Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

State of the CSO 2004: Miles to Go

Our exclusive "State of the CSO" survey finds that this emerging profession has taken two steps forward, one step back.

By

June 01, 2004CSO — We never said, dear reader, that your numbers were legion or your permanence guaranteed. Chief security officer is still as much a goal as a profession. It's the notion that if only organizations would entrust all manner of security to someone with enough brains and influence, this CSO would be able to protect against everything from snoops to snipers and add to the bottom line to boot.

Optimistic? Sure. So it's no wonder that for the past three years, the evolution of the CSO has at times seemed to move about as fast as a two-legged dog. There have been murmurs about restructurings and firings and turf wars, about the small number of CSO job openings and even smaller number of listings that are neither overly technical nor unrealistically broad. CSO hasn't exactly become the kind of acronym that you can drop at a cocktail party.

But there is proof at last that you are making progress. Proof is in a thorough new set of guidelines, developed by ASIS International, that define the role of the CSO. Proof is in a CISO Executive Membership program, developed by the Information Systems Security Association (ISSA), that aims to help first-time chief information security officers grow into their roles. Proof is in a high-powered brain trust, the Global Council of CSOs, led by one-time White House adviser Howard Schmidt. And proof is in our second annual "State of the CSO" survey, in which we quizzed 311 readers about their roles, responsibilities, budgets and more.

The biggest reason for your growing influence? Simply put, more of you are making inroads into senior management. Last year, only 19 percent of respondents were CSOs, CISOs, chief risk officers or vice presidents focused on security. This year, 26 percent claimed such a title. That may not sound like a huge increase. But if you think about what happened to your 401(k) portfolio during the same months, that kind of growth might not seem so shabby.

"I'm surprised it went so fast," says Dave Cullinane, who is involved with the ISSA executive group and the Global Council of CSOs. "There are cost constraints. If you take someone who's the manager of IT security and give him a promotion, you need more money."

No foolinglast year, only 21 percent of C-level respondents earned more than $150,000 a year. This year, 30 percent of those with C-level titles reported being in that tax bracket. (Part of that might be due to the audience that CSO is reaching, but we hope at least a few respondents from last year were able to trade in their Honda for a BMW.)

RESOURCE CENTER