"At a macro level, CISOs had a good year"
Oh really ? With all the breaches we've heard about ?
Some people are lucky.
The gap between the top and bottom-earning CISOs is growing wider, with the highest-paid execs having their salaries increased at three times the rate of those at the lower echelons. That's according to the latest results of IANS' survey of 600 US-based CISOs, which also found that most people working in the role are either …
Many shops I've gone (as a consultant), the "CISO" was actually doing the work of a security team lead, thinking they had a technical role in addition to a direct supervisory role over technical staff. Very few shops was the CISO given actual authority over building a strategy for the security program, the ability to craft a budget to execute that strategy.
Some of it was CISOs who refused to admit they were no longer in a technical role, but a managerial one. Other times, it was their own manager wouldn't give them the authority they needed to do their job. I've worked with CISOs who knew they were not a security analyst, not a security manager, or even director of security, but a CISO. It was very different in experience. I wonder, how many of these "CISOs" were doing the job of a CISO, how many were doing the job of a security team lead?