Washington, DC continues to deliver on startup tech potential — The Tech Tribune recently highlighted 20 technology companies to watch heading into 2020. Combined with increasing federal investment in IT solutions and the infrastructure needed to support these new deployments, there’s a growing market for IT professionals in the DC area.
While front-line technology experts and mid-level administrators are in demand there’s an increasing need — and shortage of — IT security professionals. C-level positions such as chief information security officer (CISO), for example, are now enterprise priorities but often difficult to fill: The level of expertise and experience needed to take on the challenges of a CISO role effectively means that companies won’t hire just anyone — instead, they’ll wait to find IT pros with the right mix of in-situ skills and in-demand certifications.
The Certified Chief Information Security Officer (CCISO) certification combines infosec best practices with real-world applications to verify both the knowledge and abilities of prospective CISOs — but is CCISO training worth it in Washington, DC?
Here’s what you need to know.
Does my Company Need a CISO?
Not every company needs a CISO. Smaller startups are often able to manage data security by combining in-house IT talent and outsourced IT resources, but as organizations add both employees and connected devices the need for centralized security management becomes critical. The result is a rapidly-expanding market for security talent that’s often under-served by available professionals — some lack the experience while others require the training to handle CISO responsibilities effectively.
What does this mean for your infosec career? That as both IT infrastructure and attack surfaces expand, the need for talented CISOs will rapidly increase. Even if your current company doesn’t need a CISO — or if the job is already taken — opportunity abounds.
What’s the Role of a CISO in Washington, DC?
Before taking on CCISO training to earn your certification, it’s worth making sure the CISO role aligns with your IT interests and skill set. While individual CISO roles vary according to company need, typical responsibilities include:
- Managing security operations — As noted by CSO Online, CISOs are tasked with conducting real-time analysis of immediate threats and implementing quick responses when attacks occur.
- Overseeing cyber intelligence initiatives — CISOs are also responsible for cyber intelligence initiatives that focus on identifying current IT weaknesses and preparing for new security threats.
- Preventing data loss — Data protection is critical to business success; CISOs must develop strategies and implement policies that defend data from both internal misuse and external attacks.
- Deploying security architecture — To increase overall network security, CISOs oversee infosec budgets, new solution spending and security architecture deployments at scale.
- Implementing identity and access management — IAM tools ensure that the right people have the right access to the right data for the right reasons. CISOs must both implement and configure these solutions to enable necessary employee access without compromising overall security.
How Much do CISOs Make?
Just as the role of CISOs isn’t set in stone, salaries aren’t static. The not-so-good news? With CISOs positions still in a state of flux, there’s no standardization around precisely what these C-suite leaders are worth. The much better news? Companies are well aware of the growing cybersecurity skills gap and recognize the need to attract highly-skilled, certified CISOs. As a result, salary ranges for this job tend to outperform similar C-suite roles and often provide a significant amount of corporate autonomy.
What does this mean in practice? Large enterprises operating in dense urban areas will typically pay more for CISOs — often between $380,000 and $420,000 for experienced professionals, according to Cybercrime Magazine. Startup companies and those in more remote locations, meanwhile, will likely land in the $150,000 to $200,000 range.
How do I get Started with CCISO Training?
CISOs are in demand, and CCISO training is worth it to tap the growing tech culture in Washington, DC. So how do you get started with CCISO certification?
First up are experience requirements. This course is designed for experienced IT professionals with at least five years of experience across three of the five CCISO domains:
- IS Management Controls and Auditing
- Management of Projects and Operations
- Information Security Core Concepts
- Strategic Planning and Finance
After completing the Exam Eligibility Application, IT pros must complete a 4-hour, 250-question exam with a score of at least 70 percent to earn CCISO certification.
Next, it’s worth considering your training approach. While no formal coursework or training is required, CCISO-specific offerings can help hone existing skills and refresh key knowledge areas to maximize your success rates on the CCISO exam. If CCISO is the eventual goal but you’re still building up experience and improving your skills, consider other certifications such as CEH, CHFI or ECSA to help jumpstart your cybersecurity career and get you on track for CCISO training.
Infosec professionals are in-demand, and C-suite security experts are quickly becoming a top priority for DC-area companies. Help get your resume to the top of HR shortlists with CCISO training and certification.