Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
In this piece, we're highlighting findings from our 2023 Security Organization and Compensation Benchmark Report around functional leadership compensation to help CISOs in their organizational decisions and in talent recruitment.
This edition of the annual survey, jointly fielded with Artico Search, featured objective data from over 660 CISOs on compensation for seven—dedicated and full-time—security functional leader roles, one level down from the CISO.
Data from our CISO respondents found that, across sectors, roughly 15% are at or approaching a revenue milestone that warrants the addition of a head of SecOps to their security organizations, based on what is typical for their peer group.
Another 4% of CISOs indicated they have the SecOps leader role in their org charts that is currently vacant with a critical need to fill. That makes for a total of 19% of CISOs looking for a head of SecOps in the immediate or near future.
For 15% of CISOs, a head of AppSec is a likely or critical hire, followed by 13% for a head of IAM. For the deputy CISO and product security leader, the share of CISOs with hiring needs is lower at 5% and 3%, respectively (see Figure 1).
CISOs’ hiring and retention strategies generally revolve around recruiting and keeping the best talent. For this, they focus on the top quartile comp, rather than the median or average market rates.
Median, top 25% and top 10% compensation range for cybersecurity leader roles in the U.S. were provided by survey respondents then calculated for analysis. Compensation packages were filtered out that did not include annual equity.
The top 25% range for total leadership comp starts at $407,000 and has an average of $523,000. The top 10% average is $640,000. For the deputy CISO, the head of product security and the head of A&E, the top 10% figures exceed $700,000.
The heads of SecOps, GRC and AppSec in the sample have top 25% averages for total compensation just shy of $500,000 (see Figure 2).
Matt Comyns, co-founder and president, in Artico Search provided advice for CISOs in hiring and retaining top leadership talent. "We recommend CISOs benchmark their leader’s comp against the market so when there is a vacancy, they know what pool of candidates fit the comp range."
To attract and keep top talent with the experience of leading mature cyber program functions, CISOs should focus on paying rates in the top 25% comp brackets to gain a recruiting and retention advantage.
Fortune firm security orgs need leaders who are experienced with complexity and scale. The market rates for these leadership roles are higher than for those in large enterprises and midsize companies. What’s more, the top 25% has an overall comp that averages about $200,000 more than the median comp.
To optimize resource allocation, CISOs should recognize that not all roles have the same cost to fill. It’s recommended that CISOs strategically allocate their budget by prioritizing roles based on their cost and importance.
Research-backed data like this is not only helpful for CISOs to retain and hire top staff but also in benchmarking how their security org structure compares their industry peers.
Each year, IANS, in partnership with Artico Search, releases a series of benchmark reports on CISO compensation, security budgets, key security staff compensation and job satisfaction.
These in-depth reports feature new takeaways, uncover a wealth of insights and provide valuable leadership guidance to fine-tune your current role, department and career path.
Download our 2023 Security Organization and Compensation Benchmark Report– the third in our series – for additional insights and data for functional leaders within the security organization.
February 29, 2024
By IANS Research
Access key data sets from the 2023 -2024 IANS and Artico Search’s Cybersecurity Staff Compensation Benchmark Report. Gain valuable insights on cybersecurity staff roles to hire and retain top security talent.
Access key data from IANS and Artico Search’s Compensation, Budget and Satisfaction for CISOs in Financial Services, 2023-2024 report. Find valuable insights around the Financial Services CISO role to help better understand your situation, improve job satisfaction and drive organizational change.
February 21, 2024
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.