Today, CISO (chief information security officer) is anindispensable employee in a large enterprise. Its main task is toorganize and control the whole range of activities, the purposeof which is to prevent the leakage of confidential data,espionage, and information attacks. The well-being of the companylargely depends on how well a person is selected for the post ofthe chief information security officer. Thus, if you want tooccupy this position you need to prepare a professional CISOresume that will help you get the job.
The chief of information security officer should in everypossible way ensure the safety of the company’s core assets.These include the following:
The chief of information security officer must monitor from thebeginning to the end both the development and implementation ofthe best corporate material protection strategy.
The CISO specialist has the following functions:
As a rule, the responsible specialist focuses on security andtechnical functions, while strategic and advisory services takesecond place. Meanwhile, managers want the chief of informationsecurity officer not to concentrate exclusively on technicalissues and give enough time to the general policy of hisdirection.
It is desirable for chief of information security officers tohave a specialized higher education in the specialty ofinformation security. It is assumed that after completing such afaculty, a person will have all the necessary skills to work inthe department of information security. The training programincludes a number of general cultural and important professionalcompetences, the study of which creates the basis for theformation of a specialist.
However, these standards can’t eliminate all problems related tothe training of such employees as the chief of informationsecurity officer. In many respects the reason for the shortage ofprofessional personnel is the incorrect approach to training inthe field of information security as such. For the appearance ofnotable improvements in this field, it is necessary that anaccurate interpretation of existing legal and regulatorydocuments is formed in the professional community.
Today, higher education institutions lag behind the rapidlydeveloping demand for knowledge, which modern employers expectfrom graduates. Universities cannot promptly adjust theireducational programs and adapt to the current situation. It isalso necessary to carefully select the teachers who are able toprovide training for the specialty that is in demand today. Theseare also equally important:
In other words, existing educational standards need seriousimprovement in order to correspond to the realities of life.
Employers also need to remember that information protection andinformation security are different specialties, each of which hasits own specifics. And it is desirable that the personresponsible for this direction has the appropriate level oftraining.
At the moment, the situation is such that even employees withhigher education need additional training, which is becoming oneof the important items of company spending.
Based on the data presented on the websites for the placement ofvacancies, the average salary of the chief of informationsecurity officer with experience of 1–3 years is from $73,200 to$79,500. This applies to the junior specialists with littleexperience, according to professional requirements and duties.
Duties of junior specialists include:
The requirements for junior chief of information security officerinclude:
As can be seen from the description, the job looks more like asystem administrator with a bias in internet security rather thanonly the chief of information security officer. It is difficultto single out any specifics in skills. However, if you’re lookingfor a job as a junior chief of information security officer, itis best if you indicate these skills in your CISO resume.
Specialists with experience of 3–6 years are called middlespecialists. This role requires you to have more skills andexperience but the level of salary is also higher. Thesespecialists, as a rule, have a good technical background (systemadministration, search for constraints), know how to work withapplications, as well as understand various techniques andmethodology. These experts can be divided into two areas – attackand defense. There are almost no universal specialists at thislevel. The average salary for the middle chief of informationsecurity officer is from $100,200 to $150,000 a year.
CISO specialists with experience from 5–6 years are calledsenior. As a rule, this is the leading position – the head of thesecurity analysis department, the Head of Information SecurityManagement Department, analyst, a large sale of IB-vendor, and apentester. The salary level is from $180,000 to $250,000.
There are few people from this category and, as a rule, they areknown in the industry. These are specialists who are well versedin the subject area and have expert qualifications in a narrowspecialization. The experience of speaking at conferences orother public activity is welcomed, so the candidate followstrends and receives a timely assessment of the professionalcommunity.