[ISN] What's a Chief Security Officer Make? Depends on Where You Look

From: InfoSec News (isnat_private)
Date: Wed Mar 20 2002 - 23:58:28 PST

  • Next message: InfoSec News: "[ISN] Hackers Deface Thousands Of Domains Parked At Verisign"

    By Jeff Moad 
    March 20, 2002
    Grooming yourself to be a chief security officer? Pick the right
    industry and you could find yourself reporting to the CFO and pulling
    in upward of $400,000 per year, plus a 25 percent bonus. Pick the
    wrong industry, however, and you could find yourself in the $70,000-
    to $90,000-per-year range and reporting well down in the chain of
    According to a new research report from Giga Information Group Inc.,
    of Cambridge, Mass., CSOs in financial services companies are most
    likely to pull down the big bucks and to report to top management.  
    Among financial services industry CSOs, those reporting to the CIO can
    expect to make between $125,000 and $270,000 per year plus a 15
    percent to 25 percent bonus. Financial services industry CSOs
    reporting to the CFO or COO can earn up to $400,000 per year.
    While financial services companies appear to be on the cutting edge
    when it comes to granting top status and pay to CSOs, high-tech
    manufacturing companies and software companies are not far behind,
    according to Steve Hunt, Giga vice president and head of the company's
    security practice.
    Telecom companies, utilities and manufacturing companies, on the other
    hand, are the least likely to treat the CSO as a high-paid,
    high-ranking officer - if, in fact, they have a CSO at all. At
    companies in those industries, CSOs tend to report to executives two
    levels below the CIO and to earn between $70,000 and $90,000 before
    bonuses, which average 15 percent.
    Surprisingly, given the amount of sensitive information involved and
    the importance of regulatory initiatives such as HIPAA (Health
    Insurance Portability and Accountability Act), healthcare companies
    are among those that apparently can't afford to grant high status and
    high salaries to CSOs, according to Hunt. But, Hunt said, there may be
    a reason for that.
    "Why did the healthcare industry need HIPAA in the first place?  
    Because they didn't take security seriously. In many ways, they still
    don't," said Hunt.
    The wide variety in CSO salaries and reporting status, said Hunt,
    suggest that the position is still new and that many companies haven't
    decided what a CSO is supposed to do and how important the role is.
    "It's not a whole lot different than the CIO position 12 years ago,"  
    said Hunt. "Then, many CIOs were really simply middle managers in the
    data center. Only a handful were big shots."
    Hunt predicted that the role of CSO, while still controversial and not
    well-understood in many companies, will mature and attain consistent
    salary levels over time. In some industries including financial
    services - the CSO may end up on a par with the CIO, with the CSO
    overseeing all risk management functions, Hunt said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 21 2002 - 03:05:25 PST