The role of Chief Information Security Officer (CISO) has come a long way since CitiGroup and Steve Katz originated the title in 1995. The evolution and cruciality of digital technology has made securing a business absolutely vital and with this evolution we have seen the role of Chief Information Security Officer increase in both importance and frequency.
Here are five key findings Wilbury Stratton made from speaking with sources in the InfoSec community:
1. Budgets and salaries have increased alongside this development
Leaders in this area explained that they have seen the function elevated significantly over the last five to 10 years. As the function has increased in importance, salaries and budgets have risen steeply and CISOs have gained greater seniority and stature. This change has seen the quality of Infosec talent improve as leaders manage larger teams and remits.
2. Where the function sits is a topic of debate in the market
The majority of those we spoke with sit under the functional umbrella of the CIO or CTO, but a sizeable minority report through the group Compliance function. Some believe that the latter structure is favourable, expressing concerns that CISOs can be unduly influenced by Technology leaders who are sometimes more willing to accept greater risk in order to speed up processes. However, the majority agreed that Technology is the natural home for Infosec and that the most credible leaders in this space can influence outside of their functional vertical; reporting lines should not be an obstacle to accessing the necessary stakeholders.
More broadly, it is believed that InfoSec be positioned as a partner to the rest of the business and that the success of the function hinges on its ability to engage a variety of stakeholders, embedding a security mindset and culture throughout the business.
3. Pay can vary drastically depending on sector
Pay ranges vary a lot between one CISO and another, since the title ‘CISO’ covers a broad range of responsibilities, with little consistency in remit or scope. Salary ranges are sector specific, with transport and aviation industry generally pays less and tech, media and financial services companies typically pay more. Most professionals benchmarked the CISO role at around £160,000, though the mean base salary across all industries in our research amounted to £147,160.
4. How diverse is InfoSec?
The InfoSec market is majority white, with white men making up 34 percent of talent and white women making up 37 percent. This is then followed by BAME men at 18 percent and BAME women at 9 percent (with a further 2 percent of unknown background). Overall, the gender split of men to women is 53 percent to 47 percent.
5. There are two types of leader in the InfoSec world
Our research has shown that there are two broad camps of CISOs: those who are technically strong but are weaker on engagement, influence and leadership and those who prioritise leadership, stakeholder engagement and team/cultural development. Not all leaders are alike, according to our sources, with some said to be ‘over-promoted’ and a considerable