US IAM market set to reach USD $7.36b amid skills shift

The U.S. Identity and Access Management (IAM) hiring market is experiencing rapid change as demand for advanced security skills rises across major metropolitan areas.

A study from SPG Resourcing indicates that the U.S. IAM market is set to reach USD $7.36 billion in 2025. Projections estimate a compound annual growth rate of 15.53 percent through 2030, with the global market potentially reaching USD $65.7 billion by 2034. This growth is being driven largely in cities such as San Francisco, New York, and Washington, D.C., where enterprise security requirements are especially heightened.

Salaries and demand

Salaries for IAM roles continue to climb, with the report noting annual increases ranging from 8 to 12 percent. Entry-level IAM analysts now command an average salary of USD $98,400, while senior architects can earn in excess of USD $165,000. Contractors who possess expertise in platforms such as Okta, Ping, and SailPoint are seeing hourly rates between USD $100 and $150.

The growth in remuneration reflects a shift in the type of skills employers are seeking. According to the study, there is a move away from relying on traditional credentials towards prioritising hybrid experience. IAM professionals capable of developing Zero Trust frameworks, automating provisioning processes, or creating AI-driven detection models are currently the most sought after. Organisations are increasingly prioritising skills in behavioural analytics, decentralised identity solutions, cryptographic agility, and the enforcement of real-time security policies.

Skills over degrees

A significant shift towards skills-based recruitment is also under way. Employers are now placing greater value on practical experience - particularly with tools like FIDO2, SAML/OIDC, and post-quantum cryptography - than on formal academic achievement. The report highlights that hands-on labs, cloud certification programmes, and evidence of real-world problem solving capability are overtaking traditional degree requirements as key benchmarks for hiring.

This trend is being shaped by broader industry changes, including the adoption of Zero Trust as the default security model. As a result, IAM engineers must now manage and implement real-time policy engines and session controls that function across on-premises, cloud, and hybrid infrastructure. This means continuous authentication and least-privilege access are now foundational elements of IAM architecture, with machine identity management gaining equal footing alongside human user management.

AI and evolving authentication

The report also identifies multi-factor authentication (MFA) shifting towards risk-based and AI-enhanced approaches. Passwordless solutions, such as biometric verification and hardware tokens, are being adopted in response to both usability and security requirements. Artificial intelligence continues to impact identity security, with its applications now spanning from anomaly detection to automated user provisioning. Identity Threat Detection and Response (ITDR) is emerging as a core capability for enterprise security teams.

Decentralised identity and blockchain technology are also highlighted in the study. The rise of decentralised identity wallets and verifiable credentials is creating new trust models and reducing dependence on central authority systems. These developments are noted as being especially relevant in the public sector and industries with heightened privacy concerns.

Expanding scope

IAM's reach is extending to cover not only people, but also devices and endpoints – particularly as connected devices multiply. Security platforms must now support a diverse array of APIs and machine identities across distributed ecosystems, reflecting the growing influence of the Internet of Things (IoT) and edge computing.

Compliance requirements are rising in parallel. Adhering to regulations such as GDPR, CCPA, and HIPAA is increasing demand for IAM systems with real-time auditing, automated access reviews, and robust documentation of policy enforcement.

Employer response

"The smartest companies in 2025 are thinking beyond job titles and CVs. You need to clearly define IAM career ladders so candidates see a future with your team, not just a job. Prioritise practical skills, if someone can design a Zero Trust policy engine or run IAM threat simulations, that's more valuable than a degree. "Invest in real upskilling and train your people on protocols like SAML, FIDO2, and crypto-agile authentication. Expand your pipelines by collaborating with boot camps and offering fractional roles. And above all, position IAM as a strategic enabler, not just a security checkbox. When candidates see that they'll be shaping innovation, they show up."

Richard Howarth, Associate Director at SPG Resourcing, provided the above guidance on strategies companies should adopt in order to compete for IAM talent.

With average hiring timelines now stretching between 65 and 75 days and a reported 17 percent shortfall in professionals specialised in IAM roles, the report highlights that only those employers willing to adapt to new hiring models will be positioned to meet demand for skilled talent and fulfil compliance obligations as digital transformation accelerates.