nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Salary

brian89gp

I am curious as to what the average salary is for somebody with a CISSP. I understand that it is more so a cert for someone management then one for tech people, and the salary surveys and scales that I see posted probably reflect this.

I fall into the tech people catagory and have been instructed that I must get a CISSP. I am curious what is a good salary range with this in mind (ie, not in management) for the midwest region.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

JDMurray

CertMag's 2005 salary survey had the CISSP-ISSMP and CISSP-ISSAP drawing around $110-115K per year. In this survey, the USA is considered a single region, so no specific info for the Midwest. Typically, the larger the enterprise the higher the salary. keatron is a CISSP in Chicago, so I'm sure he'll be posting more accurate information for you.

http://www.certmag.com/articles/templates/CM_gen_Article_template.asp?articleid=1524&zoneid=224

keatron

The average around here for enterprises is around 120k. Although I was offered a job with the Chicago Transit Authority willing to pay up to 200K for a CISSP with 5 years proven experience in Infosec. A good friend of mine who's a CISSP for Motorola makes around 180k. Keep in mind the key is proven experience. Although ISC2 does just about a good a job as anybody in filtering for experience for the CISSP, that experience audit usually does not meet the expectations of enterprises looking for someone to be the driving force behind securing their information. For example, a person with 3 years of application security experience, with BS/BA a could sit for the CISSP; Now let's say they pass, and go through the certification process and are awarded the CISSP. So hooray, for passing one of the most difficult exams ever and getting one of the hardest to get certifications. But will this person be able to demand 180K? Not likely. Why? Because the real money as related to the CISSP comes from having some experience MANAGING or overseeing security as it relates to all 10 of those CBK's. Sooooooooooooo after my ramble there, the short answer is 100k to 110k is a pretty solid average for this area IF you can do more than recite the Shon Harris All-In-One CISSP Certification Guide

Why is your company demanding you get a CISSP? Are they moving you to a security management role?

brian89gp

I'm not sure why they want me to get it, I have no need for it and I'm not moving into management. I work for a contracting firm and it probably has something to do with buzzwords with clients, though I only do internal work. I really don't want to get it yet but there isn't much reasoning to be made.

Reading the requirements, I don't even qualify as I only have 2 years experience. I guess (ISC)2 Associate it is. Any idea on the salary for that cert?

keatron

brian89gp wrote:

I'm not sure why they want me to get it, I have no need for it and I'm not moving into management. I work for a contracting firm and it probably has something to do with buzzwords with clients, though I only do internal work. I really don't want to get it yet but there isn't much reasoning to be made.

Reading the requirements, I don't even qualify as I only have 2 years experience. I guess (ISC)2 Associate it is. Any idea on the salary for that cert?

Ok, so honestly it's good for you in the sense that the knowledge base you will gain while preparing for this will be priceless.

However, here's some things you should consider in your situation.

1. I'm not a fan of companies catching on to the buzz that certain certifications are valuable, then going on an all out campain to try and get everybody in the organization to obtain it, whether they're qualified or not or whether or not it has anything to do with their job or not. This has contributed largely to the paper MCSE's floating around. Here's a scenario; Let's say Microsoft requires a company to have 10 MCSE's on staff in order to become a Gold Certified Partner. The company needs that status to win out over a competitor for a particular contract. So now some employees are given the task of gaining the cert, by any means necessary including ****. Bad for the industry (which is part of why Microsoft moved to the partner point system which is much more complex and requires much more than just a staff of MCSE's and MCP's).

2. If your company is going to invest in this, they also need to understand it's not a one time investment. There are CPE requirements which you have to meet. Check isc2.org for details.

3. If the contract has anything to do with the Feds i.e DoD, and they ask for CISSP's, ISC2 Associate WILL NOT suffice. I know this from experience.

4. The available study guides only cover about 60% of what is on the exam at best. This is why you hear of people using 3 or 4 study guides to practice/prepare and then still failing. Without any experience, it will be difficult to pass this exam. For one, every single question on it was submitted by a CISSP in good standing.