Average CISO Salary Up Nearly 10 % in Past Six Months

Job Market for CISOs looks promising with salaries on the rise

In today’s tech driven world, the role of the Chief Information Security Officer (CISO) is becoming an essential team member for organizations as everything has been turning toward web-based, cloud and mobile tech. With these constantly emerging technologies, paired with companies’ fears of being hacked, companies are expected to secure and protect their customer’s data, along with their classified internal information. CISOs are now expected to take on greater responsibilities and those increased expectations plus a shortage of qualified talent has caused a rise in salary. In the U.S., the average annual CISO salary – salary plus bonus – has risen 9.36 percent over the past six months from $203,000 in Sept. 2015 to $220,000 in February 2016.* 

Hot CISO Skills Employers Desire

  • Network Security
  • App Security
  • Breach Response Management
  • Meet Data Compliance Requirements and Prepare Reports for Compliance Agencies
  • Cloud-Based Security
  • Mobile Security and Threats
  • Vendor Risk Management
  • Security Audit Remediation
  • Develop, Implement and Monitor Strategic IT Risk Management Programs
  • Administer and Monitor Cybersecurity Training for Employees, Contractors and Third Parties
  • Establish and Maintain a Company-wide Information Security Program
  • Maintain and Publish up-to-date Information Security Policies, Standards and Guidelines

Experience Requirements

  • 10 – 15 years of Previous IT or Related Field Experience
  • 3 – 5 years of IT Leadership Experience
  • Preferred: 3- 5 year of Industry-Specific Experience

Essential Soft Skills

  • Critical Thinking and Problem Solving
  • Excellent Written and Verbal Communication Skills
  • Proven Ability to Influence and Direct Others
  • Excellent Leadership Abilities
  • Integrity and Confidentiality with Handling Customer and Employee Data

For the top 6 CISO candidate locations within the U.S. and more salary data, please check out our CISO salary and demand infographic today for more information.

*Salary data courtesy of salary.com.




How IT Staffing Companies Are Helping Mitigate the InfoSec Skills Gap

What to Expect for IT Staffing in 2016

The question on the minds of hiring managers and job seekers alike seems to be what to expect for IT staffing this year.

What to Expect for IT Staffing in 2016
As demand for IT specialty roles continues to outpace supply, the IT staffing industry is expected to grow at least 6% in 2016, according to the Bureau of Labor Statistics (BLS).

Although there is some uncertainty about economic growth estimates around the globe, the expectations for hiring in the IT sector have been on the rise. The growth of information technology jobs is especially strong in the U.S., where companies are competing for qualified applicants amid a widening skills gap. Demand for talent in the information security, programming, cybersecurity, data science, software engineering and other IT specialty roles continues to outpace supply. With tech growth leading the current wave of business expansion, companies are finding it difficult to fill the highly specialized positions created by new technologies.

Here is some interesting data provided by the Bureau of Labor Statistics (BLS):

  • IT staffing in the U.S. is expected to grow 6% in 2016, representing $28.9 billion in revenue.
  • The number of computer science graduates in the U.S. still fell short of demand by an estimated 14% in 2014 (the most recent published statistics).
  • The H-1B visa program that allows foreign workers in specialty occupations to work in the U.S. is currently capped at 65,000 applicants, limiting the supply of skilled IT workers from abroad.
  • The BLS recently projected 12.5% growth in overall IT employment through 2024.
  • Unemployment in the IT industry as a whole is currently below 2%, compared to the national average of just over 5%.

While the BLS predicts growth in IT staffing to be around 6% in 2016, industry professionals project an even higher demand. Thanks to the dual effects of organic growth and the retirement of an aging workforce, some segments such as education and healthcare technology expect to see growth as high as 15%.

How to Secure the Right IT Talent

With this indisputable gap between the demand for IT workers and the limited supply of qualified job candidates, there comes opportunity. Recruiting firms specializing in certain high-demand segments and skill sets are in a perfect position to help companies identify the right information technology candidates to meet hiring needs. Far more than a general recruiting firm, a specialty IT recruiting organization has the advantage of knowing the industry and the high-tech skills that are in demand right now.

With all of the specialized segments within Information Technology, organizations looking to hire the most qualified IT talent would do well to engage a firm whose recruiters thoroughly understand technology. The fields of information security, cybersecurity, cloud computing, software development and other highly skilled tech positions demand IT recruiters who speak the language.

Follow us on LinkedIn and Twitter to keep up with the latest and greatest in IT staffing.

Women in Cybersecurity: 3 Statistics That Show It’s Time For a Change

Why aren’t there more women in cybersecurity?

Gender gap issues have been a hot topic for many industries lately. Whether it be pay gaps in Hollywood, or the lack of women in the cybersecurity and IT industries, it is a growing issue and people are calling for a change.

The IT/technology field has been a heavily male-dominated industry for many years. Women in technology fields have to overcome stereotypes, pay gaps and gender gaps to get into higher level positions in the industry. Check out these three statistics that highlight the issue:

  1. A recent Reuters article stated that in the Bay Area alone, more than one third of the 223 largest publicly traded companies in the area lacked women in top positions, with either having just one or no women in a high-level role.
  2. The number of women in cybersecurity is even less. A report sponsored by ISC2 and Booz Allen Hamilton found that in 2013 women made up just 11 percent of global cybersecurity workforce and only nine percent were in senior leadership roles.
  3. The cybersecurity gender gap is growing. The current burgeoning workforce is not leaning towards careers in cybersecurity, and the ones who are, are tend to be men. Raytheon and NCSA’s annual cyber study found that 52 percent of women “felt [that] no cybersecurity programs or activities were available to them”.

Cybersecurity: Recruiting Women

Many are coming to realize that this is an issue, and that women need to be more represented in the information security to keep up with the growing lack of talent in the industry.

Cybersecurity recruiting needs to focus on attracting and retaining women in these positions. ISC2 released their “Women in Security: Wisely Positioned for the Future of InfoSec” report, which states that new hires in cybersecurity should be paired with a mentor and recommended that companies adapt their training programs to focus on retaining women employees.Women in Cybersecurity Working

Additionally, information security’s current “military” wording, could deter women from entering the field. Cybersecurity has always gone hand-in-hand with the military, hence the verbiage. But in 2013 only 14.5 percent of the military’s active duty were women. While this is not a clear reason as to why women are not more attracted to the field, it could play a role.

Organizations are now focusing their security recruitment and training to include women. The SANS Institute launched the CyberTalent Immersion Academy for Women in October 2015. This will help women, “fast-track their careers in the cybersecurity field.”   Companies are starting to realize the need to invest in training for their current and future employees.

SilverBull can help you with your security recruitment needs and we can help you find women who are interested in cybersecurity careers. Visit our site to learn more.

Cybersecurity Agreement with China

Cybersecurity has been been a hot topic in Washington recently. The Cybersecurity Information Sharing Act (CISA) has been introduced to Congress and has passed the Senate Intelligence Committee on March 12th, 2015.

Additionally several government agencies have experienced security breaches, including the Office of Personnel Management. The OPM’s breach is said to have affected 21.5 million people.

Some believe that China is behind many of these attacks on government’s systems and of U.S. commercial organizations.

Crowdstrike CEO, George Kurtz, told USA Today that his staff can tell when they are dealing with attacks from China. For example, the attacks occur during China’s business hours and they target “intellectual property the Chinese are known to be deficient in.”

China’s President, President Xi Jinping recently visited the United States and met with President Obama. The two Presidents came to the agreement that neither country will commit “cyber economic espionage”.

During a joint press conference, President Obama said, “I raised, once again, our very serious concerns about growing cyberthreats to American companies and American citizens. I indicated that it has to stop. The United States government does not engage in cyber economic espionage for commercial gain, and today I can announce that our two countries have reached a common understanding on a way forward.”

While the agreement has been reached, President Obama also expressed some hesitation. He said, “The question now is: Are words followed by actions?”

The President is not alone in his hesitation; many others have also expressed concern.shutterstock_196161578 copy 2

Joseph Steinberg, CEO of SecureMySocial wrote a list of “10 Issues With the China-US Cybersecurity Agreement” for Inc.

Some of the issues that Steinberg highlights are:

  • The agreement still allows hacking for “government on government spying”.
  • No standards are defined or clarified in the agreement. Steinberg writes, “What is considered hacking, and what is considered acceptable activity?”
  • Hacking can still occur on individuals and businesses as long as it is not for commercial gain.
  • There is nothing enforcing either country to stick to the agreement.

Despite people’s concerns, many agree this agreement is a step in the right direction for cybersecurity in the United States.






Government Cybersecurity Information Sharing Act (CISA)

Learn about the government’s latest bill,CISA, which aims to solve cyber crime.

The Cybersecurity Information Sharing Act (CISA) was first introduced to Congress in 2014, and has been re-introduced again in 2015 during the 114th Congress. The bill has passed the Senate Intelligence Committee, but not much has happened with the bill since.

The bill is aimed at making it easier for companies to share security threats with the federal government. If made into law, CISA would not require the sharing of information, but it would create a system for federal agencies to receive security threats from private companies.

There has been a very active debate on this bill. In mid-September 2015 many of the top tech companies sent a letter to legislators in support of the bill’s efforts. These companies include, Adobe, Apple, IBM, Microsoft, Oracle, Salesforce and Symantec.Cybersecurity Information Sharing Act CISA | Silverbull

Several of the companies have spoken out and said they do not necessarily support the specific bill, but they support “stronger cybersecurity protections in general”.

Despite the support for some kind of cybersecurity legislation from some of the top companies in the industry, many companies are opposed to the bill because of privacy concerns.

Fight for the Future has developed a large campaign in opposition to the bill. Fight for the Future’s goal is to: “build a grassroots movement to ensure that everyone can access the Internet’s many resources affordably, free of interference or censorship and with full privacy.”

They have a website called, https://www.youbetrayedus.org/, where you can send an email to the above mentioned companies, about how they’ve betrayed their customers for signing the letter. On their first day alone, they sent out 15,000 emails to the tech companies.

Because of this backlash, the CEO of Salesforce has since come out and said he does not support CISA, and it was a mistake to sign the letter.

Fight for the Future believes that there should be cybersecurity legislation, but it should be fair. These are the issues that they have with the bill:

  • The bill offers private companies immunity for privacy and anti-trust laws, to allow information to flow freely. This can include user-information, which the government would now be able to access without any warrant.
  • The data being shared is not going to just one agency; it can be shared with the FBI, the IRS and all the way down to local law enforcement.
  • If a criminal violation (i.e. money laundering) were exposed/committed while sharing the cybersecurity data, companies would be granted immunity.
  • The bill allows companies who have shared data with the government, to access classified information from government agencies. This can include what would otherwise be private information on their competitors.

Many are in agreement that some sort of cybersecurity legislation needs to be passed. It is a growing and prevalent threat to our nation’s security. However, is the CISA the best way to protect ourselves?

Cybersecurity Experts Biggest Complaint: Security Programs Aren’t Prioritized

What is one of the most important things information security candidates look for in a company? The importance of their cybersecurity initiatives.

In our job as cybersecurity recruiters, this is something we hear over and over from our candidates and professionals.Cybersecurity experts

Cybersecurity is one of the biggest issues facing our society; hackers are attacking our businesses and governments on a daily basis. To help combat this problem, many organizations are now seeking top information security professionals to join and help them strengthen their security measures.

For these professionals, however, it is not as simple as joining a new company and fixing everything; they can not do it all. One of the biggest concerns that job seeking cybersecurity professionals have is that companies are not always willing to invest in security. They hire one person, expect them to do it all, without having a good idea of what they need or want.

Setting Security Professionals Up for Success

Security professionals want organizations to provide them with the budgets and resources necessary to develop a strong security program. Many candidates mention how they join organizations but cannot implement the work that needs to be done due to companies not willing to invest more into their security programs.

Additionally, before starting a search for a security professional to join their team, organizations should have an idea of what they want their security program and the position to entail. It might be a good idea to hire an information security consultant to see where the holes in your security program exist and where the most work needs to be done.   The organization should then be very clear when they are interviewing candidates in explaining what they want their security program to look like and the resources they are willing invest in it.

Most importantly, cybersecurity professionals want to be of value to your organization. Here a few tips for executives to remember:

  • It is cheaper to be proactive than reactive in the long-run, you do not want to wait until your systems are attacked or hacked.
  • If you have hired or are hiring a security expert, listen to them and act on their recommendations.
  • Have the security team play an active role in the decision making process.

In the end, if you listen to these suggestions, you will have a more secure system and happier information security employees.

If you’re a cybersecurity professional looking for a new role at an organization that takes cybersecurity seriously, contact us today, so we can see how we can be of help.

Cybersecurity Experts in High Demand as Market Faces Skill Shortages

As cyberattacks become more commonplace, demand for cybersecurity experts grows.

The growing threat of cyberattacks has created a robust demand for cybersecurity experts in a short-staffed IT jobs market. Just consider that the Center for Strategic and International Studies, a Washington-based think tank, estimated in an October 2014 report that cyberattacks cause damages of $445 billion a year worldwide. In 2015, enterprises must constantly be on guard for these costly and disruptive digital intrusions.

Skills ShortageAnd the exponential growth of data, fueled by rising mobile device penetration in the developing world along with the emerging Internet of Things, will only result in a larger jackpot for hackers to target. Moreover, recent high-profile attacks against major corporations like, Target, Home Depot, JPMorgan Chase, Anthem and Sony, have elevated the issue of cybersecurity to the pulpit of everyday discussion.

The intrusion-risk is so compelling that JPMorgan Chase, who announced a data breach that compromised 84-million customer accounts last fall, plans to double their cybersecurity budget to $500 million in the next five years, according to bank CEO Jamie Dimon. Venture capital firms are also investing heavily in the cybersecurity sector. In 2014, VC funding for cybersecurity startups swelled to a record $2.4 billion, up 156 percent from 2011.

But where do these enhanced budgets and investments dollars ultimately trickle down? The beneficiaries of this spending and investment wave are information security personnel – the human capital commanding big money in a scarce cybersecurity expert pool.

Market research firm Gartner forecasts that the cybersecurity market will grow from $76.9 billion this year to $93 billion in 2019. The problem is the current dearth of qualified cybersecurity professionals to meet the current labor needs, not to mention those, which will accompany the market’s furious growth. One Rand Corporation study estimates that there are approximately 1,000 skilled cybersecurity experts globally, while the market needs 10,000 to 30,000 to satisfy demand.

Offering slightly better numbers, Alex Stamos, Yahoo’s chief information officer, told United Press International in March, “There are maybe four or five thousand people in North America I can hire right now who have the technical skills keen to us.”

Data from Burning Glass, a Boston-based labor analytics firm, indicates that cybersecurity job postings grew 74 percent from 2007 to 2013, or more than twice the growth rate of all other information technology jobs. Also, the Bureau of Labor Statistics forecasted that demand for information security analysts is bound to grow by another 37 percent between 2012 and 2022.

But, in order to properly accommodate this demand, American cybersecurity experts like, U.S. Cyber Consequences Unit CEO Scott Borg and others have called for greater emphasis on and investment in cybersecurity education.

While enterprises wait with bated breath for more skilled cybersecurity personnel to enter the talent pool, competent security specialists can leverage scarcity to command top dollar. According to Network World, security-related positions are among fifteen job titles projected to experience significant salary upgrades this year. All of the jobs presently offer compensation packages ranging from at least $100,000, all the way up to $190,000 for chief security officers.

But in 2015, salaries for these security positions are expected to rise between 6.6-and-7.4 percent, depending on the exact role. So by 2016, some chief security officers could make a base exceeding $200,000.

The cybersecurity market is as lucrative as it short-staffed. Skilled information technologists would be wise to capitalize on the opportunity before the sector gets crowded and the laws of supply start trimming their income prospects.

Learn about 5 hiring trends for the cybersecurity industry in 2016.

Chief Information Security Officers Are Critical Assets for Enterprises

Learn about the importance of the rising role of the Chief Information Security Officer (CISO).

The Chief Information Security Officer is a position that has become essential for all data-reliant enterprises. This role has become one of the fastest growing C-suite positions and is the byproduct of an age that has been disrupted and infected by a cybercrime pathogen, which shows no signs abating. Enterprise and government network landscapes are in a constant state of conflict, fighting against a shape-shifting threat that is continually evolving.The Importance of a Chief Information Security Officer CISO

In today’s enterprise network arena, data is perpetually under siege from a barrage of phishing campaigns, malware, keystroke surveillance, zero day exploits, insider attacks and denial-of-service assaults. As such, enterprises need to designate a general to orchestrate a capable defensive and risk-management strategy.

Enter the CISO – the apex technologist, who possesses a rare combination of InfoSec analyst expertise and upper-management social engineering skills. The CISO is that rare breed, which can independently design and implement cloud security, while also being able to manage the complex personalities of information security staff.  With regards to the latter, the CISO must be the ultimate trust nucleus of the organization that can identify threats within its own IT ranks.

But CISOs primary contribution to an organization is their ability to take findings from data security analyses and turn them into business leadership initiatives. The CISO bridges the cap between IT personnel and key executives and stakeholders. These IT commanders have a keen understanding of not only the most vital information security issues, but the most crucial business functions as well. The operational efficiencies of a business benefit from the CISOs ability to unite the information security staff and mold them into a collaborative unit that fluidly identifies and responds to threats.

Another asset that the CISO brings to the table is their ability to grasp the interdependence between cyber and physical security. So while a firm’s information security staff might be comprised of savants whom are only proficient in the virtual world, CISOs align their functions with the goals of the enterprise. Part of this alignment involves a keen sense for provisioning and de-provisioning. CISOs oversee the levels of access and permissions that IT personnel have within the organization, badges included.

Organizations cannot afford to neglect the CISO role any longer. Additionally, they must design this role as a department that functions outside of IT and responds directly to upper management. By creating CISO positions, enterprises send a strong message to their stakeholders, prospective investors and the competition that cybersecurity strategy is among their core values. As such, the inclusion of a CISO becomes a sure path to securing investor confidence, mitigating repetitional risk and enhancing revenue growth.

Check out our chart highlighting the rising CISO salaries.