What is it like being a CISO?
A CISO, or chief information security officer holds considerably one of the highest paying salaries within the cyber security field in the United States. According to Glassdoor.com, the estimated total pay for a CISO is $191,794, with an average of $162,826 per year. Depending on the company you work for, that salary could be significantly higher, with some CISOs making well over 400K per year. The pay alone holds great appeal to many looking into a career in cyber security, but what exactly do CISOs do?
CISOs are hired and consulted by company executives to perform risk assessments and present their analysis on how to approach the company’s cyber security solutions/measures based on cost. In order to do this, a competent CISO needs to understand the client’s highest priorities and their most profitable assets in order to assess how much cyber risk they are willing to take.
It is not reasonable to achieve complete 100% cyber safety without a significant compromise to functionality and accessibility of a network, so a CISO needs to balance the cyber risk against a network’s functionality. The goal is not to entirely prevent a cyber attack from ever happening, since they will most definitely happen. Instead, a CISO is expected to control the timely detection of attacks, the damage of those attacks, and how the organization survives and recovers from those attacks and breeches in security.
While having knowledge and understanding on the technical aspects of this is fundamental, a CISO will not be expected to perform things like penetration tests themselves. Rather, they will be expected to lead a technical team, and provide their in-depth expertise on creating cost-effective solutions based on the client’s individual needs.
When presenting their findings to clients, CISOs must be able to communicate them in a way that is both appealing and concise. In general, the job primarily involves interfacing with people, rather than handling software development and maintenance. You will be the one responsible for building a safe and healthy cyber security culture within an organization. Having superb communication skills is a key component of becoming a successful CISO.
If you are interested in this cyber security role, the most sought-after certifications for this position include:
- CCNA (Cisco Certified Network Associate)
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- CGEIT (Certified in the Governance of Enterprise IT)
- CompTIA Security+
- CompTIA CySA+
- CompTIA PenTest+
- CompTIA CASP+