The Situation Report: What is a Federal CISO Worth?


Are you wondering what happened to the big Federal chief information security officer announcement that your humble correspondent and just about every other tech media outlet said back in June was imminent? Truth be told, so am I.

(Update: Less than 24 hours after this installment of The Situation Report hit the presses, U.S. Chief Information Officer Tony Scott announced Gregory Touhill had been named to the Federal CISO post—exactly 212 days after the search began.)

But The Situation Report has the benefit of an intelligence collection network that is reporting some interesting twists and turns in the White House’s search for the government’s first Federal CISO.

First, the title Federal CISO sounds like it will pack a lot of punch, doesn’t it? Well, that may be true, but my Oval Office listening post is reporting that the job will almost certainly not punch the authority or salary that the most qualified candidates will expect.

Several agency CISOs, who spoke to The Situation Report on condition of anonymity, openly scoffed at the mere mention of the position. “The last thing I need is another boss,” said one CISO, referencing the many layers of oversight at both the agency and congressional levels that must be managed.

The Situation Report also received interesting intelligence on the massive salary discrepancy between the Federal CISO job (with all of its trappings of national responsibility and the likelihood of having one’s head put on a platter) and CISO jobs of similar stature in the private sector.

The high end of the Federal CISO’s earning potential is a mere $185,000 per year. One of the leading candidates for the job is already at that earnings level for senior executives. The other major candidate, which The Situation Report is keeping under wraps given the sensitive nature of the discussions, would fall right in the sweet spot in terms of salary but doesn’t bring nearly enough experience or name recognition to the table.

The average salary of the top seven Federal CISOs capable of doing the job (or under active consideration) is $162,534 per year. The average private sector CISO position pays $224,000 per year, according to IT and cybersecurity recruiting firm SilverBull. And if you really have the chops, you might land a gig on the high end of private sector CISO earnings potential—$346,000 per year—and you could find yourself starting work in about 47 days. By comparison, as of this writing the Federal CISO job has been open for 211 days.

But the hits just keep on coming. Let’s say you’re a government CISO in Washington, D.C. You’ve laid down some roots in the area and, alas, the new Federal CISO gig looks like it’s not going to happen for you, or, worse, the offer lands in your inbox less than three months before the new president-elect gets to name his or her new team. Fear not, there are a few dozen senior CISO jobs open in the National Capitol Region and the better ones can land you up to $379,000 a year.

Tired of the back-stabbing wonks of Washington? Head West young man, or woman. San Francisco has some CISO gigs open at an average salary of $278,000 per year. Maybe you will land that diamond in the rough at $430,000 per year.

Yes, these are some outrageous numbers for most government IT professionals—especially those who do the real work, out of the spotlight, because of a desire to serve. But let’s face it: Any reasonable security professional looking at the current situation with the Federal CISO position has serious questions, I’m sure. Like, what authority will I have? What will happen to my career if I’m at the helm for a mere three months, only to have another major data breach occur?

I look at the earnings data, I read these questions, and I hear San Francisco calling.

Got a Situation to Report? Send it to

Dan Verton
About Dan Verton
MeriTalk Executive Editor Dan Verton is a veteran journalist and winner of the First Place Jesse H. Neal National Business Journalism Award for Best News Reporting -- the highest award in the nation for business/trade journalism. Dan earned a Master's Degree in Journalism and Public Affairs from American University in Washington, D.C., and has spent the last 20 years in the nation's capital reporting on government, enterprise technology, policy and national cybersecurity. He’s also a former intelligence officer in the United States Marine Corps, has authored three books on cybersecurity, and has testified on critical infrastructure protection before both House and Senate committees.
No Comments

    Leave a Reply