Cybersecurity Hiring Trends: Corporate America Increasingly Worried About Hacking Threats
A recent Reuters piece entitled Exclusive: U.S. companies seek cyber experts for top jobs, board seats brightly spotlights important hiring trends in the field of cybersecurity.
The article, authored by Nadia Damouni, references a recent PcW study (specifically “The Global State of Information Security® Survey 2014” — a worldwide study by PwC, CIO magazine, and CSO magazine conducted online from February 1, 2013 to April 1, 2013) which found the vast majority of cybersecurity programs fall far short of guidelines drafted by the Commerce Department’s National Institute of Standards and Technology (NIST).
Recent high-profile data breaches in the retail, health care and banking sectors have proven that “falling short” isn’t limited to meeting guidelines. Part of the challenge includes the need to hire top talent to fill the increasingly vital role of Chief Security Officer (CISO), a position focused on addressing cybersecurity concerns across the enterprise.
The CISO role, some argue, is long overdue. As “Burns0011,” a commenter of the Reuters piece, so eloquently states: “After decades of ignoring IT security and sweeping it under the rug and underfunding, companies are FINALLY starting to clue in to how much damage a breach can do.”
The urgent nature by many companies to fill the crucial role of CISO has made this position one that commands a highly competitive salary. According to Reuters, large corporations have recently hired CISOs for between $500,000 and $700,000 a year.
Think those salaries are high? Then how about a CISO salary in the millions? Matt Comyns, global co-head of the cybersecurity practice at search firm Russell Reynolds Associates, states compensation for CISOs at some technology companies with generous equity grants have actually reached as high as $2 million!
Ultimately, corporations and boards not compensating their CISOs competitively risk losing these highly-sought individuals to organizations willing to invest significant resources and budget dollars in cyberscurity programs.