With cyber-dangers lurking everywhere, more organizations are hiring chief information security officers to augment -- or even replace -- traditional CIOs, a move some see as increasingly necessary given the ongoing adoption of BYOD, mobile computing, and collaboration.
More than 55 percent of respondents to a survey of 652 IT and business professionals commissioned by IntraLinks, released today, currently have a CISO. In 2010, an SC Magazine study found 29 percent had this exec in 2008, while 44 percent did so a year later.
Now, adding another c-level executive may initially seem like an unnecessary expense, but, depending on your organization's size and complexity, this professional could actually generate enough funding -- and more -- to cover the position.
Effective CISOs with well-run information security programs can save their companies up to almost 10 percent of total revenue through reduced risk of data loss and theft, a report by SC Magazine found. In addition, organizations with CISOs are 10 times less likely to suffer expensive security breaches.
Jim Hurley, managing director of Symantec's IT Policy Compliance Group, told EC Council:
Simply put, CISOs contribute to better business results by ensuring security measures are fully implemented, standardizing and automating procedures, and by taking a strategic role with the organization to make information security a part of a business process.
For those IT professionals interested in pursuing a CISO position, there are several organizations dedicated to helping you earn the role. Of course, you need experience in IT, particularly security. Business knowledge doesn't hurt either. Additional, CISO-specific help is on-hand, too.
From formal offerings such as Carnegie Mellon University's Heinz College CISO Executive Education and Certification Program, to an array of regional forums from organizers such as the Argyle Executive Forum and Evanta Summits, security technologists have plenty of choices to support their career path.
Climbing the Security Ladder
Focusing on security can be good for your business and your career.
The end of that educational road is promising. CISOs will hold a valued place in the boardroom, offering important insight to the rest of the c-suite, analysts such as IDC predict. While the position varies from organization to organization, on average, responsibilities have increased over the past three years, Forrester claims. According to Computerworld, they include third-party security, threat and vulnerability management, identity and access management, and fraud management.
As Andrew Rose and Nick Hayes of Forrester wrote in their report:
While one could argue this is a good thing, as it demonstrates the trust the organization has in the security function, it's also worth noting that old expectations do not go away. Therefore, CISOs have had to address an increasingly long task list with only marginally more resources, which can have several negative repercussions.
This year, CISOs will face topics such as BYOD security; social networking and customer experience, return on value, and security; siloed governance, risk management, and compliance implementations; big-data and analytics risk; enabling innovation; value of Internet of Things; enabling innovation; virtual datacenter security; cloud; "inevitable" breaches, and what IDC describes as the "Tower of Crypto Babel," the research firm said in a recent webinar.
In return, for addressing and guiding these crucial decisions, CISOs can earn salaries of between about $114,000 and $238,000, with a median pay of $168,000, according to Salary.com. SimplyHired.com shows similar, although slightly lower, salaries.
This morning, Glassdoor showed 123 open CISO positions -- and who knows? Your company may need someone with this title but not even know it.
— Alison Diana , ThinkerNet Editor, Internet Evolution