Survey: Federal security chiefs pull top salaries among global cyber workforce
Government CIOs are embracing social networking tools, but aren't necessarily applying controls.
Many computer security chiefs in the federal government outearned their private sector counterparts across the globe during the past year, according to a study released on Monday by market research firm Frost and Sullivan.
Among the C-level cyber managers surveyed raking in $120,000 or more, 32 percent were federal chief information security officers or federal chief information officers, while the portion of the global workforce banking that much money was only 23 percent. The report on attitudes in the field was commissioned by the International Information Systems Security Certification Consortium, (ISC)2, an organization that educates and offers credentials to cybersecurity professionals.
The 2011 global information security workforce survey collected responses last fall through a website from 10,413 professionals in the public and private sectors, including 145 federal chief-level managers.
On the whole, U.S. government cyber officials accounted for a larger share of the top paybands relative to information security executives worldwide. For example, a quarter of government executives polled were making between $100,000 and $119,000, while just 19 percent of the total respondent pool was paid within that range.
In the lower salary range, the opposite was true: There were more low-paid executives in the total population than in the public sector.
Only 3 percent of federal cybersecurity chiefs earned $59,999 or less, while 21 percent of senior-level professionals worldwide were paid at the bottom level.
"The U.S. federal C-suite reported very competitive salaries when compared to private sector CXOs," wrote the study's author, Robert Ayoub, an analyst in Frost and Sullivan's information and communication technologies practice. "This was encouraging news and illustrated the priority that information security has within the U.S. federal government."
By some accounts, the nation needs to bolster the ranks of cyber specialists from 1,000 to 30,000 as the frequency and sophistication of threats grow. Currently, a large amount of federal information security work is performed by commercial contractors. In most occupations, the federal government has traditionally compensated staff at rates lower than the commercial sector's.
Federal chief information security officers can expect to earn up to $180,000, or they can secure bonuses that may increase their wages to as much as $220,000, according to (ISC)2 Executive Director Hord Tipton. Some private sector "hunters," network operators and penetration testers adept at finding vulnerabilities pull in close to $175,000, according to Alan Paller, director of research at the SANS Institute, a cybersecurity training center.
"The U.S. government, according to the survey, is not underpaying security professionals," said Tipton, a former Interior Department CIO.
Among the other trends identified by the 2011 review: Government security chiefs and CIOs are embracing social networking tools such as Facebook, but are not necessarily applying controls to guard against less-than-careful employees. About 20 percent of federal survey participants said they did not filter content, block websites or enforce other restrictions on social media use by employees.
Government senior security executives reported that the ubiquity of mobile devices poses challenges, but they are less concerned about potential threats than the total group surveyed is. The majority of government respondents said about a quarter of their personnel have the appliances. Close to 60 percent of them ranked mobile devices as a top or high concern among a list of potential threats that included software vulnerabilities, cyberterrorism and "cloud" IT services accessed over the Internet. But that is a lower number than the 66 percent of executives worldwide who are worried about breaches via smartphones and tablets.
The authors speculated that the discrepancy is due to the tight safeguards placed on federally issued devices and long-existing standards for use.
Also of note, government chiefs were extra fearful of cyberterrorism, with that potential threat ranking 14 percent higher as a concern in the public sector than in the global population.