I keep hearing that the average chief information security officer salary is $100,000, but in my area (not near a major city) I'm making far less than that, despite many years in the field. Do you see salaries rising across the board, and are there one or two key skills you can point to that directly help raise salaries?
Ask the expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
There are several reasons why chief information security officer (CISO) salaries will continue to rise modestly over the next few years. It seems that there is a large data breach in the news almost every day. This has given rise to more complicated compliance requirements as governments and financial institutions attempt to stem the losses from cybercrime through regulation.
Companies that didn't invest in information security in the past are learning that doing so would have been less expensive than the costs of suffering data breaches, lawsuits and fines. Meanwhile, companies that have invested in information security need to increase spending, given the push for selling more products and doing more marketing on the Internet, thereby increasing the risk of cybercrimes or data breaches. These factors are raising the demand for qualified CISOs and staff, which should raise salaries as well.
However, it may not be possible to achieve your salary goals without changing positions or employers. For example, it is difficult to earn a larger salary at a small company in a rural environment when the business is not directly tied to the Internet. Generally, salaries are proportional to the information security risk of the company. It may be necessary to seek new opportunities with other organizations that are experiencing higher levels of information security risk. Be aware that these companies will have more challenging problems to go with the higher chief information security officer salary.
Finally, keep in mind that focusing too much on salary will make it difficult to succeed as a CISO. Information security is a difficult profession and one must be driven by passion to succeed. This is not an 8-to-5 job. It is necessary to keep up with the technical side of security to understand threats and defend the organization against them. It is also necessary to understand and actively participate in the business of the organization, realizing that the security department does not directly contribute to top-line revenue. People that are focused only on the chief information security officer salary will not spend hours at night reading through technical information or studying business journals. People with passion for the field will find that increases in salary will naturally follow hard work and outstanding job performance.
Dig deeper on Information Security Jobs and Training
Related Q&A from Joseph Granneman, Security Management
Expert Joseph Granneman offers advice to enterprise security teams on using open source intelligence tools to learn about potential threats.continue reading
(ISC)2's HCISPP certification has many potential benefits for health information privacy and security. Expert Joseph Granneman examines them.continue reading
Expert Joseph Granneman explains important business skills information security pros need -- and how to acquire them -- as the discipline matures.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.