I keep hearing that the average chief information security officer salary is $100,000, but in my area (not near a major city) I'm making far less than that, despite many years in the field. Do you see salaries rising across the board, and are there one or two key skills you can point to that directly help raise salaries?
Ask the expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
There are several reasons why chief information security officer (CISO) salaries will continue to rise modestly over the next few years. It seems that there is a large data breach in the news almost every day. This has given rise to more complicated compliance requirements as governments and financial institutions attempt to stem the losses from cybercrime through regulation.
Companies that didn't invest in information security in the past are learning that doing so would have been less expensive than the costs of suffering data breaches, lawsuits and fines. Meanwhile, companies that have invested in information security need to increase spending, given the push for selling more products and doing more marketing on the Internet, thereby increasing the risk of cybercrimes or data breaches. These factors are raising the demand for qualified CISOs and staff, which should raise salaries as well.
However, it may not be possible to achieve your salary goals without changing positions or employers. For example, it is difficult to earn a larger salary at a small company in a rural environment when the business is not directly tied to the Internet. Generally, salaries are proportional to the information security risk of the company. It may be necessary to seek new opportunities with other organizations that are experiencing higher levels of information security risk. Be aware that these companies will have more challenging problems to go with the higher chief information security officer salary.
Finally, keep in mind that focusing too much on salary will make it difficult to succeed as a CISO. Information security is a difficult profession and one must be driven by passion to succeed. This is not an 8-to-5 job. It is necessary to keep up with the technical side of security to understand threats and defend the organization against them. It is also necessary to understand and actively participate in the business of the organization, realizing that the security department does not directly contribute to top-line revenue. People that are focused only on the chief information security officer salary will not spend hours at night reading through technical information or studying business journals. People with passion for the field will find that increases in salary will naturally follow hard work and outstanding job performance.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading