In the relatively brief time it’s been around, the Chief Information Security Officer’s job has developed into a pressured, thankless existence.
These are the executives charged with keeping an organization’s systems secure in the face of mounting cyberattacks, careless vendors, and employees who are more concerned with using their own iPhones than keeping company data secure. “This job is not for the fainthearted,” David Jordan, CISO for Virginia’s Arlington County, told The New York Times.
Like other cybersecurity professionals, CISOs are in great demand. Companies are trying to lure them with salaries ranging anywhere from $188,000 to $1.2 million, plus signing bonuses, generous perks and larger budgets, the Times says.
CISOs may report to the CIO, the CEO or the Chief Risk Officer, but their job is to understand IT security issues and technologies and weigh the risks involved in technology decisions. A hefty dose of compliance in involved, too. Initially, they were in demand particularly at very large companies, firms in highly security-conscious industries and organizations that had to meet stringent government or industry security regulations. Now, though, as the threat of cyberattack becomes more common, the need for a CISO is being felt in other types of companies, as well. Today, more than half of corporations with at least 1,000 employees have an executive doing the CISO’s job either full- or part-time, according the researcher the Ponemon Institute.
To hear CISOs themselves tell it, theirs is not a fun job. A Ponemon Institute study found that most viewed their job as the most difficult in the company. A number said it was the worst job they’d ever had. Indeed, their work is so pressured many end up leaving voluntarily within two years. That compares to an average 10-year tenure for a CEO.
Still, most candidates go into the office with their eyes open, and work to make sure their employer’s eyes are open, too. Before signing on, they want the company to understand that security breaches are inevitable and that any effective defense is going to require a real budget.
“If you know you’re going to be sacrificed, you want a sufficient reason to take the job,” said John Kindervag, a security analyst at Forrester. “People aren’t talking about what we’re doing to these poor people. We’re putting all this complexity on their shoulders and then it’s just ‘Good luck!’”
- Feds, Insiders Foil Effort to Plug Corporate Data Leaks
- The CISO Mystique
- Network Concerns Drive Hiring for Security Professionals