CSO salaries expected to sky rocket

By many accounts, 2015 was the year of the big data professional, with data scientists even being hailed as the “sexiest job of the year” by one study. But 2016 may emerge as the year of the chief security officer, as another new study reveals that pay for CSOs is rising faster than most every other IT job.


According to the 2016 Technology Salary Survey released this month by Robert Half Technology, top CSOs can now expect to earn just under a quarter million dollars in base pay. To be more specific, salaries for CSOs will range from $140,250 to $222,500 in the New Year. This represents an average pay increase of 7.0 percent, the fourth highest in the entire salary study. Only wireless network engineers (at 9.7 percent), big data engineers (at 7.5 percent) and data security analysts (at 7.1 percent) will see larger pay hikes.

CSO pay increases will also be significantly higher than other IT executives in 2016. According to the Robert Half study, the percent of salary increase in the top ranks of IT will be 4.9 percent for CIOs; 5.2 percent for CTOs; 5.1 percent for vice presidents of IT; 5.1 percent for technology directors; and 4.9 percent for IT managers.

Where you fall in the CSO salary range obviously depends on location and industry. But there are some more directly controllable factors that will help determine how big a paycheck you take home. CSOs wanting top dollar had better know their business and be able to tie their efforts to best protecting it.

“Employers are looking for a proven track record of establishing processes and solutions for IT security,” John Reed, senior executive director at Robert Half Technology, said of CSOs testing the job market. “They want candidates who can give solid examples of their previous work.”

“They are also looking for candidates with deep industry knowledge. For example, within the financial and healthcare industries, hiring managers will seek professionals with that specialized experience to ensure they will ramp up quickly and understand the nuances of the industry,” Reed notes.


Breach experience pays off

Confirming the rapidly rising pay rates for CSOs is Rona Borre, CEO at Instant Alliance, a technology recruiting firm in Chicago.

“Most CISOs tend to make between $175,000 to $225,000, with a 25 percent bonus potential, and strong equity package ($25,000 to $75,000 annually); though larger (Fortune 100) clients and major financial firms can pay upward of $300,000,” Borre says.

Adding greatly to a CSO’s earnings potential is their experience with security incidents.

“My recruiters typically go after CISOs from large companies with high risk data and systems (i.e. healthcare, ecommerce, financials, high volume transactions, HIPAA/PCA compliant data), as well as CISOs who have dealt with breaches in the past or have been brought in to recover from them,” Borre says.

“Ideal CISOs have touched all points of security, not just application or infrastructure security,” Borre adds. “Opportunities to bring in best practices, build teams, and recover from major security problems are attractive to new candidates.”

What else will help the CSO earn top dollar? According to Dr. Jane LeClair, chief operating officer at the National Cybersecurity Institute at Excelsior College in Washington DC, a recent survey of CEOs by that organization found that the following are the skills most expected in a top level CSO hire:

  • IT security knowledge, cited by 77 percent
  • Business knowledge, cited by 77 percent
  • Communication skills, cited by 67 percent
  • Leadership skills, cited by 64 percent
  • Industry knowledge, cited by 43 percent
  • Governance skills, cited by 39 percent
  • Interpersonal skills, cited by 33 percent

A simple matter of supply and demand

Also putting pressure on CSO salaries is simple supply and demand, and smart CSOs know they hold the upper hand.

“There is a shortage of talent with industry-specific knowledge, so employers are willing to offer extremely competitive compensation and benefits packages to recruit and retain these professionals,” Reed confirms.

CSO job candidates are also likely considering multiple offers or opportunities at the same time, Borre says, “This is a highly sought-after skill set as security becomes a hot button issue, and they know they can use this as leverage to increase their total compensation package.”

Don’t expect that picture to change anytime soon.

“The growth in security initiatives has been a major factor in driving the tech space over the past few years,” Reed says. “That includes salary growth in roles at all levels, including executives – and this year’s 7 percent increase in their salaries is indicative of their importance within organizations. It’s vital for organizations to have strong leadership directing their security teams to protect organizations from threats in addition to keeping on top of emerging trends in technology.”

But the good news doesn’t stop at the CSO level. There is plenty of bounty to go around in the IT security ranks. Taken as a whole, IT security jobs have the highest pay increase percentage heading into 2016 of any IT job group.

Leading the way, as noted earlier, are data security analysts, with a 7.1 percent pay increase, and salaries ranging from $113,500 to $160.000. That is followed by the network security engineer, with a 6.7 percent pay hike, and salaries ranging from $110,250 to $152,750. Next up is the information systems security manager, with a 6.2 percent pay increase, and salaries ranging from $129,750 to $182,000.

“Security will continue to be a major driver of hiring, as security is continuing to remain at the forefront of the minds of business leaders,” Reed concludes. “As organizations become more vigilant about protecting internal and customer data, there will be a continued need for the professionals who are able to implement and maintain these programs and initiatives.”

Join the CSO newsletter!

Error: Please check your email address.

Tags salariesIT careersCISOCSO Australia

More about CSORobert HalfTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Weldon

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place