It’s that time when many professionals take stock of their careers as they wrap up one year and strategize for the next. For CISOs or those gunning for the CISO position, it might be a good time to take stock of salary expectations, potential interview questions, and the overarching role of the position.
According to Salary.com, in the United States, CISOs earn an average of $219,646, within a range of $191,928 and $253,575. Recruitment firm Robert Half, however, cites a different range, according to Information Management:
95th percentile = $270,000
75th percentile = $222,000
50th percentile = $181,750
25th percentile = $148,000
For those who are readying to start a new job search, Infosec Institute outlines three sets of interview questions to expect during a CISO job interview, from Ground Level to Mid Level to Executive Level. At the Ground Level, the questions are more focused on seeing if you have the chops. For instance, “What is SSL?” And, “Is cloud computing a security risk?” At the Mid Level, the questions are designed to assess your functional capabilities, such as, “Give me an example of a new technology you want to implement for information security” and “In what capacity have you provided information security guidance to organization personnel?” At the Executive level, the questions become more about sussing out executive presence and “chief” readiness. For instance, questions that probe comfort level with making executive decisions and inquire about executive-decision-making thought process.
According to IANS Research, that executive presence is the key to nailing and succeeding in the CISO role. Quoting Aileen Alexander from recruitment firm Korn Ferry in his blog, IANS founder and CEO Phil Gardner writes, “It comes back to the way they think through problems, the way they frame them up, and the way they communicate to multiple audiences.” Gardner goes on to outline three pieces of advice:
- Acquire deep knowledge of your business
- Earn your seat at the table
- Have the courage to stumble
Easier said than done. For those who want to take a cue from established CISOs, Secure World Expo provides a snapshot of how the CISO role is viewed at six different organizations.
For Starbucks, it’s about protecting the brand. At Netflix DVD, it’s about business enablement. For US Bank, the CISO role is about communicating effectively with various audiences. But researcher Dr. Larry Ponemon tells Secure World Expo that he sees the role evolving to be more about coaching across the organization to help others in leadership roles mitigate cyber risk. Similarly, at Southern Methodist University, the CISO role is about building cross-functional relationships to improve the organization. And finally, at global engineering company Black & Veatch, it’s about understanding what’s most valuable to the business in order to know what needs protection.
Whatever the organization, having a clear view of how the CISO role is shaped and compensated across the industry can help ensure success.