The Federal Trade Commission is hiring a new chief information security officer to start the new year.
The annual salary range for the CISO position is $128,082.00 to $160,300.00, numbers that attracted controversy for being too low in a field where equivalent positions in the private sector can nab a candidate hundreds of thousands of more dollars per year. It’s even a bit lower than the salary offered for an open CISO position at Federal Student Aid, where you can earn up to $180,000.
The average CISO salary in Washington, D.C., is $225,000, according to an industry report from earlier this year, with the upper end hitting $334,000. In San Francisco, that number stretches higher to $380,000. Gregory Touhill, the U.S. CISO, can earn only up to $185,000. In addition to a lower salary, the FTC position comes with more bureaucracy and less authority on the job. All that adds up to many qualified candidates looking elsewhere.
“How the hell does the CISO of the FTC make less than I do working for tumblr and NYU?” Aloria, senior security engineer at Tumblr and professor at New York University, tweeted on Thursday. “I know public sector pays less, but I’d expect the CISO of the FTC to pay more than senior security engineer at a cat meme sharing site.”
Silicon Valley security and IT professionals chimed in, with many of them agreeing that compensation below the market rate will come back to haunt the federal government.
“New college grad generalist software engineers can come close to this in total [compensation],” Steve Weis, a software engineer at Facebook, tweeted. “FTC will get what it pays for.”
“Even the most patriotic of my infosec colleagues switched to contracting. You can’t pay for your kid’s braces with patriotism,” Aloria, who worked in government for seven years, added.
This conversation about a $160,000 salary must read like Greek to Americans who make the national average of around $51,000 per year. Even the average Washington, D.C., income, the highest in the nation, sits at $93,000 per year. And yet the fact remains that the federal salary offering is miles below market rate — a drop that will likely impact recruiting efforts once again.
President Obama’s Cybersecurity National Action Plan had called for a $19 billion investment in cybersecurity during fiscal 2017, a 35 percent increase over 2016. Congress did not address that proposal in the stopgap spending bill that runs through April 28.