This article can also be found in the Premium Editorial Download "Information Security magazine: Exclusive: Security salary and careers guide."
Download it now to read this article plus other related content.
Six-figure security jobs have become common. Maybe you should slip this article into your boss's mailbox.
For 14 months, candidate after candidate trudged through Andre Gold's office hoping to be offered a coveted position with the Continental Airlines information security team. Gold saw them all during his hunt for talent--CISSPs, CISMs, MSCEs, each with impressive technical chops, but....
"They could not define risk, or they did it by what the CISSP book says," says Gold, director of information security for the airline. "To the business side, it's important to have an entity that can articulate risk in terms of the business. I can find people who write rules and put in firewalls. All I ask them is, 'Why? What's the risk? How will it impact revenue?'"
Increasingly, those who can successfully align risk to business processes and communicate that to management are cashing in with lucrative careers in information security, and landing jobs with six-figure salaries, according to most prominent salary surveys.
By that measure, Gold believes he is making himself even more marketable by pursuing an MBA from Colorado State University. In fact, some predict (and hope) that those with business skills bolstering their bits-and-bolts know-how will get compensated in the same manner as a company's C-level executives.
"You will see compensation structures change, and [CISO] packages more in line with what chief executives expect in an
I see [getting a CISO position] becoming competitive, but you won't see that competition drive down the price."
This was first published in July 2006