Problem solve Get help with specific problems with your technologies, process and projects.

Which skills will boost the information security officer salary?

Salaries for CISOs can vary widely. Expert Joseph Granneman explains how to earn a higher salary but warns against making it your top career goal.

I keep hearing that the average chief information security officer salary is $100,000, but in my area (not near a major city) I'm making far less than that, despite many years in the field. Do you see salaries rising across the board, and are there one or two key skills you can point to that directly help raise salaries?

Ask the expert

Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

There are several reasons why chief information security officer (CISO) salaries will continue to rise modestly over the next few years. It seems that there is a large data breach in the news almost every day. This has given rise to more complicated compliance requirements as governments and financial institutions attempt to stem the losses from cybercrime through regulation.

Companies that didn't invest in information security in the past are learning that doing so would have been less expensive than the costs of suffering data breaches, lawsuits and fines. Meanwhile, companies that have invested in information security need to increase spending, given the push for selling more products and doing more marketing on the Internet, thereby increasing the risk of cybercrimes or data breaches. These factors are raising the demand for qualified CISOs and staff, which should raise salaries as well.

However, it may not be possible to achieve your salary goals without changing positions or employers. For example, it is difficult to earn a larger salary at a small company in a rural environment when the business is not directly tied to the Internet. Generally, salaries are proportional to the information security risk of the company. It may be necessary to seek new opportunities with other organizations that are experiencing higher levels of information security risk. Be aware that these companies will have more challenging problems to go with the higher chief information security officer salary.

Finally, keep in mind that focusing too much on salary will make it difficult to succeed as a CISO. Information security is a difficult profession and one must be driven by passion to succeed. This is not an 8-to-5 job. It is necessary to keep up with the technical side of security to understand threats and defend the organization against them. It is also necessary to understand and actively participate in the business of the organization, realizing that the security department does not directly contribute to top-line revenue. People that are focused only on the chief information security officer salary will not spend hours at night reading through technical information or studying business journals. People with passion for the field will find that increases in salary will naturally follow hard work and outstanding job performance.

This was last published in April 2014

Dig Deeper on Information security certifications, training and jobs

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Nice article, Joseph. CISO salary is promising, but it takes hard work and pure dedication to achieve that. It's one of the more promising jobs in the field with great salary.