How Much to CISOs Make?

How Much to CISOs Make?
CISOs are sometimes referred to as "data sheriffs" because they patrol virtual space to prevent crime. Image from Pixabay
Eddie Huffman profile
Eddie Huffman April 4, 2023

A Chief Information Security Officer is a relatively new designation, but the profession is growing every day. Companies are beginning to recognize that maintaining a company’s digital security is critical to their survival. The CISO oversees all aspects of the business having to do with information security.

Cybersecurity and I.T. Degree Programs You Should Consider

Article continues here

It started in 1994 with a $10 million bank hack. A young Russian computer programmer stole millions from Citibank in New York. In response, the company hired Steve Katz, the world’s first chief information security officer (CISO).

Cyber threats have grown exponentially in the decades since, with no signs of a slowdown. Cyber fraud grew by almost 500 percent from 2016 to 2021, with hacks costing $180 for each file accessed.

Today, cyber attacks occur every 39 seconds or 2,244 times per day, on average. The average data breach costs $3.9 million.

To combat these threats, corporations, government agencies, and other institutions have hired CISOs. In this article we’ll look at how to become a CISO, what the job involves, what it takes to land such a position, and how much CISOs make. We’ll discuss:

  • What is a Chief Information Security Officer?
  • How do I become a Chief Information Security Officer?
  • How much does a Chief Information Security Officer make?
  • Earning an appropriate master’s degree online

What is a Chief Information Security Officer?

In this era of ransomware, malware, phishing, denial-of-service attacks, and other threats, cyber security has become an essential function of any business or organization. Chief information security officers (CISOs) safeguard data and information.

The role of the CISO typically depends on the size of the organization. At large companies and institutions, the CISO oversees an in-house team of security professionals. Smaller entities may contract out security work, which the CISO manages.

As the “chief” name implies, CISOs act as sheriffs, overseeing the people and operations protecting an organization. Common responsibilities of this executive-level position include:

  • Overseeing security operations
  • Evaluating IT threats
  • Preventing fraud and data loss
  • Formulating policies and controls
  • Managing access to resources
  • Spearheading audit and compliance initiatives
  • Reporting to officers and directors

The CISO’s primary responsibility is “to create a strategy that deals with ever-increasing regulatory complexity, creating the policies, security architecture, processes, and systems that help reduce cyber threats and keep data secure,” according to ZDNet. “Compliance is a key element of the role, as is understanding risk management.”

What sort of employers need a CISO?

Who needs CISOs? Banks, government agencies, movie studios, manufacturers, universities… basically, any operation that reaches a significant scale. A recent scan of CISO job listings on Indeed showed openings at the Federal Aviation Administration (FAA), Sony Pictures Entertainment, Vistrada, West Virginia University, and Suffolk County, New York, among others.

Most medium-to-large organizations have decided they need an executive-level staff member in charge of information security. About 55 percent of all companies had a CISO in late 2021, with 58 percent of the rest indicating a need for one, according to Navisite.

The proportion of companies with a CISO increases among larger outfits. A 2020 study by IDG found that 61 percent of companies surveyed had a CISO. That number rose to 80 percent among large organizations.



In its 2022 Cybersecurity Workforce Study, (ISC) estimates the size of the the global cyber security workforce at 4.7 million. It also indicates that the current workforce is 3.4 million workers short. That’s over 3 million positions waiting to be filled by qualified cyber security experts (nearly half a million of them in North America alone). (source)

According to the Bureau of Labor Statistics, top-paying employers in cyber security analytics include those in:

- Information services: $149,500
- Securities, commodity contracts, and other financial instruments: $142,000
- Research and development in the physical, engineering, and life sciences: $129,000
- Scientific research and development services: $128,500
- Software publishers: $126,000
- Publishing: $125,700

The average salaries of professionals with a Master's degree are between $91,000 and $109,000, respectively. About half of all professionals in this field hold a graduate degree. (source)

University and Program Name Learn More

How do I become a Chief Information Security Officer?

A C-suite job like CISO requires years of education and work experience, as well as considerable technical expertise. While there’s no definitive rule for the amount of work experience needed to land a CISO job, most sources agree that you’ll need a work history dating back a decade or more, with considerable security experience and five-plus years in management.

In terms of technical expertise, EC-Council says employers may look for experience or qualifications in:

  • Governance, risk, and compliance
  • Information security controls and audit management
  • Security program management and operations
  • Information security core competencies
  • Strategic planning, finance, procurement, and third-party management

Education and training

CISO candidates need a bachelor’s degree in computer science or a related field. A master’s degree with a concentration in cyber security will give you a competitive edge. Many organizations will only consider candidates with advanced degrees.

Some schools offer master’s degrees in information management, including The University of Washington. A master’s degree in cyber security, such as the one offered by The University of Tulsa, is a good way to position yourself as a potential CISO candidate.

Licensure and certifications

Certifications and licenses can also boost your expertise and demonstrate the breadth of your knowledge. The Cyber Tech Academy at San Diego State University offers a suite of 14-week certificate programs in:

  • Artificial Intelligence for Cyber Security
  • Cloud Security and Governance
  • Cyber Governance and Risk Management
  • Cyber Security in Healthcare
  • Ethical Hacking

Medium recommends the following certifications for aspiring CISOs:

Finding a job

Once you’ve put in the years earning degrees and certifications and learning the ropes, it’s time to make the leap to an executive-level CISO job. Your current employer may offer an opportunity, or you can look around for good leads elsewhere.

Darren Argyle, CISO at the Australian airline Qantas and a veteran of IBM and Symantec, offered several recommendations to CSO Online: “Firstly, get a mentor, then start making your personal brand shine by sharpening up your CV or LinkedIn, ask for recommendations, write articles you’re passionate about. Ask around for the good headhunters and gauge the market.”

How much does a Chief Information Security Officer make?

CISO is a powerful, high-stress position and pays accordingly. Six-figure salaries are common, though reports of average salaries vary dramatically from source to source.

Indeed falls on the low end of the scale, putting the average CISO salary at $125,000 per year. ZipRecruiter puts the average considerably higher at $194,600 per year.

Other sources put the average above $200,000. Glassdoor lists an average salary of $156,700, but reports that additional pay from cash bonuses, commissions, profit sharing, and other sources boost that amount to $215,800. puts the average $235,600, with a range falling between $209,700 and $266,700.

Earning an appropriate master’s degree online

Plenty of opportunities exist for earning an online master’s degree in cyber security, information management, and other disciplines to position you for a CISO post. The University of Tulsa program mentioned above is geared toward working professionals and 100 percent online.

Online options for master’s degrees in cyber security include:

(Last Updated on February 26, 2024)

Questions or feedback? Email

About the Author

Eddie Huffman is the author of John Prine: In Spite of Himself and a forthcoming biography of Doc Watson. He has written for Rolling Stone, the New York Times, Utne Reader, All Music Guide, Goldmine, the Virgin Islands Source, and many other publications.

About the Editor

Tom Meltzer spent over 20 years writing and teaching for The Princeton Review, where he was lead author of the company's popular guide to colleges, before joining Noodle.

To learn more about our editorial standards, you can click here.


Cybersecurity and I.T. Degree Programs You Should Consider


You May Also Like To Read

Categorized as: CybersecurityInformation TechnologyInformation Technology & Engineering