Top cyber security experts can earn up to $300,000 a year through a combination of technical expertise and business or managerial experience.
Most wanted are those in their 30s rather than their 20s
"Contrary to initial impressions, the top tier is not necessarily composed of young geniuses so much as those who possess the right combination of technical talents and organizational experience, notably administrative, managerial, bureaucratic, and/or marketing smarts," reported research firm Rand.
Rand interviewed a number of companies and US Government security agencies as part of its report, with one firm indicating that cyber security experts could command $300,000 salaries.
Government organisations struggle to outbid private companies for the very best talent, with members of the top tier able to rapidly switch between jobs, demanding salary increases each time.
This seller's market is said to have been caused by a lag between increasing demand for cyber security workers and training programmes able to meet that demand, though this too is said to be changing.
The Computing Research Association (CRA) found that last year the number of computer degrees awarded in the US rose for the fourth year running to more than 15,000, up from 10,000 in 2009.
"The difficulty in finding qualified cyber security candidates is likely to solve itself, as the supply of cyber professionals currently in the educational pipeline increases, and the market reaches a stable, long-run equilibrium," RAND said. "This equilibrium may take some time to achieve."
However the firm warned that as companies turn to "radically new technology" to defend themselves from hackers, this may in turn reduce the number of cyber security experts needed.