Cybersecurity jobs are in demand. C-level IT executives needed!
Retaining information technology officers is becoming harder than ever. Due to an acute shortage of IT talent and an unprecedented wave of cyberattacks, pay rates for C-level execs in IT have skyrocketed.
A chief information officer (CIO), chief technology officer (CTO) or chief information security officer (CISO) can command an average of $170,000, according to Payscale. As there aren’t many candidates available, rates are surging even higher.
ChatGPT training built for everyone
The impact of the cybersecurity talent shortage
How bad is the talent shortage? The Infosec IT and Security Pipeline survey discovered that 92% of respondents believe it is difficult to fill open cybersecurity positions. Out of all C-level IT executive positions, the CISO is the hardest to fill. With a 500% rise in cybercrime over the last two years, cybersecurity hiring often becomes a bidding war. And those with the deepest pockets win.
In some states, regulatory factors have raised the pay rates of CISOs even higher. In New York, for instance, firms in regulated markets must fill the CISO position. Result: CISO salaries in greater New York City have soared well above $250,000.
Why everyone should have a chief information security officer
Cybersecurity has tended to suffer from a lack of executive guidance. Some companies throw money and technology at the problem and wonder why they remain vulnerable. Others implement draconian measures that make it more difficult for employees to be productive.
It is the CISO that guides the cybersecurity ship and balances the needs of security with the necessities and goals of the business. He or she determines strategy that is used to guide the procurement of security tools. The CISO constantly assesses risk and develops or adjusts plans to minimize it. A CISO sets security policy and enforces compliance.
How to attract top-level CISOs and IT executives
1. Pay top dollar
If the need is severe, competing on pay and benefits is one way to go. But be prepared as you are going up against some in financial services and other industries that actively sweeten their offers. Moving costs, house down payments and other benefits are often thrown in to make an offer more attractive.
2. Lower your qualification requirements
If 200 companies all want a CISO and demand X years of C-level experience, Y years of cybersecurity training, an MBA, a degree in cybersecurity and a series of advanced certifications, perhaps 20 people will fit the bill. That means only 20 will win (but will also demand high rates). The other 180 will continue without a CISO.
Make the bar realistic to provide some hope that HR can successfully recruit someone. Perhaps an MBA or advanced cybersecurity certifications can be earned on the job. Maybe the years of experience can be halved. Find a way to increase the prospective hiring pool.
3. Promote from within
It might take a while for a new CISO to learn the business and understand the nuances of the existing environment. But many within IT have already gained that knowledge and have a head start. Perhaps there are one or two candidates already working for you that can be promoted to CISO and can be given extra training to get their qualifications in order. It might even be wise to have them study half the day and work the rest to give them a chance to finish an MBA or earn much-needed qualifications.
4. Cope for now and plan ahead
In some cases, the only option will be to make an existing C-level exec or IT manager cope with CISO-type duties. At the same time, you train an internal person or a new hire to eventually take over the position. An internal certification program could be instituted that provides time and subsidizes training to encourage security and IT staff to complete certification programs such as:
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
Each is on the list of top-paying cybersecurity certifications. Within a year or so, the organization may have developed several people with the potential to be a competent CISO.
5. Go virtual
A solution that is growing in popularity is to hire a virtual CISO (vCISO). Cybersecurity executive management firms and managed service providers (MSPs) offer such services. They grant access to highly skilled and experienced teams of security consultants. This wealth of talent is at the disposal of anyone willing to pay a fee to acquire a virtual IT security head. They are not cheap, but they are considerably less expensive than a full-time CISO — if you can find one.
In the second part of this series, we cover how to go about finding, onboarding and getting the most out of a vCISO.
ChatGPT training built for everyone
Sources
- Average CIO Salary, Payscale
- The Endpoint Ecosystem 2022 National Study, mobile mentor
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Cybersecurity jobs are in demand. C-level IT executives needed!
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization