[0xBDB]

My experience having gone from Principal Systems Engineer to cybersecurity analyst to eventually pen test and then red team is that cybersecurity pays substantially more than most other IT disciplines, except maybe SE and Dev(Sec)Ops.

The 70k thing... in Texas I think fresh college grads are getting that for risk analyst roles. Experienced security engineers seem to go for 120k-150k, more for appsec. I assume Silicon Valley is double that (for much more then double the cost of living).

The CISSP thing is definitely real but beginning to fade out, although asking for one for an entry level role is less ludicrous than it sounds. I legitimately had one before my first sec title. Practically everything counts as security experience... if you've ever worked on an Active Directory domain, that's IAM, for example. I don't actually think that much of the CISSP and I think it's a mistake for HR to value it so highly, but it's not insurmountable.