In today’s increasingly globalized and connected world, information is everywhere.
People share personal and confidential data through countless computer networks, making it more important than ever to ensure that these networks are secured.
Not surprisingly, the role of the chief security officer (and his or her importance to the organization) has expanded along with our reliance on the Internet.
Let’s take a look back at the origins and changing responsibilities of this important position.
Then: focus on IT
The role of the chief security officer emerged in the early 2000s. Prior to that, it was commonplace for many companies to rely on IT department employees to maintain network security. Daily tasks included everything from updating firewalls and anti-virus software to ensuring the physical security of company hardware. In most companies, those managing security were not executive-level employees.
Things began to change following the September 11, 2001, terrorist attacks. This national tragedy placed increased focus on the need for cybersecurity and resulted in the Patriot Act, which, in part, mandated that federal IT departments have employees dedicated solely to security. This change rippled outward through the business world: Companies brought security out of the IT department and hired dedicated C-level security professionals.
According to a survey conducted in 2001, 47 percent of organizations in the financial services, manufacturing, technology and government sectors reported staffing a dedicated security professional. In the years since 9/11, the chief security officer role has evolved from a brand-new, fledgling position to one of the top 10 highest-paying IT security jobs.
Now: compliance and risk management
In recent years, an increased focus on mobile security, the rise of the bring your own device (BYOD) trend and highly publicized security breaches – such as those at Equifax and Yahoo! – have broadened the scope and scrutiny of the chief security officer’s responsibilities. Today’s CSO will likely be expected to advise the company on compliance, disaster recovery and information security. He and she will find themselves a key part of risk management. It’s no longer enough to be technically savvy; today’s chief security officer must also be an effective communicator and crisis manager.
Aside from having to combat an evolving array of technical threats to security, today’s CSOs must also possess business acumen as they are increasingly relied upon to advise corporate leadership on potential cyber risks associated with business decisions. As the importance of security continues to be understood by leadership, it is up to the CSO to ensure that it is incorporated into the fabric of the business.
According to the 2019 Robert Half Technology Salary Guide, the salary midpoint for a chief security officer is $181,750. Today’s employers expect the following of a CSO:
- Minimum of a bachelor’s degree in information systems or a related field
- 10 years of experience with a focus on information security, compliance and privacy
- Appropriate compliance- and security-related certifications
- Ability to plan, create and maintain complex security systems
As we become increasingly dependent on very complicated technology and security breaches continue to make headlines, the chief security officer will surely continue to grow as a pivotal advisor in crucial business decisions.