ASK THE RECRUITER
FROM THE EDITORS AT CYBERSECURITY VENTURES
Jeremy King — our guest expert and cybersecurity recruiter — is President of Benchmark Executive Search, a committed boutique who is laser focused on serving clients with their expertise, deep knowledge, and trusted network in IT and Cyber Security, National Security, and Corporate Security. Their expertise is leading retained search engagements to recruit C-level and VP-level talent as well as individuals for board of director roles, nationally.
Patriotic cyber warriors now helping corporate America to defend their networks.
– Steve Morgan, Editor-In-Chief
Menlo Park, Calif. – Feb. 1, 2017
In this edition of Ask The Recruiter, we check in with our guest cybersecurity executive recruiter Jeremy King on the topic of military cyber defenders. Jeremy shares his unique insights around the trends, pay scales, and hot skill sets in connection with these top security professionals.
Top cyber experts in the commercial sector can earn 5x what their counterparts in the military earn. Yet more pay — sometimes as much as $500,000 to $1 million annually — is not the number one reason why military cyber leaders are going to work for U.S. corporations.
There’s been a lot of talk about ex-military cyber men and women crossing over to the commercial sector. Is there a real trend there?
Jeremy King: Only trained experts can create and improve a threat mitigation and cyber defense plan. And only people can implement and execute that plan. In a people-process-technology equation, without top talent nothing improves. The stakes are too high, especially for public companies, not to have a true cyber A-team. So where are so many companies (from public companies to VC and PE backed growth companies) finding these cyber stars? The U.S. Government; the majority with deep military or intelligence community experience.
For decades, these patriotic warriors have helped protect America’s secrets, networks and mitigate national security threats. They are now using their knowledge and unique insight to help corporate America protect its secrets, networks and mitigate risks (both external and internal). So why are so many leaving the government to join the commercial sector now? In our experience working with hundreds of these individuals, the number one reason is not a big bump is compensation. That is always nice and the driver for some; however, the top reason is because commercial capabilities are now crucial to the national security mission, and the commercial sector will always be more agile and innovative. The passion they have to serve their nation never leaves them. Now they are providing a dual-use solution, the U.S. Government and commercial customers. Here’s an article with additional insight.
What’s the pay differential between military / federal cyber executives (i.e. CISOs) compared to the commercial sector?
Jeremy King: As an employee at an agency in the U.S. Government, they follow the U.S. Civil Service pay scale. It goes from GS-1 to GS-15, the highest level. Even the most talented producers who climb to GS-15 level max-out making $133,000 per year, even the top cyber experts protecting our networks and infrastructure. For the select few that are promoted to Senior Executive Service (SES), they max-out making around $200,000 per year. Unlike the private sector, there are no large bonuses or stock options.
Recruiting firms are busy matching executive cyber A-players to support their forward-thinking clients. The largest companies and biggest brands can offer the seven-figure comp packages to the very best cyber talent. Although there are only so many of these elite jobs, there are senior roles where comp packages range from $500,000 to $1 million for CISOs and CROs. Mid-sized and smaller public companies typically pay in the $250,000 to $500,000 range (total comp) for their senior cyber and risk executives. Smaller private companies find it difficult to compete for top talent in this elite pool. What these companies can’t offer in cash comp, they can make up in pre-IPO equity. Top technical managers and individual engineers making the transition from government can expect to roughly double their salary, not to mention the potential value of RSU’s from public companies or stock in private companies.
What are some of the most in demand skills, positions and expertise corporate America is desperately seeking to protect and defend their assets?
Jeremy King: The hottest searches the past few years in the upper management cyber ranks are CISOs, CSOs, and CDOs. The new trends are Chief Risk Officers (CROs) and board members with cyber/risk management expertise. Here are some skills most in demand, whether a full-time employee or outsourced service provider/consultant.
- Red Team hackers who find vulnerabilities in your defenses
- Insider threat experts who map out risky behavior of your employees
- Legal and governance experts who provide a playbook and framework to implement
- Tier-1 consulting firms who offer cybersecurity as a service
- Executive protection experts
- Proven trainers who offer a comprehensive guide and experts to teach your team to create a “culture of security”
- Incident response experts who do breach analysis and remediation
- Crisis management pros who prepare the Board/C-level with a communications strategy when the inevitable breach or ransomware hack happens
- Threat intelligence experts who can evaluate your threat landscape
- Independent advisers who can navigate the complex landscape of products and recommend tailored cybersecurity solutions
- Critical infrastructure protection experts
- Security experts who can help design and manage security operations centers
Here is a useful Tech Salary Guide for 2016 highlighted by CIO.com.
– Jeremy King is founder and President of Benchmark Executive Search. A proven search consultant with 20 years of experience, he specializes at the intersection of VC/PE backed technology innovators, government contractors and federal mission needs matching them to senior cyber/national/corporate security executives and board members.
Stay tuned for the Q2 2017 edition of Ask The Recruiter.
— Steve Morgan (@CybersecuritySF) June 17, 2017
— Steve Morgan (@CybersecuritySF) October 27, 2016
— Mimecast (@Mimecast) February 10, 2017
— Technology Experts (@IDGCN) October 25, 2016
— Dillon Townsel (@DilTown) March 3, 2017
— Computerworld (@Computerworld) September 14, 2016