing jobs in the next 12 months.
Demands on security teams are growing. With the increasing complexity in cybersecurity and many teams stretched thin, 61% of survey respondents saying they spend at least 30% of their time working across multiple security domains, from SecOps to applications security to governance, risk, and compliance (GRC).
“The data also shows overlap across day-to-day responsibilities with cloud responsibilities, threat and vulnerability management and detection and monitoring among the daily tasks of security analysts, architects and engineers,” the researchers wrote.
It indicates a growing demand for cross-functional expertise, they wrote.
Career Growth an Issue
Meanwhile, a key driver of dissatisfaction is the perceived lack of career growth, with 45% of those considering leaving their employer pointing to the issue.
“These findings suggest that while people are being promoted to higher-level roles, they often feel impatient and believe they are ready for the next step – typically the CISO role for functional department heads,” the researchers wrote.
Nick Kakolowski, senior research director at IANS, said in a statement that “the key challenge for CISOs isn't just compensation – it's creating opportunities for staff to progress in their careers. In a market where staff are expected to wear multiple hats, those who see clear paths to leadership and specialization are the most likely to stay.”
Security Pros Want Work Flexibility
Another problem is the growing trend toward return-to-office mandates, throwing off the work-life balance many employees have found working remotely. According to the study, 52% of cybersecurity pros work remotely and another 43% in hybrid situations. In addition, 59% said they strongly prefer to work remotely full-time, with only 1% favoring onsite roles.
“Forcing a shift back to the office in this talent-scarce field risks disengagement, increased turnover, and recruitment difficulties,” the researchers wrote. “Offering flexible work arrangements is critical to meeting employee expectations and staying competitive in the tight cybersecurity talent market.”
