In a world where rampant cyber crime is costing companies and organizations millions of dollars every day, the chief security officer is an essential guardian of digital assets, information systems, intellectual property and more.
Because of the high stakes and the unique set of skills required to excel in this immensely challenging role (advanced technical wizardry plus outstanding crisis management and communication skills), the CSO has been hailed as “the corporate rock-star of the future” by one security expert.
Now that digital technology has revolutionized the way the world does business, security breaches occur so frequently that only the biggest ones make headlines. In the past several years, Equifax, eBay, Yahoo, Target, Uber, the NSA, the IRS and countless others are just a few of the high-profile companies and agencies that have been hit by hackers.
This, of course, has created a demand for a whole new generation of security professionals — those focused on information security and cyber security. Career opportunities are numerous for those aspiring to advance in this exciting, fast-growing and well-paying field. And at the top of the totem pole, responsible for a company’s entire information security profile, is the CSO.
The work of the CSO is so vital that average salaries range from $143,250 to $241,000, according to the 2018 Robert Half Technology Salary Survey, with many earning far more at the largest corporations. But just what is a chief security officer? What does the CSO career landscape look like? And what skills and training does the job require?
The title of “chief security officer” can mean different things at different organizations. In its broadest definition, chief security officer may refer to the person chiefly responsible for an organization’s information security, as well as its so-called “corporate security” — that is, the physical security and safety of employees, facilities and assets.
However, for this discussion we’ll focus on the CSO as chief guardian of information technology, protector of data and defender against cyber criminals. At the same time, it’s important to point out that many organizations refer to this role as “chief information security officer,” or CISO.
While it’s true that CSO and CISO are sometimes used interchangeably, the terms are definitely not synonymous. For example:
There is good news and bad news when it comes to the cyber security employment landscape.
The bad news: There is a critical shortage of skilled cyber security professionals. In fact, CSOonline.com forecasts that by 2019 there will be 6 million information security job openings but only 4.5 million qualified professionals to fill those roles.
The good news: This means that cyber security professionals with the right combination of skills and experience are in high demand. A general search for Chief Security Officer jobs on the employment website Indeed.com returns nearly 5,000 results. LinkedIn lists some 1,300 CSO and CISO jobs.
Salaries for CSOs and CISOs vary greatly based on many factors that include geography and size of the organization. But one thing is certain, pay for top cyber security professionals is high and getting higher. In fact, the word “skyrocketing” is used in many articles to describe the pace of growth for CSO and CISO salaries, particularly in metro markets.
The shortage of skilled cyber security professionals also means that the average information security administrator will earn 9% more than traditional IT staff, and can expect to achieve a median salary of nearly $100,000 per year.
“The cyber security job market is on fire,” Veronica Mollica, founder and executive information security recruiter at Indigo Partners, told Forbes. “Our candidates are facing competing offers from multiple companies with salary increases averaging over 30%.”
Chief security officer roles and responsibilities will vary between public and private sector companies and organizations. However, according to CSOonline.com, the following duties generally fall under the jurisdiction of the CSO:
“The modern CSO is a pathfinder and problem-solver for the organization,” Amanda Fennell, chief security officer for Relativity, told CSOonline. “CSOs must have an understanding of how complex tactical objectives can contribute to the strategic execution of holistically securing an organization, while respecting the privacy and trust of internal stakeholders, she said. “While a technical background can be a tremendous aid in making informed decisions, passion for solving emerging puzzles that accompany information security is essential.”
According to the same CSOonline report, helpful background includes:
In terms of education, many CSOs have earned cyber security certifications over the course of their career. In addition to broadening one’s skills and looking great on a resume, certifications can also significantly increase a cyber security professional’s salary potential.
Some colleges and universities have responded to the need to train the next generation of cyber security professionals by establishing master’s degree programs and curricula intended to position students for leadership positions in the field. For example, University of San Diego offers two advanced degree options — the innovative, 100% online Master of Science in Cyber Security Operations and Leadership and the on-campus Master of Science in Cyber Security Engineering.
According to Digital Guardian, 85% of chief information security officers possess a bachelor’s degree and 40% have earned a master’s degree. One of the reasons advanced education is so beneficial to aspiring chief security officers is that, in addition to their technical chops, companies are relying on them to be part crisis manager, part high-level communicator and part politician.
“Technical skill and curiosity are necessary, but they’re not enough,” cyber security expert Ted Schlein wrote in Forbes. “The CSO needs to be politically adept too. CSOs must be organizationally skilled — in carving out the security budget, in influencing other verticals within the company and in earning the trust of top executives.”
In addition to enjoying a financially rewarding career, cyber security leaders who embrace the challenge of becoming a chief security officer or chief information security officer can be proud of the work they do safeguarding people and organizations from the ever-expanding threat of high-tech crime in the digital age.
Cybersecurity is a fast-growing, high-paying field with a range of different types of job openings. Which role might be ideal for you? Take a moment to explore some of the other exciting careers in cybersecurity:
Want to see the top paying jobs in cybersecurity? Read this article.
Want to see the top entry level jobs in cybersecurity? Read this article.
Want to see the top non-technical jobs in cybersecurity? Read this article.
Want to learn how to land the best jobs in cybersecurity? Read this article.
Get the Free PDF
Download your copy of this blog post for convenient access.
Dr. Michelle Moore is the Director of the Graduate Cyber Security Operations & Leadership and professor of practice with the University of San Diego. She has over two decades of experience as a Cyber Security Professional and over ten years.
Chuck Bane joined the USD Center for Cyber Security Engineering and Technology as a professor of practice in June 2018. He is a highly motivated professional with over twenty years of teaching and curriculum development experience on both the graduate.
Program(s) covered in this article: