June 3, 2016 By Christophe Veltsos 3 min read

“With demand for cybersecurity talent high, supply low, and companies urgently seeking to fill a myriad of positions, compensation is skyrocketing.”Executive Search Review Newsletter

“Every company is a security company.” — “Mitigating the Cybersecurity Skills Shortage

The CISO Job Market in 2016: Red Hot

For CISOs that are even remotely considering switching jobs, the sky appears to be the limit. A quick search of job offers for CISOs returns thousands of results, and there should only be more to come as organizations realize the importance of having a security leader firmly ensconced in the enterprise.

This demand is partly due to organizations globally realizing that cybersecurity risks are now a business issue, and having the right person in the organization is paramount for managing those risks. Naturally, the unprecedented demand for CISOs is also fueling a rapid rise in salaries.

On Jan. 9, 2016, a Forbes article noted that cybersecurity salaries topped $380,000. Just two months later, another article stated that the number had risen to $420,000. Other outlets reported more modest average salaries but acknowledged that CISO salaries did see some of the largest increases of all senior IT staff. As reported by Computerworld’s 2016 IT Salary Survey, they were up 5 percent from 2015 to 2016 to get within $5,000 of the CIO salary averages.

But Who’s Chasing Who?

CISOs may think they’ve been chasing a new job, but perhaps it’s the other way around. Data reported by CSO Online confirmed what those in the field have experienced: Even though only about 50 percent of security pros are thinking about a new job — whether actively pursuing it or passively being open to the idea — nearly 75 percent have been approached by a recruiter or recruiting organization.

Regardless of who was chasing whom, the next step is to determine if you’re ready for the role.

Are You Qualified for Your New Role?

For those looking to become CISOs for the first time — or those currently in a CISO role but considering a switch — it wouldn’t hurt to have a reality check about:

  • The value that you have brought your current employer;
  • The sum of your knowledge and experience and how that makes you unique — and presumably better than the rest of the CISO candidates. In other words, you should be ready to address how you’ve prepared for your new role as a security executive or a cyber risk executive; and
  • The value that you can bring your prospective new employer — which implies that you’re also doing some good research about each new employer prior to agreeing to be interviewed.

A SilverBull article about CISO jobs and salaries provided a good list of soft skills that those looking into the CISO job market should be able to demonstrate. The top skills were:

  • Critical thinking and problem-solving;
  • Excellent written and verbal communication skills;
  • Proven ability to influence and direct others;
  • Excellent leadership abilities; and
  • Integrity and confidentiality when handling customer and employee data.

Since the CISO job is becoming one that frequently interacts with the rest of the C-suite as well as boards of directors, applicants should also be ready for the questions the top leadership might ask of them. Cisco’s “Mitigating the Cybersecurity Skills Shortage” report agreed, stating, “CISOs must be able to frame the discussion in a strategic way that clearly communicates the potential impact of a data breach on stock price, customer loyalty, customer acquisition and the brand.”

Making the Leap

Before connecting with recruiters in search of your next professional opportunity, you may want to reflect on whether you are ready to be a risk leader and whether you’ve been making regular investments in the professional development of your leadership qualities. Ultimately, the CISOs that are most likely to command premium salaries are those that have spent years or even decades establishing a reputation that transcends their current employer.

Where does that leave the rest of us? While you may not consider yourself a thought leader just yet, it is not too late to start investing in yourself, your professional development and the professional development of your subordinates. Whether you jump ship now or later, investing in yourself and others will pay off both in the short term and over your career.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today