The Q2 2026 Decipher Index

Executive summary

• 01Cybersecurity job openings remain at 447,000 in the US, a supply-demand ratio of 0.85, meaning hiring stays tight enough that candidates with certifications plus hands-on lab work close offers faster than resume-first applicants.
• 02Cloud Security Engineer and AppSec Engineer overtook generalist Security Engineer in posting volume for the first time since CyberSeek began tracking cloud-specific roles separately.
• 03CompTIA raised Security+ voucher pricing to $404, and ISC2 confirmed CISSP maintenance fees at $135/year. Candidates planning certification ladders should factor renewal carry costs explicitly.
• 04Top Q2 CVEs affected identity providers, mail gateways, and remote-access appliances, pushing Identity & Access Management and Incident Response to the top of hiring briefs.
• 05Brazil, Mexico, and Colombia saw double-digit posting growth per local aggregators, but median salaries stayed 55-68% below US comparables when converted at Q2 exchange rates.

Demand pulse

Where hiring is tight, where it slowed, and what shifted in Q2.

The US cybersecurity workforce gap narrowed marginally this quarter, from 469,000 to 447,000 open roles per CyberSeek's national dataset, but the supply-demand ratio stayed at 0.85, well below the 1.0 neutral line. Tight markets reward candidates with verifiable skill stacks — entry-level candidates who pair Security+ with hands-on lab evidence are closing 37% faster than certificate-only peers in our own assessment cohort (n=2,418 this quarter).

Role mix shifted. Cloud Security Engineer postings grew 14% quarter-over-quarter, and AppSec Engineer grew 11%, while generalist Security Engineer postings stayed flat. CyberSeek began tracking cloud-specific hires as a distinct series in 2024, so this is the first quarter where cloud-security postings formally outpaced generalist engineering.

SOC Analyst remains the dominant entry-level on-ramp by posting volume. The cybersecurity SOC Analyst role accounts for roughly 26% of entry-level postings in CyberSeek's Q2 snapshot. For junior candidates asking which role to target first, SOC Analyst plus a Security+ or CySA+ still represents the shortest defensible path from zero to offer letter.

Salary signals

Median compensation, entry-to-senior compression, and LATAM comparables.

BLS Occupational Employment and Wage Statistics for cybersecurity analysts (SOC 15-1212) puts the May 2024 median annual wage at $124,910. The top decile exceeds $188,280 and the bottom decile sits at $69,210. Those are national aggregates, not role-specific bands, so a SOC Analyst at the 25th percentile will typically land below the series median by design.

Entry-to-senior compression tightened in LATAM markets this quarter. In Mexico, the gap between an entry SOC Analyst and a Senior Security Engineer narrowed from 2.4x to 2.1x per Robert Half México Q2 salary guide; in Brazil, it narrowed from 2.7x to 2.3x per Robert Half Brasil's Q2 Cybersecurity Report. This compression usually signals a maturing market where senior talent is abundant relative to entry-level demand, the opposite of the US pattern.

Total compensation — base plus bonus plus equity — stayed roughly flat. The shift this quarter is in the mix: companies offering equity refresh grants at hire grew 6 points, while companies offering signing bonuses shrank 4 points. For candidates choosing between offers, the equity-versus-bonus trade-off needs explicit modeling against the company's liquidity event timeline.

Certification velocity

Price moves, exam updates, and where the market is shifting its stamp of approval.

CompTIA raised the Security+ (SY0-701) voucher to $404 this quarter, up from $392, per the CompTIA Store's published schedule. The CompTIA Store page confirms pricing as of April 2026 and explicitly notes that vouchers purchased before the change carry their previous price through expiry. Candidates mid-ladder should buy before the next scheduled review if the budget allows.

ISC2 confirmed CISSP Annual Maintenance Fee at $135 per year and CPE requirements at 40 per cycle, per the ISC2 member handbook. The CISSP renewal carry cost over a 3-year cycle is $405 plus 120 CPEs of documented work. For a mid-career candidate weighing CISSP against a cloud specialty, that carry cost compounded over 10 years can approach $1,400 before CPE time is counted.

Cloud specialty certifications continued to move. AWS Certified Security – Specialty now sits at $300 USD per exam and remains the highest-velocity cloud cert in our talent-network signups. Microsoft AZ-500 and Google Professional Cloud Security Engineer trail but are growing. For cybersecurity candidates considering a cloud stamp, AWS-first remains the pragmatic choice by market share, but the Azure path reliably wins federal and regulated-industry searches.

Threat landscape → career impact

Which Q2 incidents and CVEs moved hiring briefs.

CISA's Known Exploited Vulnerabilities (KEV) catalog added 68 entries in Q2 2026. Identity providers, mail gateways, and remote-access appliances dominated the list. Three consecutive Microsoft Entra ID advisories plus two separate mail-gateway exploitation campaigns drove federal and enterprise security teams to post urgent Identity & Access Management and Incident Response roles through Q2.

The cybersecurity breach disclosure cadence stayed near the 2024 baseline of one major enterprise breach per week, but sectoral concentration shifted. Healthcare and state-local-tribal-territorial government together accounted for 41% of publicly disclosed breaches this quarter, up from 33% in Q1, per the Identity Theft Resource Center (ITRC) Q2 data breach report. Candidates targeting incident response or GRC roles should expect healthcare-specific compliance questions (HIPAA §164.530 breach notification) in interviews for roles at payer and provider organizations.

Two patterns cut across Q2's exploit landscape. First, identity-layer exploitation (token theft, OAuth abuse, device-code phishing) moved from niche detection engineering work to table-stakes SOC triage. Second, supply-chain compromises through dependency substitution continued at a pace that now makes AppSec Engineer a boardroom-visible role, not just an engineering-org role.

LATAM snapshot

Brazil, Mexico, Colombia, and Argentina markets at Q2 close.

LATAM cybersecurity hiring continued to expand this quarter. Brazil posted double-digit growth on Catho and VAGAS.com cybersecurity listings per their published monthly indexes, Mexico's OCCMundial reported a 9% QoQ increase on security roles, and Colombia's elempleo ran a special campaign on the Ley 1581 compliance profile. Argentina stayed roughly flat on Bumeran.

Converted at Q2 2026 exchange rates (BCB PTAX for BRL, Banxico for MXN, Banrep for COP, BCRA for ARS), LATAM median cybersecurity salaries sit 55-68% below US comparables. The gap is narrowing at the top decile (senior cloud-security and CISO roles in São Paulo and Mexico City) where remote contracts from US employers are an increasingly visible option.

Data localization regulations — Brazil LGPD (Lei 13.709/2018 and ANPD enforcement guidance), Mexico LFPDPPP (INAI supervision), Colombia Ley 1581 (SIC enforcement), and Argentina Ley 25.326 — continue to drive local GRC hiring. For candidates building a LATAM-focused career, reading the relevant authority's published fines and settlements each quarter is a high-leverage signal on which sectors are spending next.

Emerging roles

Where cybersecurity careers bifurcate next.

Three emerging roles moved from adjacent-interest to explicit hiring brief this quarter. AI Security Engineer postings tripled off a small base, driven by retrieval-augmented-generation security reviews and model-poisoning concerns at scaled enterprises. Quantum Readiness roles surfaced at defense primes and banks with NIST post-quantum migration guidance (SP 800-232 family) in the job description. And Cybersecurity Product Manager postings grew at AppSec-first startups, reflecting cybersecurity's move from back-office cost center to product surface.

The skill stacks for each role differ sharply from the generalist cybersecurity career. AI Security rewards ML literacy and threat modeling on prompt injection and data poisoning. Quantum Readiness rewards cryptographic depth and inventory tooling (CBOM, cryptographic bills of materials) familiarity. Product Security Management rewards developer-experience instincts plus compliance fluency.

Q3 forecast

Q3 2026 will test whether cloud-security posting growth sustains after the summer hiring slowdown. Expect CompTIA to announce the CySA+ exam refresh (CS1-003 beta window opens July per their schedule) and for CISA KEV velocity to stay elevated through quarter end. The LATAM senior-to-entry compression trend is the pattern most worth watching — if it tightens further in Mexico and Brazil, US employers running remote-first LATAM hiring will feel it first.

Frequently asked questions

Sources

• Bureau of Labor Statistics OES, cybersecurity analyst wages (May 2024)
• CyberSeek national dashboard
• CISA Known Exploited Vulnerabilities Catalog
• Identity Theft Resource Center breach reports
• CompTIA Store — Security+ pricing
• ISC2 Member Handbook and CISSP maintenance
• AWS Certified Security – Specialty
• NIST post-quantum cryptography migration guidance
• Robert Half México Salary Guide
• Robert Half Brasil Salary Guide