Life after the Target data breach

New CISO Salaries, Security Budgets, NGFW Requirements

1280px target interior
Credit: Wikimedia Commons

The other day I noticed reference to a recent Reuters article which reported that "Some of the largest U.S. companies are looking to hire cybersecurity experts in newly elevated positions and bring technologists on to their boards" as opposed to CISOs reporting in to the CIO. The article went on to cite average salaries between "$500, and $700,000... In comparison, CISOs who have been with a company for five or more years are on $200,000 to $300,000 per year."

This brought to mind recent comments made by John Kindervag, Vice President and Principal Analyst with Forrester Research, during a discussion of next generation firewall drivers, requirements and decision criteria. Specifically, in addition to the salaries reported by Reuters, he claimed that CISOs were now requiring substantial increases in IT Security budgets before they would sign on. Another indication of the importance now being placed on security and the CISO role.

Further, the Reuters article notes these large salaries follow the data breach at Target earlier in the year while John Kindervag routinely referred to Year 1 AT (After Target breach).

Therefore it was unsurprising to him that when Forrester Consulting (April 2014) asked IT Security decision makers about the Key Drivers for Next Generation Firewall (NGFW) projects (projects implemented or planned by 63% of enterprises) the top responses were:

  • Expanding rearchitecting infrastructure (56% of respondents)
  • security breaches in the news (54% of respondents)
  • security breaches in their own organization (44% of respondents)

Further, these drivers were clearly influencing product requirements- with Advanced Threat Detection (sandboxing) the number 1 requirement, and even Antimalware rounding out the top 3 along with Stateful Firewall...well above traditional NGFW requirements like IPS and Application Control.

Times are definitely changing. And the good news is it seems that IT Security professionals and their enterprises are preparing as best they can. You are welcome to read the full survey report of your peers or listen to our discussion with John.

Cybersecurity market research: Top 15 statistics for 2017