June 3, 2016 By Christophe Veltsos 3 min read

“With demand for cybersecurity talent high, supply low, and companies urgently seeking to fill a myriad of positions, compensation is skyrocketing.”Executive Search Review Newsletter

“Every company is a security company.” — “Mitigating the Cybersecurity Skills Shortage

The CISO Job Market in 2016: Red Hot

For CISOs that are even remotely considering switching jobs, the sky appears to be the limit. A quick search of job offers for CISOs returns thousands of results, and there should only be more to come as organizations realize the importance of having a security leader firmly ensconced in the enterprise.

This demand is partly due to organizations globally realizing that cybersecurity risks are now a business issue, and having the right person in the organization is paramount for managing those risks. Naturally, the unprecedented demand for CISOs is also fueling a rapid rise in salaries.

On Jan. 9, 2016, a Forbes article noted that cybersecurity salaries topped $380,000. Just two months later, another article stated that the number had risen to $420,000. Other outlets reported more modest average salaries but acknowledged that CISO salaries did see some of the largest increases of all senior IT staff. As reported by Computerworld’s 2016 IT Salary Survey, they were up 5 percent from 2015 to 2016 to get within $5,000 of the CIO salary averages.

But Who’s Chasing Who?

CISOs may think they’ve been chasing a new job, but perhaps it’s the other way around. Data reported by CSO Online confirmed what those in the field have experienced: Even though only about 50 percent of security pros are thinking about a new job — whether actively pursuing it or passively being open to the idea — nearly 75 percent have been approached by a recruiter or recruiting organization.

Regardless of who was chasing whom, the next step is to determine if you’re ready for the role.

Are You Qualified for Your New Role?

For those looking to become CISOs for the first time — or those currently in a CISO role but considering a switch — it wouldn’t hurt to have a reality check about:

  • The value that you have brought your current employer;
  • The sum of your knowledge and experience and how that makes you unique — and presumably better than the rest of the CISO candidates. In other words, you should be ready to address how you’ve prepared for your new role as a security executive or a cyber risk executive; and
  • The value that you can bring your prospective new employer — which implies that you’re also doing some good research about each new employer prior to agreeing to be interviewed.

A SilverBull article about CISO jobs and salaries provided a good list of soft skills that those looking into the CISO job market should be able to demonstrate. The top skills were:

  • Critical thinking and problem-solving;
  • Excellent written and verbal communication skills;
  • Proven ability to influence and direct others;
  • Excellent leadership abilities; and
  • Integrity and confidentiality when handling customer and employee data.

Since the CISO job is becoming one that frequently interacts with the rest of the C-suite as well as boards of directors, applicants should also be ready for the questions the top leadership might ask of them. Cisco’s “Mitigating the Cybersecurity Skills Shortage” report agreed, stating, “CISOs must be able to frame the discussion in a strategic way that clearly communicates the potential impact of a data breach on stock price, customer loyalty, customer acquisition and the brand.”

Making the Leap

Before connecting with recruiters in search of your next professional opportunity, you may want to reflect on whether you are ready to be a risk leader and whether you’ve been making regular investments in the professional development of your leadership qualities. Ultimately, the CISOs that are most likely to command premium salaries are those that have spent years or even decades establishing a reputation that transcends their current employer.

Where does that leave the rest of us? While you may not consider yourself a thought leader just yet, it is not too late to start investing in yourself, your professional development and the professional development of your subordinates. Whether you jump ship now or later, investing in yourself and others will pay off both in the short term and over your career.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today