Cyber attacks are at all-time high, and the ratio of qualified security talent to number of attacks is very slim. Therefore, the demand for Chief Information Security Officers (CISOs) to find and retain qualified professionals to help neutralize imminent danger to an organization’s network is at critical mass.
As the CISO moves up the corporate ladder, the trickle-down effect increases the demand for mid-level professionals. As a result, many CISOs lose key staff to higher-paying agencies. The WSJ’s CIO Journal addresses the phenomenon in its recent article, summarized here:
Demand for ‘mid-tier’ security talent, is heating up, with some engineers doubling their salaries in the course of a year, chief information security officers and recruiters say.
With demand exceeding supply, salaries for security personnel are ratcheting up, says Matt Comyns, who recruits cybersecurity executives for Russell Reynolds Associates. As a result, some CISOs are losing key staff to higher-paying companies.
Robert Duncan, CISO of stock exchange operator Euronext N.V., said he knows of a security engineer who changed companies twice within a year and saw his salary jump from £40,000 to £80,000, or about $121,000. While instances of doubling salaries may be outliers, Mr. Duncan said the new reality makes it hard to cultivate organizational stability and protect data assets from a multitude of cyber threats. He said that CISOs hamstrung by corporate policies regarding salary increases can only offer so much extra money to retain talent before losing to a higher bidder.
Landmark breaches at Target Corp., Home Deport Inc., and Sony Pictures, in which credit card information or sensitive emails were stolen, have accelerated the hunt for cyber talent. Companies are seeking engineers who can secure applications and computer networks and, in the event intruders wreak havoc, plug the holes and remediate attacks.
Some companies are outsourcing work to security service providers for threat monitoring and other corporate defense strategies, said Craig Shumard, a security consultant. Increasing salaries and cross-training of staff are also viable options.
For more information on mid-level security professional pay options, see the full CIO Journal blog post.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.