It seems as though the demand for CISOs in the job market today is higher than ever before. CISOs are demanding higher salaries and are being given more responsibility at board level. To find out just how in demand CISOs are, we sat down with Nathan Powell of Henderson Scott – recruitment specialists in IT – to ask for his expert opinion on cybersecurity and the demand for CISOs.
So Nathan, Are CISOs in High Demand?
CISOs are in high demand. It depends on what your perspective is as a customer, what your budget is and what the mission is. The CISO job can cover a multitude of sins and sometimes it isn’t always necessarily a CISO role. So whether it is a Information Security Manager, Head of IT or a genuine out-and-out CISO, people who are able to take cybersecurity to the board-level are in high demand.
Why Are CISOs in High Demand?
The ever-increasing maturity of the cybersecurity market will naturally increase demand for people who can combat cybersecurity threats at a strategic level. We all know that prevention is better than cure, and when companies look to hire their first CISO, they often do so with the idea that the candidate will help them prevent data breaches.
As cybersecurity becomes more mainstream, we’re going to see a large number of people with the right skills being elevated into these positions in most large enterprises. At the moment there is still a bit of a skills shortage in this area, and this is reflected in the salaries. The average salary for a CISO in the USA is somewhere in the region of $230,000, and this is likely to increase to $500,000 if the CISO is elevated to the C-Suite in practice and not just in name.
Does Your Organization Need a CISO?
Sometimes people think they need a CISO when they don’t, or they misunderstand what the role of a CISO really is. It depends on the maturity of that company, where they are on that journey and their overall cybersecurity posture. Some businesses wouldn’t necessarily need a CISO, at least before other positions are filled. You may require more of a hands on “do-er” than a senior strategic executive that will typically manage functions rather than do hands-on technical tasks.
It also depends on what sort of company you are as to whether a CISO is necessary. Nobody is immune, as we know, but there are certain types of organizations that are more at risk. If you are a high-value target (HVT), such as a large bank or healthcare organization, then a CISO is a high-profile and high-pressure position that must be filled.
Your organization is likely to benefit massively from having someone who can develop an in-depth response plan based on their expert understanding of cybersecurity threats. If you have a shortage of people with leadership qualities in IT/security or a lack of process and communication between departments when it comes to cybersecurity – you likely need a CISO.
Watch this interview, where we discuss with Nathan Powell, what makes a successful CISO.
If you’re a CISO and you are looking for a way to improve the data security posture of your organization, schedule a risk assessment with Lepide. We’ll take you through some of the gaps in your cybersecurity strategy and offer practical advice on how to plug them – all for free.