A growing number of cybersecurity professionals in the US and Canada are taking on responsibilities beyond their primary roles, according to new research, with 61% now spending at least 30% of their time working across multiple security domains. This trend, outlined in the 2025 Cybersecurity Staff Compensation Benchmark Report by IANS Research and Artico Search, reflects the increasing demand for cross-functional expertise driven by resource constraints and organisational efficiencies. Security operations (SecOps), governance, risk and compliance (GRC), and application security (AppSec) are among the areas with the highest overlap, indicating a shift in the way cybersecurity teams operate.
The findings are based on data collected between June 2024 and December 2024 as part of the annual Cybersecurity Staff Compensation and Career Survey. More than 500 cybersecurity professionals from various industries, company sizes, and organisational structures in the US and Canada participated in the survey. The report analyses self-reported compensation figures, career satisfaction levels, hiring trends, and workplace expectations, providing a broad view of how cybersecurity professionals navigate their careers.
Salaries remain competitive, but regional gaps persist
The report finds that salaries in the cybersecurity sector remain strong, with security architects and engineers among the highest earners. Security architects receive an average annual cash compensation of $206,000, while security engineers earn $191,000. Mid-level security analysts with approximately five years of experience report an average salary of $133,000. However, compensation varies widely based on geography. The US West offers the highest cybersecurity salaries, followed by the Northeast, while the Southeast and Central US report lower earnings. The salary gap between the highest and lowest-paying regions is $61,000. Meanwhile, cybersecurity professionals in Canada consistently earn less than their counterparts in all US regions.
Specialised skills continue to drive premium salaries. Professionals with expertise in cloud security, AppSec, and threat intelligence command higher pay, reinforcing the growing value of niche technical skills in an evolving security landscape.
The report highlights the continued importance of IT experience in securing cybersecurity roles. Over 70% of security engineers and more than half of security analysts and security architects say their IT backgrounds were instrumental in obtaining their current positions. Many cybersecurity professionals cite previous experience in systems administration, network infrastructure, and general IT as essential stepping stones in their careers. Security operations roles also serve as a common entry point. Non-technical backgrounds remain relatively uncommon in the field.
Despite competitive salaries, job satisfaction remains an issue. Only a third of respondents would recommend their employer, and over 60% are considering changing jobs within the next 12 months. Limited career growth opportunities appear to be a significant factor, with fewer than 40% of professionals expressing satisfaction with their advancement prospects. More than 45% report frustration over slow career progression, with senior professionals, including department heads, expressing the highest levels of dissatisfaction. The data suggests that competitive salaries alone are not enough to retain talent, and companies need to invest in clear career development pathways to improve retention.
Workplace flexibility continues to be a critical factor in cybersecurity talent retention. The report finds that 52% of cybersecurity professionals currently work remotely, while 43% follow a hybrid model. A strong preference for remote work remains evident, with 59% of professionals favouring fully remote arrangements and only 1% preferring on-site roles. As organisations reconsider their remote work policies, strict return-to-office mandates could lead to increased turnover and recruitment difficulties, particularly in an industry already struggling with talent shortages.
Over 75% of respondents reported having unique job titles that blend management, functional, and specialised responsibilities. Many professionals manage tasks across multiple domains, with cloud security, threat and vulnerability management, and monitoring frequently appearing in their daily workload. As organisations seek to optimise resources, cybersecurity teams are expected to support multiple functions, often without additional staffing.
Read more: 75% of workers held accountable for cyber breaches, claims survey
