rx for managing your info/cybersecurityworkforce in the ...€¦ · applications networks security...
TRANSCRIPT
1 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Rx For Managing Your Info/Cyber
Security Workforce in the New Normal
of Big, More Complex, Faster Moving
2 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Immutable Truths
Without clear business alignment, your company will not prioritize security
A truly business-savvy CISO will have a truly
business-savvy strategy
If you can’t communicate your strategy
simply, you may as well not bother
If you can’t find (and keep) the right people to execute your strategy, you cannot succeed.
3 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Hard Reality
We have to manage,
people under some of the
most difficult conditions in
modern history.
Tech workforce chaos is everywhere.
4 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Foote Partners: Our Professional Roots
Corporate IT, Business
and HR executives
Foote Partners, LLC
Foote Research Group
(Est. 1997)
Our co-founders, senior partners and associates were formerly senior executives, analysts, consultants and practitioners at these companies.
5 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
• Benchmark and Trend Research: Research partnerships with 2,985 employers (255,600 IT professionals, 40+ industries)
– High-quality, carefully validated compensation benchmarks, continuously
updated
– Agile data engine aimed at decision support for anyone managing tech
resources and people
– Innovative data collection methodologies
– Large proprietary database
• Analyst Focus: User side IT human factors and labor markets
– Tech/business integration. Global IT workforce and skills evolution.
– IT-business value creation analysis and consulting.
– Organizational modeling and transformation
– Compensation and skills pay demand analysis and forecasting.
– IT-business hybrids
• Research & Advisory Customers: 4,200 employers, 23 countries
– SMB to the Fortune 10/Global 500, governments, not-for-profit orgs
Foote Partners Focus: TECH WORKFORCE
6 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
About Me…
• Gartner, META Group analyst and Service Director. Chief Analyst
& Chief Research Officer at Foote Partners.
• 10 years in Silicon Valley with high tech and consumer products companies, management consulting firm. Taught at Stanford B-
School.
• Pioneer: documented and published first U.S. and Canadian
salary and skills/certifications pay surveys for elusive tech jobs:
– 1994 – 1996: Web; Data Warehousing; Business Intelligence; Unix/NT Infrastructure; e-Commerce; Business Technology (hybrid IT-business jobs)
– 1998: SAP – 1999: IT skills/certs pay premiums and supply/demand analysis – 2006: Cloud computing – 2012: Epic Systems (EMR)
• Early career: HR and compensation manager
7 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
“40% of the companies in this room won’t
exist in a meaningful way in 10 years unless
they change dramatically.”
John Chambers, Chairman/Former CEO, Cisco
(WSJ conference, February 2015)
Hard Reality
8 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Fact: Change is Really Hard
Only 12% of Fortune 500 companies
from 1955 are still in the F500 today.
Of the companies that fell out, 50%
did so between 1999 to 2009.
9 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
The speed of technological change
right now is the slowest it will be in
your lifetime.
10 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
‘s
Disruptive Tech and Influencers
Applications Networks
Security
Systems
Database
Marketing
Finance/Acct
Distribution/
Logistics
Sales
HR
Operations
Help Desk/CC
11 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
These Disruptors Are Changing Everything We Know About Running a Business
• Internet of Things ($4-$11 trillion
economic impact by 2025)
• Machine language/auto-
mation of knowledge work ($5-$7 trillion impact)
• Mobility ($3-$6 trillion impact)
• Digital engagement
• Big Data, Information
Integration, Analytics
• Cloud computing esp. virtual
computing embedded in
cloud
• Cyberthreats, APTs
• Real-time DevOps and
Micro Service Architectures
• Carbon-reducing
technology/exponential
energy
• Telemedicine
• Emerging: − Cognitive computing
− AI
− Driverless vehicles
− Immersive interfaces − 3D/4D printing
12 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Business Value Ranking of These Disruptors
13 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Business Value Ranking of These Disruptors
14 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Disruption: Internet of Things
Source: McKinsey Global Institute
IoT demystified…
15 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
IoT Security Trends
• There will be 25 billion connected things by
2020 and as many as 1 trillion by 2025 by some
estimates.
• Gartner predicts that by 2020, more than 25
percent of identified cyber attacks in
enterprises will involve IoT
• IoT security market: $7 billion in 2015. But IoT
accounts for less than 10 percent of IT security
budgets on average (Gartner)
IoT is a key enabling technology for digital businesses.
16 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Securing IoT: The “Things”
Device Management/MEMS
Embedded systems, software and
design
Wireless sensor network design
Circuit design
Microcontroller programming
Machine learning
Sensor data analysis
Integration & Gateways
MQ Telemetry Transport
TCP/IP
IPV4 & IPV6
Programming
HOT JOBS
• Info/Cyber Security Engineers
• Info/Cyber Security Infrastructure
(cloud, network, SW
development) • Data Scientists
• Network Engineers
• Design Engineers
• Hardware Engineers
• GPS Development Engineers
• Electrical Engineers
• Network Engineer
• AI Engineers
17 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Securing IoT: Connecting “I” and “T”
HOT JOBS and SKILLS
• Cybersecurity – Visability, Analytics, Identity, Risk
• AI Experts
• UX/UI Designers
• Interaction Designers
• Visual Designers
• Product Designers
• Digital Product Designers
• BI Professionals
− JIRA, Confluence, Cognos,
Tableau, SSAS, SSIS, SSRS,
Advanced SQL and SAS
− Predictive Analytics
• NoSQL and NewSQL
• Apache Spark
• Machine Learning
• Data Mining
• Big Data
– Apache Hadoop, HDFS, Hbase,
MapReduce, Flume, Oozie, Hive,
Pig, YARN
• Cross-Skilling
– HW skills for software developers
– SW skills for hardware developers
• Communication interfaces
• Associative thinking
• Collaboration
• Pattern recognition
18 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
‘s Real, imagined
and unimagined security threats
Applications Networks
Security
Systems
Database
Marketing
Finance/Acct
Distribution/
Logistics
Sales
HR
Operations
Help Desk/CC
19 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Trends
20 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Growth
• Worldwide cyber security market grew to $75
billion in 2015, forecasted to reach $170 billion by
2020 driven by: aerospace, defense, and
intelligence verticals.
– HOT AREAS: Security analytics / SIEM; threat intelligence;
mobile security; cloud security.
• Prediction: The world will spend $1 trillion
cumulatively on cyber security products and
services to combat cybercrime from 2017 to 2021.
21 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Growth
• Prediction: Global annual cybercrime costs will
grow from $3 trillion in 2015 to $6 trillion annually
by 2021.
• Prediction: Overall security market will grow at a
7.8 percent CAGR through 2019 – The information security market is estimated to have
grown 13.9% in revenue in 2015 (constant currency), with
the IT security outsourcing segment recording the fastest
growth
22 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Workforce Trends
• Demand for cybersecurity professionals is growing
3.5 times faster than the overall IT job market and
12 times faster than the total labor market
• The demand for the cybersecurity workforce is
expected to rise to 6 million (globally) by 2019,
with a projected shortfall of 1.5 million cyber
security professionals
• More than 209,000 cybersecurity jobs in the U.S.
are currently unfilled, and postings are up 74%
over the past five years (analysis of numbers from
the Bureau of Labor Statistics).
23 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Workforce Trends
• Rand Corporation study estimates there are
around 1,000 top-level cybersecurity experts
globally vs. a need for 10,000 to 30,000.
• U.S. News and World Report ranked a career in
information security analysis eighth on its list of the
100 best jobs for 2015. They state the profession is
growing at a CAGR of 36.5 percent through 2022.
– Through 2018: Demand for information security
professionals is expected to grow by 53 percent through 2018.
24 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Spiceworks Study shocker
• Found that even though 80% of organizations
experienced a "security incident" in 2015, only 29%
of companies had a cybersecurity expert working
in their IT department
• Only 7% have a cybersecurity expert on their
executive team.
• 55% said that their business didn't have "regular
access" to any IT security experts at all, internal or
third-party, with the majority of companies also
reporting they had no plans to hire or contract one
within the next year.
25 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
ISACA/RSA Study
• 52% of global cyber security and IT managers and
practitioners said that “less than a quarter of
applicants for cybersec positions have the
necessary skills”
• 53% said it can take 3 to 6 months just to find a
“qualified candidate” and another 3 months to on
board them.
• Typical: unstructured security teams that do not
provide professional growth or continued
education opportunities
26 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
ISACA/RSA Study, cont’d.
• The few qualified cybersec pros are spread too thin
and tend to burn out quickly. Made worse by:
– Culture of paranoia and antagonism
– Performance measured based on breaches
– Salaries not high enough to compensate for the stress
A Theory
The real cause of the infosec talent shortage
isn’t lack of new people, but retention and
churn at the highest levels.
27 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Here’s Why It’s Hard to Find Cyber Security Talent in the Marketplace
• Consulting firms can offer things you can’t
• Large metropolitan regions monopolize talent pool
(D.C., No. VA, MD, CO)
• Short tenure of CISOs and most highly skilled cyber
staff
• Barriers: Industry, reporting structure, salary,
technology, learning potential, management
support
28 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Here’s Why It’s Hard to Find Cyber Security Talent
• Large institutions handicapped by specialization...
It can prevent career progression
• Looking in the wrong places
• Higher education is not producing enough cyber
security pros
• Companies internally develop skills but forget to
align with market pay levels
29 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Compensation for Info/Cyber
Security Jobs and Skills
30 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Definitions: Info vs. Cyber Security
• Information Risk Management
• Valuing Asset Inventory
• Risk Management
• Threat Intelligence and Analysis
• Identity
• Visibility
• Process Optimization and Agile Controls
• Data Management
Key functions of modern Cyber Security departments
31 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Jobs
• Cyber Security Analyst
• Cyber Security Engineer
• Cyber Security Specialist
• Cyber Security Architect
• Cryptography experts
• Cyber forensics experts
• Security Administrator
• Forensics Examiner,
Auditor, Systems Engineer
or Integrator
• Incident Handler
• Intrusion Analyst
• Malware Analyst
• Penetration Tester
• IT Security Risk Analyst
• Infosec Director or Mgr.
32 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Cyber Security Jobs are Different than
Infosec Jobs
• Cybersecurity positions are more likely to
require certifications than other IT jobs. 35% of
cybersecurity jobs call for an industry
certification, compared to 23% of IT jobs
overall.
• Difficulty finding specialized multidimensional
security professionals with seemingly endless
variations of tech, business, and ‘soft’ skills,
knowledge, and experience.
33 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Expanding Definition of ‘Tech Professional’
34 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
FP Research Partner Demographic (2,985 employers)
• 18% of participating organizations have $5 billion+ in sales/$15+
billion in total assets
• 28% of participating organizations earn more than $1 billion in
annual revenues or more than $5 billion in total assets
• 46% of participating organizations have $500+ million in sales/$1+
billion in total assets/$500+ million in premiums/$500+ million
operating budget (government, educational, not-for-profit)
• 54% of participating organizations fall in the SMB (small-to-
medium sized business) segment, generally defined as
organization under $500 million in sales.
• 5% of participating organizations are: Public Sector with
operating budgets of $500 million or more; 4% are Not-For-Profit
and Educational sectors with operating budgets $100 million to
less than $500million
35 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Foote Partners IT Skills and Certifications Pay Benchmark Surveys
• IT Skills and Certifications Pay IndexTM
• IT Skills Demand and Pay Trends ReportTM
• IT Skills and Certifications HOT LIST Forecast
• IT Skills & Certifications Volatility IndexTM
36 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Foote Partners 2016
IT Compensation
Survey and
Job/Role Definition
Product Map
Foote Partners Overview: IT Compensation Benchmark Research
IT Professional
Salary Survey
(202 Jobs, 36
IT job families)
IT Skills & Certification
Pay IndexTM
(885 skills/certs)
IT Salary+Skills Pay
Survey Reports
Survey Demographics• 65 US/18 Canadian cities• 255,600 IT workers
• 2,985 employers• 45+ industries
• Updated continuously.
Salary Reports
• by job family
• by job family clusters
• for individual jobs in
selected cities
SALARY+SKILLS REPORTS AVAILABLE:
• Applications Development
• Big Data
• Business Analysts/Business Technology
• Database • Data Warehousing/Business Intelligence
• E-Commerce
• IT Architecture
• Microsoft Windows
• Networking Operations & Engineering • Project Management
• SAP
• IT Security
• Systems Engineering and Administration
• Web/I-net
Long-form
Job Descriptions• updated continuously
• comprehensive, includes
internal/external relationships key
to job success; skills and
certification; detailed experience factors.
Short-form Job Profiles (JD excerpts)
JOB FAMILIES AVAILABLE: - Big Data - Business Technology
- Business Applications Delivery- Cloud Computing - Data Analytics- Data Management- Data Warehousing/BI- Database Administration- Database Developers - DevOps- Digital Product Development- e-Commerce/e-Business- Enterprise Applications- Enterprise Infrastructure- Epic Systems - Help Desk- IT Architecture - IT Security- Internets/intranets/extranets- Java Developers- Lotus Notes/Domino- Messaging- Mobile Computing- .NET Developers- Network Eng. & Operations- Project Management- SAP- Six Sigma- Software Quality Assurance- Storage/SAN/NAS- Systems Eng. & Operations - Unix/NT/Linux- Voice Engineering- Web/I-net
IT Infrastructure Survey IT Base Positions
Survey
IT Skills Volatility Index
IT Skills HOT LISTS Forecast
IT Skills Demand and Pay Trends
Report
37 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
• First(1999) and only comprehensive continuous IT
skills pay and demand survey
• Verified skills pay premiums data: 69,900
IT professionals in US and Canada
• Current market pay premiums for 880 certified and
noncertified tech skills (10th/50th/90th percentiles
reported)
• IT skills and certs market trends: historical, current,
forecasts
IT Skills and Certifications Pay IndexTM 3Q 2016 data edition (through 10/1/16)
38 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
What Are Individual IT Skills/Certs Earning? Certified vs. Noncertified, 2000 to 2016
10.2
9.23%
7.95
7.68%
3.0%
4.0%
5.0%
6.0%
7.0%
8.0%
9.0%
10.0%
11.0%
What is an Individual IT Skill or Certification Worth? Quarterly Average Median Pay for 880 Skills/Certs Since 2000
(expressed as equivalent percent of base salary)
Source: Foote Partners' IT Skills and Certifications Pay IndexTM,2000 - 2016 editions
NOTE: Values are expressed as % of base salary but may or may not be paid as part of salary.
412 IT Certifications(Median average for a single cert)
468 Noncertified Skills(Median average for a single skill)
© 2016 Foote Partners LLC
U.S. Unemployment Rate(at end of each quarter)
39 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Change in Average Premium Pay
by Category
IT CERTIFICATIONS CATEGORIES
# of certs
surveyed 3Q 2014 3Q 2015 3Q 2016
% Change
3 mos
% Change
6 mos
% Change
ANNUAL
% Change
2 yrs
Foundation level and Training 8 3.0% 4.3% 4.0% 0.0% -3.0% -5.9% 27.0%
Apps Development/Prog. Languages 46 6.5% 6.7% 7.0% 2.7% 4.1% 4.9% 7.9%
Database 38 7.8% 7.7% 7.7% 0.1% -0.9% -0.1% -1.4%
Web Development 11 2.9% 2.8% 2.8% 0.0% 0.0% 0.0% -3.1%
Networking & Communications 86 5.9% 5.8% 5.6% -2.2% -2.6% -2.7% -5.3%
System Administration/Engineering 97 6.8% 7.0% 6.9% -1.9% -1.9% -2.2% 0.9%
Information Security 80 9.0% 9.3% 10.3% 3.8% 7.5% 10.7% 15.0%
Architecture/Project Management/Process 46 11.0% 10.9% 10.9% 0.2% 1.2% 0.2% -0.6%
ALL CERTIFICATIONS REPORTED 412 7.2% 7.5% 7.7% 0.66% 1.93% 2.94% 7.25%
(expressed as a % of
base salary)
Average Pay - Single Cert
Certified IT Certs Pay: 3/6/12/24 mo. Trends (through 10/1/16)
Certification Pay Premiums by Category (median)
(through 10/1/16)
Source:
Foote Partners LLC, 2016 IT Skills & Certifications Pay Index – Q3 2016 edition
40 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
2%
4%
6%
8%
10%
12%
IT Certifications Premium Pay - by Category, Last 13Years
Information Security
Database
Architecture/Project Management/Process
Web Development
Foundation level & Training
<--ALL CERTS
Apps Dev/Program
Languages
Systems Admin/Eng.
(Values expressed as equivalent of % of base salary)
13%
Networking/Comm.
Right now…… IT Certification Market Pay Vectors (412 certifications reported)
Source:
Foote Partners LLC, “IT Skills & Certifications Pay
Index” (data through 4/1/2016)
41 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
APO
ISACA Certifications P10 Median P90 3 mos. 6 mos. 1 year
Certified in Risk and Information Systems Control (CRISC) 10% 13% 15% 18.2% 18.2% 8.3%
Certified Information Security Manager (CISM) 11% 13% 15% 8.3% 8.3% 8.3%
Certified Information Systems Auditor (CISA) 9% 12% 14% 0.0% 0.0% 0.0%
CSX CyberSecurity Practitioner (CSXP) 9% 12% 14% na na na
Certified in the Governance of Enterprise IT (CGEIT) 9% 12% 14% 20.0% 20.0% -7.7%
AVERAGE 9.6% 12.4% 14.4%
QUARTER Delta 3Q2016 vs. 2Q2016 10.2%
6 Mos. DELTA: 3Q2016 vs 1Q 2016 15.3%
ANNUAL 3Q2016 vs. 3Q2015 5.5%
2-YEAR 3Q2016 vs. 3Q2014 1.2%
Growth/Decline in market
value
Pay Premium as Equivalent
% of Base Salary - 3Q 2016
ISACA, Cybersecurity Certifications Pay: 3/6/12/24 mo. Trends (through 10/1/16)
Source: Foote Partners LLC, 2016IT Skills & Certifications Pay Index – Q3 2016 edition
APO
Other Cyber Security Skills/Certifications P10 Median P90 3 mos. 6 mos. 1 year
Certified Cyber Forensics Professional 15% 18% 20% 0.0% 12.5% na
Certified Forensic Computer Examiner (CFCE) 13% 16% 18% 6.7% 23.1% 23.1%
Cryptography (encryption, VPN, SSL/TLS, Hybrids) 11% 14% 16% -6.7% 0.0% 16.7%
Cybersecurity 14% 17% 19% 0.0% 0.0% 6.3%
CyberSecurity Forensic Analyst (CSFA) 13% 16% 18% 0.0% 0.0% 0.0%
EC-Council Certified Ethical Hacker (CEH) 9% 12% 14% 9.1% 9.1% 9.1%
EC-Council Computer Hacking Forensic Investigator (CHFI) 12% 15% 17% 0.0% 25.0% 25.0%
GIAC Certified Forensics Analyst (GCFA) 12% 15% 17% 7.1% 25.0% 36.4%
GIAC Certified Forensics Examiner 13% 15% 17% 9.0% 9.0% 20.0%
Growth/Decline in market
value
Pay Premium as Equivalent
% of Base Salary - 3Q 2016
Data available
by request
Data available
by request
42 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Highest Paying Security Certifications
Source: Foote Partners LLC, 2016IT Skills & Certifications Pay Index – Q3 2016 edition
Certifications - Info/Cyber Security P10 Median P90
Certified Cyber Forensics Professional 15% 18% 20%
GIAC Security Leadership(GSLC) 14% 16% 18%
Certified Forensic Computer Examiner (CFCE) 13% 16% 18%
CyberSecurity Forensic Analyst (CSFA) 13% 16% 18%
GIAC Reverse Engineering Malware (GREM) 12% 16% 18%
GIAC Certified Forensics Examiner 13% 15% 17%
GIAC Exploit Researcher and Advanced Penetration Tester (GWAPT) 13% 15% 17%
GIAC Web Application Penetration Tester (GWAPT) 13% 15% 17%
EC-Council Certified Incident Handler 12% 15% 17%
EC-Council Computer Hacking Forensic Investigator (CHFI) 12% 15% 17%
GIAC Certified Forensics Analyst (GCFA) 12% 15% 17%
InfoSys Security Architecture Professional (ISSAP/CISSP) 12% 14% 16%
GIAC Enterprise Defender (GCED) 11% 14% 16%
GIAC Secure Software Programmer--Java 11% 14% 16%
Certified Information Security Manager (CISM) 11% 13% 15%
Certified Information Systems Security Professional (CISSP) 11% 13% 15%
InfoSys Security Engineering Professional (ISSEP/CISSP) 10% 13% 16%
Certified in Risk and Information Systems Control (CRISC) 10% 13% 15%
EC-Council Licensed Penetration Tester (LPT) 10% 13% 15%
Pay Premium as Equivalent
% of Base Salary - 3Q 2016
Data available
by request
43 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Highest Paying Security Certifications
Source: Foote Partners LLC, 2016IT Skills & Certifications Pay Index – Q3 2016 edition
Source: Foote Partners LLC, 2016IT Skills & Certifications Pay Index – Q3 2016 edition
Certifications - Info/Cyber Security P10 Median P90
Certified Cloud Security Professional 10% 12% 14%
Certified Fraud Examiner 10% 12% 14%
Check Point Certified Security Master (CCMA) 10% 12% 14%
GIAC Certified Penetration Tester (GPEN) 10% 12% 14%
EC-Council Certified Security Analyst (ECSA) 10% 12% 13%
Certified Computer Examiner (CCE) 9% 12% 14%
Certified Information Systems Auditor (CISA) 9% 12% 14%
CSX CyberSecurity Practitioner (CSXP) 9% 12% 14%
EC-Council Certified Ethical Hacker (CEH) 9% 12% 14%
GIAC Assessing Wireless Networks 9% 12% 14%
GIAC Certified Intrusion Analyst (GCIA) 9% 12% 14%
GIAC Secure Software Programmer-- .NET **retired** 9% 12% 14%
InfoSys Security Management Professional (ISSMP/CISSP) 9% 12% 14%
Certified Healthcare Information Security and Privacy Practitioner (ISC2) 9% 11% 13%
GIAC Certified Perimeter Protection Analyst (GPPA) 9% 11% 13%
GIAC Systems and Network Auditor (GSNA) 9% 11% 13%
EC Council Certified Network Defense Architect Certification 8% 11% 13%
GIAC Certified Incident Handler (GCIH) 8% 10% 13%
Check Point Certified Security Expert (CCSE) 8% 10% 12%
CompTIA Security+ 8% 10% 12%
Professional Certified Investigator 8% 10% 12%
Check Point Certified Security Administrator (CCSA) 7% 10% 12%
Security Certified Network Architect (SCNA) 7% 10% 12%
Pay Premium as Equivalent
% of Base Salary - 3Q 2016
Data available
by request
44 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Highest Paying Noncertified Security
Skills
Source: Foote Partners LLC, 2016IT Skills & Certifications Pay Index – Q3 2016 edition
APO
Security noncertified skills P10 Median P90
Cybersecurity 14% 17% 19%
Security architecture and models 14% 17% 19%
Security skills (DW/BI, ERP, Web, project assigments) 12% 15% 17%
Mobile security 11% 13% 15%
Cloud security 9% 12% 14%
Secure software development 9% 12% 14%
Data security 9% 11% 13%
Virtual security 8% 10% 12%
Wireless security 7% 9% 11%
SAP Security 7% 9% 11%
Network security management 6% 8% 10%
Pay Premium as Equivalent
% of Base Salary - 3Q 2016
Data available
by request
45 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
3Q 2016 Salaries: Info/Cyber Security
Sr. Cyber Security Specialist
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $99,467 $107,435 $117,119 $118,554 $129,534 $139,893
National: Highest $148,950
National: Lowest $101,035
Bonus (Actual) - National $13,041
Total Cash - National $131,595
Cyber Security Specialist
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $83,898 $90,471 $98,788 $99,998 $110,165 $117,997
National: Highest $125,636
National: Lowest $85,221
Bonus (Actual) - National $10,500
Total Cash - National $110,497
Source: Foote Partners LLC, 2016 IT Professional Salary survey – Q3 2016 edition
46 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
3Q 2016 Salaries: Info/Cyber Security
Sr. Information Security Analyst
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $95,378 $105,704 $114,907 $116,315 $128,083 $138,880
National: Highest $145,089
National: Lowest $99,423
Bonus (Actual) - National $11,631
Total Cash - National $127,946
Information Security Analyst
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $76,245 $83,584 $91,857 $92,982 $102,735 $111,021
National: Highest $115,843
National: Lowest $79,382
Bonus (Actual) - National $6,416
Total Cash - National $99,398
Source: Foote Partners LLC, 2016 IT Professional Salary survey – Q3 2016 edition
Security Architect
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $102,592 $110,978 $120,684 $122,212 $134,819 $150,125
National: Highest $153,509
National: Lowest $103,845
Bonus (Actual) - National $10,999
Total Cash - National $133,211
47 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
3Q 2016 Salaries: Info/Cyber Security
Sr. Security Administrator
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $59,638 $71,510 $81,602 $82,601 $94,562 $107,381
National: Highest $103,686
National: Lowest $70,141
Bonus (Actual) - National $5,782
Total Cash - National $88,383
Security Administrator
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $52,026 $61,302 $71,186 $72,058 $83,409 $93,675
National: Highest $90,451
National: Lowest $61,188
Bonus (Actual) - National $3,603
Total Cash - National $75,661
Source: Foote Partners LLC, 2016 IT Professional Salary survey – Q3 2016 edition
48 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
3Q 2016 Salaries: Info/Cyber Security
Data Warehouse/Business Intelligence Security Manager
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $99,722 $109,150 $121,624 $123,114 $140,025 $153,892
National: Highest $154,734
National: Lowest $104,674
Bonus (Actual) - National $14,774
Total Cash - National $137,888
Web Security Manager
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $92,225 $100,735 $112,480 $113,858 $128,898 $142,323
National: Highest $143,101
National: Lowest $96,804
Bonus (Actual) - National $13,663
Total Cash - National $127,521
Source: Foote Partners LLC, 2016 IT Professional Salary survey – Q3 2016 edition
49 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
3Q 2016 Salaries: Info/Cyber Security
Manager, Information Security
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $99,432 $108,631 $121,270 $122,756 $139,468 $153,445
National: Highest $154,090
National: Lowest $104,239
Bonus (Actual) - National $14,731
Total Cash - National $137,486
Vice President, Information Security
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $111,908 $141,674 $172,584 $174,857 $197,950 $215,074
National: Highest $219,491
National: Lowest $148,480
Bonus (Actual) - National $31,474
Total Cash - National $206,331
Director, Information Security
10th 25th 50th Average 75th 90th
U.S. National Average (65 cities) $122,083 $134,607 $148,761 $150,720 $170,842 $188,400
National: Highest $189,193
National: Lowest $127,985
Bonus (Actual) - National $27,130
Total Cash - National $177,850
Source: Foote Partners LLC, 2016 IT Professional Salary survey – Q3 2016 edition
50 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Is It Time to Change Your
Security Management Model?
51 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Source: US State of
Cybercrime Survey (PwC,
CSO Magazine, Carnegie
Mellon, US Secret Service)
Demographic:
500 executives of US
businesses, law
enforcement services,
and government
agencies.
52 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Is It Time to Change Your Security Model?
Source: CIO, CSO, Computerworld (n=287)
56% said 3 years or more
53 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Lack of Dedicated Security Pros
Source: CIO, CSO, Computerworld (n=287)
*Only 37% have dedicated security staff
54 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Workforce Trends
Source: EY’s Global Information Security Survey 2015
55 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Security Spending Accountability
How are you tracking security spending?
Source: SANS Institute
56 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Is It Time to Change Your Security Model?
Source: CIO, CSO, Computerworld (n=287)
57 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Source: US State of
Cybercrime Survey (PwC,
CSO Magazine, Carnegie
Mellon, US Secret Service)
Demographic:
500 executives of US
businesses, law
enforcement services,
and government
agencies.
58 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Where Should Info/Cyber Security Be on the Corporate Org Chart?
IT Department/ Telecomm
Purchasing Department
Accounting Department
Operations Group
Risk Management Department
Product Development
Marketing Department
Office of the General Counsel
Info/Cyber Security
Each of these constituents have a big vested interest
59 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Workforce Trend: CISO Attributes
• Source: Ernst &
Young
Source: IDG
60 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
CIO Archetypes as CISO Archetypes?
Key competencies
61 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
CIO Archetypes as CISO Archetypes?
Source: State of the CIO 2008, CXO Media Inc; CIO Role and Success Factors, Foote Partners, LLC, March 2008
Business StrategistTransformational LeaderFunctional HeadCIO Role
Primary
Activities
Key
Characteristics
Description
Key FocusEnterprise strategy and
competitive differentiation
Alignment with business
process transformationOperational excellence
Driving business strategy for competitive advantage, activities extend across the enterprise and beyond.
Creating change through business partnerships; activities centered on IT process re-engineering and automation.
Activities intended to achieve IT operational excellence.
Developing/refining business strategy
Understanding market trends
Developing external customer insight
Developing business innovations
Identifying opportunities for competitive differentiation
Reengineering or developing new sales and distribution channels
Redesigning business processes
Aligning IT initiatives & strategy with business goals/strategy
Cultivating the IT/business partnership
Leading change efforts
Implementing new systems and architecture
Mapping IT strategy to overall enterprise strategy
Managing IT crises
Developing IT talent
Improving IT operations
Improving system performance
Security management
Budget management
Focuses on the entire enterprise
Locates opportunities for competitive advantage and differentiation
Develops business innovations
Acts as “trusted advisor” to C-suite leaders
Builds IT/business/customer linkages
Excels at architecture and planning
Concentrates on IT efficiency and operational competence
Drives standardization
Measures and monitors continuously
Business StrategistTransformational LeaderFunctional HeadCIO Role
Primary
Activities
Key
Characteristics
Description
Key FocusEnterprise strategy and
competitive differentiation
Alignment with business
process transformationOperational excellence
Driving business strategy for competitive advantage, activities extend across the enterprise and beyond.
Creating change through business partnerships; activities centered on IT process re-engineering and automation.
Activities intended to achieve IT operational excellence.
Developing/refining business strategy
Understanding market trends
Developing external customer insight
Developing business innovations
Identifying opportunities for competitive differentiation
Reengineering or developing new sales and distribution channels
Redesigning business processes
Aligning IT initiatives & strategy with business goals/strategy
Cultivating the IT/business partnership
Leading change efforts
Implementing new systems and architecture
Mapping IT strategy to overall enterprise strategy
Managing IT crises
Developing IT talent
Improving IT operations
Improving system performance
Security management
Budget management
Focuses on the entire enterprise
Locates opportunities for competitive advantage and differentiation
Develops business innovations
Acts as “trusted advisor” to C-suite leaders
Builds IT/business/customer linkages
Excels at architecture and planning
Concentrates on IT efficiency and operational competence
Drives standardization
Measures and monitors continuously
62 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Workforce Trends
• IDC predicts that by 2018, fully 75 percent of chief
security officers (CSO) and chief information security
officers (CISOs) will report directly to the CEO, not the
CIO.
• Prediction: The chief risk officer will be in heavy
demand position within the next five years – a single
leader who can create a culture of security, map
organizational structures, and set budgets.
– Role will oversee all areas of risk exposure: IT risk, physical
security, personnel security and protection of assets
including intellectual and reputational capital.
63 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Things you need to be thinking
about now*
(*if you want to keep your job)
64 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Two things that are working for
reducing Cyber Security
human capital chaos:
People Architecture
Agile Compensation
65 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Managing People Can Be Architected?
Yes! People Architecture is about marrying old and new
processes, programs, practices and technology into an agile, forward-focused enterprise operational HCM model
precisely tuned to:
Aggressive, constantly shifting business strategies
Fluid organizational and skill requirements
Volatile labor markets
Corporate cultures that
resist change
Performance philosophies that
need to work to get the best
out of your people
66 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Advantages of Any Type of Architecture
• Improved decision making
• Minimization of unwanted circumstances
• Improved adaptability to changing
demands or market conditions
• Elimination of inefficient or redundant
processes
• Optimizing the use of your assets
67 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Info/Cyber Security People Architecture Domains
• Job design, definition, and documentation
• Compensation design, structure and
benchmarking
• Incentive design and recognition practices
• Skills demand analysis, acquisition and pay
• Job/career paths and professional development
• Hiring, retention and motivation
• Work/life balance
• Governance
68 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
PArch inserts a new HR foundation under what’s already there
Option 1: You can keep much of what
you already have but strengthen and
rebuild foundational systems to reduce
severity of workforce problems (e.g.
staff retention, skills acquisition, talent
recruiting)
‘Clean sheeting’ your HR systems and practices isn’t realistic no matter how
broken they are. But incrementally strengthening the human capital mgt
foundation over time---and in a big way---is what People Architecture enables.
Option 2: You can replace HCM systems,
programs and practices with more
effective ones (in phases), while also
building a stronger foundation and
adding new critical capabilities for
future requirements.
Post Hurricane Sandy renovation
Post Hurricane Sandy new construction
69 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Tips for Building a Great Security Team
• Rethink everything
– Continually assess where you are and where
you need to be
• Formalize underserved functions
– EX: form a crisis management team assigned
to handle the unexpected
• Demand proven business skills
• Create a communications czar for security
– Your PR representative in the enterprise,
focusing on teachable topics
70 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Tips for Building a Great Security Team
• Nurture dissent
– Get everything out in the open so it can be
discussed and decided
• Search globally, promote internally, leverage
mobility
– Be what your talent wants
71 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Tips for Retaining a Great Security Team
Know who you want to keep around, train them, and pay
them what they’re worth if you expect to keep them
Ensure employees have access to coaching
Change up project assignments
Give them somewhere to vent
Provide opportunities for career development
Encourage continued education
Give them metrics to measure success
Train your talent on how to approach stressful situations
Promote work-life balance
Keep the job interesting
Don’t enforce ranks when it comes to ideas
72 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Questions CISOs Should Be Probing
• How well do you understand what surviving in the
digital world means for you and your
organization?
• What are the threats and vulnerabilities you
should fear?
– Do you really have confidence in your understanding of the
threats/vulnerabilities in the digital world?
– Have you done the work and thinking required to determine
how that threat landscape applies to your organization and
strategy and prioritized cybersecurity measures around this?
– Do you know how to set your risk appetite to determine the
acceptable and unacceptable loss and harm from potential
incidents as part of developing your cyber breach response
management program?
73 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Questions CISOs Should Be Probing
• Can you stop the attacks?
– How can you protect your organization against a cyber incident if you do not know what it is the attackers are
targeting?
– How will they be able to gain access and how would this
damage you and your critical assets?
– Do you fully understand your organization’s ability to
respond, contain and recover from an attack?
• What are the worst case scenarios?
• How are you detecting the small, subtle signs?
• Is “high alert” your constant state?
74 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Questions CISOs Should Be Probing
• What needs to be improved?
– What information about my organization/business is available to
any attacker? How could they use it?
– What sort of attackers are my more likely adversaries :
Hacktivists? Criminal networks looking for things to sell?
Fraudsters? Nation-state attackers?
– What are their capabilities (e.g., likely resources, timeline,
technical capabilities, ability to recruit insiders)?
– For each of the more likely adversaries, what are they likely to be
interested in? (Match this to your list of what really matters to
your organization/business — your “crown jewels.”)
– How vulnerable are these desired targets/assets, and how could
they be exploited?
75 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Questions CISOs Should Be Probing
• What needs to be improved, cont’d?
– What specific paths might the adversaries take to their
desired target (e.g., through an air-conditioning system,
through a payment system, by recruiting an insider, by
spear-phishing board members or targeted employees
who have access)?
– What are the most effective counter-measures?
– What more can I learn from previous encounters with
adversaries?
76 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Keep Your Cybersecurity Strategy
Simple
• Identify your digital assets
• Conduct a holistic risk assessment
– Combining low level technology with business driven aspects
of security.
• Assure continuous monitoring
• Visibility + Analytics
– They’re already in the front door. How do you respond
effectively: how do they attack quickly, how do you reduce
their time in your networks, how to you do with incident
response. When did they get in, how bad was the
compromise, what was taken, what’s the root cause?
– Visibility is about collecting data. Analysis is how you glean
insight from the data and take meaningful action based on
visibility
77 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Keep Your Cybersecurity Strategy
Simple, cont’d.
• Identity
– Only the right people can access the right things at the right
time.
• Risk: the language of the board and senior execs
– How to translate technical details in ways they can
understand, e.g. Business Continuity, IP violations, brand
reputation
• Business context around threats
78 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
• Technologies and processes you must have now
– Security analytics
– Full packet capture
– Provide visibility across the enterprise
– Handle identities comprehensively, e.g. lifecycle, governance
• Biggest shifts in priorities and capabilities
– From prevention, AV, IPS to detection/response, visibility,
machine learning, AI to security as a business risk issue, period.
Getting past tools and technology
– Insider threats, identity assurance(letting the good guys in)
visibility + analytics (keeping the bad guys out), biometrics,
image recognition, continuous monitoring,
• Make vendors compete in a result-oriented RFP
Keep Your Cybersecurity Strategy
Simple, cont’d.
79 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Six Steps to a Better Security Strategy
1. Become A Credible Stakeholder Understand your organization.
Know the personalities
2. Connect With The Business Understand current business strategies
Get to know business projects. Pick up on pet projects
Align with goals and metrics.
3. Find The Gaps: Clear view of security risks that are
most threatening to your company Record control gaps and vulnerabilities.
Identify and quantify risks.
Identify potential controls.
80 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Six Steps to a Better Security Strategy
4. Identify Security Challenges Monitor regulatory activity.
Track relevant news stories
Watch the activity of your peers and competitors.
Anticipate new technology projects
5. Brainstorm New Opportunities New technology offers new possibilities
Hidden process improvements can appear.
6. Bring It All Together Generate the big list. Collate the identified security tasks, removing
duplicates, into one comprehensive list of security activities associated
with known business plans — a potentially big list
Create security initiatives.
Connect security initiatives to business interests
Agree on priorities
81 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
For additional information contact: FOOTE PARTNERS LLC 4445 North A1A, Suite 200 Vero Beach, Florida 32963 USA Tel: 772-234-2787 Fax: 775-262-6619 www.footepartners.com
Foote Partners, LLC Foote Research Group
www.footepartners.com
82 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Foote Partners Information
83 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Canadian Cities Surveyed
Tier 1 U.S. Cities Surveyed Atlanta, GA
Boston, MA
Chicago, IL
Dallas, TX Detroit, MI
Houston, TX Los Angeles/Orange Cty
Miami, FL
Minneapolis, MN New Jersey/Northern
New York, NY Philadelphia/So. NJ
Phoenix, AZ
San Diego, CA San Francisco, CA
San Jose, CA Seattle, WA
St. Louis, MO
Washington, DC Westchester County, NY/Lower
Fairfield Cty, CT
Tier 2 U.S.Cities Surveyed
Greenville/Spartanburg/
Oakland/Walnut Creek/
Calgary, ALTA
Edmonton, ALTA
Halifax, NS
Hamilton, ONT
Kitchner, ONT
London, ONT
Mississauga, ONT
Montreal, QUE
Oshawa, ONT
Ottawa, ONT
Greensboro/Winston Salem, NC
Anderson, SC
Hartford, CT Indianapolis/Ft Wayne Kansas City, MO
Las Vegas, NV Long Island, NY
Louisville, KY Memphis, TN
Madison, WI
Milwaukee, WI
Nashville, TN New Orleans, LA Norfolk/Virginia Beach/
Newport News, VA
Concord CA Oklahoma City, OK
Orlando, FL Peoria, IL
Omaha, NE
Pittsburgh, PA Portland, OR
Princeton/So. NJ Providence, RI
Raleigh/Durham, NC
Sacramento,CA
Salt Lake City, UT San Antonio, TX
Tampa, FL
Upper Fairfield County/ New
Haven, CT
Tulsa, OK
Albuquerque/Santa Fe,NM Austin, TX Baltimore, MD
Birmingham, AL
Charlotte, NC
Cincinnati, OH
Cleveland/Akron,OH
Columbus OH
Colorado Springs, CO
Dayton, OH
Denver, CO
Grand Rapids, MI
Des Moines, IA
Quebec, QUE
Regina, SASK
Saskatoon, SASK
St. Catherines, ONT
Toronto, ONT
Vancouver, BC
Windsor, ONT
Winnipeg, MAN
Memphis, TN
Buffalo, NY
Foote Partners Overview: Data and Analytical Research Geography
Boulder, CO
Boise, ID
84 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
• Audit, Control, Governance
• Big Data and analytics
• Business Intelligence; Data Warehousing; Data
Management
• Business Process Improvement
• Business Transformation Capability Planning and
Management
• Business Value Measurement, Analytics and
Management
• Centralization, standards and governance
• CIO/IT executive management
• Cloud computing
• Collaboration, workflow and productivity
• CRM
• Enterprise Architecture
• Enterprise Project Management
• HR Systems
• IT Human Capital Management
• Information Security
• International HR Management, incl. expatriate
and specialty HR program development and
management
• IT Executive/Professional Salary, Bonus, and Skills
Compensation
• Leadership Development
• Managed services
• Mobile platform computing
• Networking and Communications
• Offshore Outsourcing (ITO, BPO, BTO)
• Organizational Change/Transition
Management
• People Architecture
• Process Improvement/MOC
• Quality management (ITIL, CMM, Lean Six
Sigma)
• SaaS/hosted productivity applications,
PaaS (platform as a service)
• SAP/ERP
• Service-oriented architectures (SOA)
• Six Sigma
• Social media value creation
• Staffing augmentation
• Stakeholder planning and management
• Succession Planning
• Total Rewards/Workforce Retention
• Virtualization, VDI, virtual appliances
• Web-oriented architectures (WOA)
Business, IT and HR Advisory Areas
Foote Partners Overview
85 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
• Market Intelligence and Analysis
• Competitive Benchmarking
• Market Research and Analysis
• Opportunity Analysis
• Competitive Product/Service Pricing
and Positioning
• Market Planning and Strategies
• Product/Service Assessments
• Organizational Assessments
• End User Requirements
• Strategic Planning
• Business Planning
• Risk Assessment
• Technology Evaluations
• Product Positioning
• Pricing and Cost Analysis
• Customer Satisfaction
• Cost/Benefit Evaluations
• Due Diligence
• Stakeholder Analysis, Planning
and Management)
Market and Competitive Intelligence
Foote Partners Overview
86 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
Foote Partners Overview
Management Consulting / Custom Advisory Services
People Architecture
IT Market and Workforce Intelligence
Business Intelligence/Analytics
IT Executive & Professional Compensation
International HR and Expatriate Administration
Enterprise Capability Planning/Process and Capability
Management (new-gen EA)
IT Management & Organization Services
Professions and Retention Services
Outsourcing/Offshoring/Strategic Resource Management
Organization/Transition Management
Corporate Strategy and Business Development
87 Foote Partners, LLC
Foote Research Group © 2016 Foote Partners LLC, Vero Beach, FL - USA, (772)234-2787 www.footepartners.com
• IT Professional Salary SurveyTM reports (207 positions)
• IT Skills and Certifications Pay IndexTM (880 skills)
• IT Salary+Skills Pay Survey TM reports
• IT Insider Professional Job DescriptionsTM
• Additive Matrices (job definition/design; career paths)
• IT Skills Demand and Pay Trends ReportTM
• IT Skills and Certifications HOT LIST Forecast
Foote Partners People Architecture Tools
2016 IT Professional
Salary Survey
1st Quarter data edition
U.S. cities
2016 IT Skills &
Certifications Pay
Index
835 Skills and Certifications
January 2016 Update
2016 IT Skills and
Certifications
Volatility Index
January 2016 Update
2016 IT Skills
Demand and Pay
Trends Report
January 2016 Update