Today, CISO (chief information security officer) is an indispensable employee in a large enterprise. Its main task is to organize and control the whole range of activities, the purpose of which is to prevent the leakage of confidential data, espionage, and information attacks. The well-being of the company largely depends on how well a person is selected for the post of the chief information security officer. Thus, if you want to occupy this position you need to prepare a professional CISOresume that will help you get the job.
The chief of information security officer should in every possible way ensure the safety of the company’s core assets.These include the following:
The chief of information security officer must monitor from the beginning to the end both the development and implementation of the best corporate material protection strategy.
The CISO specialist has the following functions:
As a rule, the responsible specialist focuses on security and technical functions, while strategic and advisory services take second place. Meanwhile, managers want the chief of information security officer not to concentrate exclusively on technical issues and give enough time to the general policy of his direction.
It is desirable for chief of information security officers to have a specialized higher education in the specialty of information security. It is assumed that after completing such a faculty, a person will have all the necessary skills to work in the department of information security. The training program includes a number of general cultural and important professional competencies, the study of which creates the basis for the formation of a specialist.
However, these standards can’t eliminate all problems related to the training of such employees as the chief of the information security officer. In many respects, the reason for the shortage of professional personnel is the incorrect approach to training in the field of information security as such. For the appearance of of notable improvements in this field, it is necessary that an accurate interpretation of existing legal and regulatory documents is formed in the professional community.
Today, higher education institutions lag behind the rapidly developing demand for knowledge, which modern employers expect from graduates. Universities cannot promptly adjust their educational programs and adapt to the current situation. It is also necessary to carefully select the teachers who are able to provide training for the specialty that is in demand today. These are also equally important:
In other words, existing educational standards need serious improvement in order to correspond to the realities of life.
Employers also need to remember that information protection and information security are different specialties, each of which has its own specifics. And it is desirable that the person responsible for this direction has the appropriate level of training.
At the moment, the situation is such that even employees with higher education need additional training, which is becoming one of the important items of company spending.
Based on the data presented on the websites for the placement of vacancies, the average salary of the chief of an information security officer with experience of 1–3 years is from $73,200 to$79,500. This applies to the junior specialists with little experience, according to professional requirements and duties.
Duties of junior specialists include:
The requirements for junior chief of information security officer include:
As can be seen from the description, the job looks more like a system administrator with a bias in internet security rather than only the chief of information security officer. It is difficult to single out any specifics in skills. However, if you’re looking for a job as a junior chief of information security officer, itis best if you indicate these skills in your CISO resume.
Specialists with experience of 3–6 years are called middle specialist. This role requires you to have more skills and experience but the level of salary is also higher. These specialists, as a rule, have a good technical background (system administration, search for constraints), know how to work with applications, as well as understand various techniques and methodology. These experts can be divided into two areas – attack and defense. There are almost no universal specialists at this level. The average salary for the middle chief of the information security officer is from $100,200 to $150,000 a year.
CISO specialists with experience from 5–6 years are called senior. As a rule, this is the leading position – the head of the security analysis department, the Head of Information SecurityManagement Department, analyst, a large sale of IB-vendor, and a pentester. The salary level is from $180,000 to $250,000.
There are few people from this category and, as a rule, they are known in the industry. These are specialists who are well versed in the subject area and have expert qualifications in a narrow specialization. The experience of speaking at conferences or other public activity is welcomed, so the candidate follows trends and receives a timely assessment of the professional community.