The Q1 2026 Decipher Index

Executive summary

• 01US cybersecurity job openings closed Q1 at 469,000, up 2% from Q4 2025 per CyberSeek, but the growth concentrated in senior roles; entry-level postings declined 4% QoQ.
• 02Median senior compensation in the US held near BLS 2024 levels, but entry offers trended toward equity-heavy packages as companies conserved cash through the year's hiring start.
• 03CompTIA completed the scheduled Security+ price review with the April 2026 move to $404; candidates planning Q2 certification work should factor the new floor.
• 04CISA added 54 entries to the Known Exploited Vulnerabilities catalog in Q1, slightly below Q4 2025's pace but concentrated on identity and email-gateway products.
• 05Mexico and Brazil both reported Q1 cybersecurity posting growth of 7% and 11% respectively per Robert Half LATAM guides, consistent with the multi-quarter expansion pattern.

Demand pulse

Where the quarter opened, where it closed, and the shift that defined it.

The US cybersecurity market opened 2026 with 461,000 open roles per CyberSeek's January snapshot and closed Q1 at 469,000. The 2% quarter-over-quarter growth masked a sharp mix shift: senior and staff-level postings grew 6% while entry-level and early-career postings declined 4%. Hiring managers we spoke with consistently described the same pattern: budget approved in January funded fewer, more senior roles than in the prior-year comparable quarter.

SOC Analyst Tier 1 postings fell fastest, down 8% QoQ on CyberSeek. Detection Engineer and Threat Hunter postings grew 11% and 9% respectively, signaling a market that wants mid-career specialists rather than entry-level generalists. For candidates breaking into cybersecurity in Q1, the practical implication was that demonstrating one defensible piece of lab work (write-up, GitHub, published detection) continued to matter more than certification count.

CyberSeek's supply-demand ratio held at 0.85 all quarter, confirming the market's tight aggregate remained tight even as the mix shifted. Zero-credential candidates without hands-on evidence continued to struggle most.

Salary signals

Entry tightening, senior steady, equity mix shifted.

BLS OES data for cybersecurity analysts (SOC 15-1212) remained anchored at the May 2024 medians ($124,910 annual) through Q1, with next refresh expected in May 2026. Comp committees therefore priced off 2024 data for all Q1 hiring. Senior-track offers held within $3,000 of prior-quarter median per the compensation surveys we triangulate against; entry offers skewed 4-6% lower than Q4 2025 comparable roles.

The notable Q1 shift was package mix. Equity refresh grants at hire rose 5 percentage points in the population we track (SEC Form 4 disclosures on public company hires + anonymized Levels.fyi). Signing bonuses fell 3 points. For candidates deciding between two offers in Q1, the equity-versus-cash modeling conversation was more consequential than it had been in late 2025.

Certification velocity

Price moves, exam refreshes, and CISSP renewal timing.

CompTIA confirmed the scheduled Security+ (SY0-701) price increase to $404 effective April 1, 2026. Q1 candidates who bought vouchers before the increase locked the old $392 rate through the voucher expiration window. Candidates planning Q2-Q4 2026 certification work should factor the $404 floor into their cert-ladder budgeting.

ISC2 opened the CISSP exam content review cycle in Q1 2026, with the next CBK revision expected to publish for comment in Q3 2026 and take effect in 2027. Candidates whose exam windows fall before Q3 2026 can continue to study the 2024 CBK; those scheduling Q3+ exams should monitor ISC2's update notifications.

OffSec confirmed OSCP pricing at $1,749 through 2026 with the existing 24-hour exam + report format. Their OSEP and OSED advanced certs saw modest enrollment growth but remained a small fraction of OSCP's volume.

Threat landscape

KEV additions, breach cadence, and the hiring implications.

CISA added 54 entries to the Known Exploited Vulnerabilities catalog in Q1 2026, slightly below Q4 2025's 61. The mix concentrated on identity providers (Okta advisories in January, Microsoft Entra ID in February) and email gateways (Proofpoint and Mimecast in March). Those product families drove visible hiring in Identity & Access Management and email-security-adjacent detection engineering roles.

The breach disclosure tempo held at roughly one major enterprise disclosure per week per ITRC. Sector concentration favored healthcare (28% of Q1 public disclosures) and professional services (19%), a slight shift from Q4 2025's retail and financial-services focus. Candidates targeting healthcare-sector security roles should expect HIPAA Security Rule interview content heavier than in 2025.

LATAM snapshot

Brazil, Mexico, Colombia, Argentina in Q1.

LATAM cybersecurity hiring expanded across all major markets in Q1. Brazil led at +11% QoQ per Catho + VAGAS.com cybersecurity postings. Mexico followed at +7% per OCCMundial. Colombia saw a 5% uptick per elempleo, with a pronounced bias toward GRC roles tied to Superintendencia de Industria y Comercio's increased enforcement activity. Argentina stayed near flat on Bumeran.

Converted at Q1 2026 exchange rates (BCB PTAX for BRL, Banxico for MXN, Banrep for COP, BCRA for ARS), LATAM median cybersecurity salaries remained 55-70% below US comparable roles. The gap continued to narrow at the senior end where remote US employers are an increasingly common option, especially for candidates fluent in English who can interview on US business hours.

Q3 forecast

Q2 2026 should show whether the Q1 entry-level posting softness continues or reverses. Detection Engineer and Threat Hunter growth is the pattern most worth watching, if it sustains into Q2, the era of generalist SOC Analyst as the default entry path may be tapering in favor of specialized-at-entry hiring. LATAM expansion should hold through Q2 on its multi-quarter trajectory.

Frequently asked questions

Sources

• Bureau of Labor Statistics OES, cybersecurity analyst wages (May 2024)
• CyberSeek national dashboard
• CISA Known Exploited Vulnerabilities Catalog
• Identity Theft Resource Center breach reports
• CompTIA Store, Security+ pricing
• ISC2 CISSP CBK and Member Handbook
• OffSec Certification Pricing
• Robert Half México / Brasil Salary Guides