A version of this post originally appeared in the Cyber Saturday edition of Data Sheet, Fortuneâs daily tech newsletter.
A security engineer who goes by Aloria posed a blunt question on Twitter last week: âHow the hell does the CISO [Chief Information Security Officer] of the FTC make less than I do..?â asked Aloria, who works for Tumblr â a place she describes as a âcat meme sharing site.â
Aloriaâs tweet, included a link to a job opening at the federal consumer protection agency, which promises to pay up to $160,000 for a CISO. In response, I questioned (perhaps impolitely) whether the point was a fair one. After all, the FTC is the public sector and, for many Americans, $160K would be a very fine salary to live in Washington, DC.
But suffice to say Twitter sided with Aloria in no uncertain terms. A group of security types piped up and said, in effect, âyou get what you pay for, and no CISO worth her salt is going to take a big pay cut to muck around at some agencyâthatâs why government IT is so crummy.â Meanwhile, a recent report suggests the median CISO salary is $204,000 nationwide, and $225,000 in Washington.
I understand the argument, but am still not sure I agree. First, the government is never going to compete with the private sector on wages. All it can offer is some prestige (perhaps) and a sense of public mission. And even if we agree the FTC should pay more, who among you would like to pay more tax to make it happen? I thought so. And keep in mind, this is one security officer at one agency. Any proposed pay raise would also have to be replicated for specialized jobs across the civil service.
Meanwhile, Geoff Belknap, the chief security officer of business messaging service Slack joined in to argue that it takes money to attract crucial skills âand that the âmore taxâ argument is too simplistic.
So there you have it. The debate remains open. Weâll see how President Trump addresses this perceived security skill shortage in government.
