Historic IT Compensation analysis by Janco Associates shows that the Vice President of Technical Services has fared better in organizations of all sizes over the past five years than CIOs.
Since 2013 mean compensation for CIOs in large organizations has risen by 7.5% from $181,240 to $194,841 ($13,601). At the same time, in those same organizations, the VP of Technical Services compensation has risen by 19.7% from $140,267 to $167,961 ($27,653). In addition CSOs, also topped CIOs in large enterprises with an increase of 14.2%.
In midsize enterprises CIOs, in the same five years saw their compensation rise by 9.6% or $15,523. However, the VP of Technical Services saw their compensation increase by $17,991 or 13.8%.
That does not mean that CIOs are doing poorly. Rather the difference in compensations has eroded a bit in the past few years.
Minimize breach response cost with operational strategy
While the costs of a data breach can vary widely on a case-by-case basis, CIOs who understand the drivers behind the expense will be better positioned to take steps needed to protect their organization.
Here are 6 way to minimize breach response cost:
Eliminate data you do not need.
You can potentially dramatically reduce your exposure by destroying records of past customers. You cannot lose data if you do not save it. In 2015 one company served 69 million customers, yet when they were breached that year, they exposed 78 million records. The extra nine million records most likely come from former customers. Each of these individuals had to be notified and offered credit monitoring, driving up costs.
Do not store street address if there is no real business requirement.
When a breach occurs, companies are typically required to notify affected individual via old-fashioned, handwritten “snail mail.” But they can use alternative methods of notification, such as email or public announcement if they do not have a valid mailing address. Physical, written notifications can cost up to $2 per person, and the cost quickly adds up. It may be worth asking twice what the business need for those customer addresses is and considering not capturing these addresses to reduce the exposure to notification requirements.
Utilize logs to prove proof a breach or data loss did not occur.
One industry study shows that in 44% of incidents, public notification is not required. To avoid notification, companies must prove that, even if they were attacked, no records were improperly accessed. To do so, they use systems logs. Without logs, a company may be forced to assume a breach occurred because it cannot prove otherwise.
Follow PCI rules and protect credit card data.
For breaches that involve credit card data, reimbursing card companies for fraudulent transactions can amount to a staggering cost, from $3-$30 or more per card. New chip cards are designed to reduce fraud, and early data show they are having the intended effect – MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.
Use experts who know the breach response landscape.
Your breach response effort is not a good time to reinvent the wheel. Missteps happen fast and have serious consequences. Credit monitoring alone can cost $5 to $30 per person. Data breach specialists, such as PR consultants or data privacy lawyers, often have seen as many as hundreds of data breaches and are highly practiced at helping you craft a genuine story that keeps confusion – and costs – down.
Be prepared for additional audits and compliance reviews.
In the wake of a breach, a company may be audited and investigated by a number of regulatory agencies. While it’s not guaranteed to occur, it is likely, and there are simple steps you can take to prevent sensational fines if it does. To start, CIOs and CFOs should be strong advocates for the implementation of the security controls recommended by external auditors or by regulators themselves.
High Unemployment continues to persist in four states: Alaska – 6.7%; New Mexico – 6.6%; District of Columbia – 6.9%; and Louisiana 5.7%. All four of these states have had a dismal recovery.
It is not clear what it will take to get the people in those states back to work. In the case of the District of Columbia, with the emphasis of reduction in the size of goverment, unemployment will stay high.
Both Alaska an Louisiana should have a clear path to recovery with the emphasis on energy independence. New Mexico is an unknown at this time.
Full employment states
There are 21 states that are in a full employment mode. That is the best it has been since early in the George W. Bush administration.
All but 2 of these states (New Hamphsire and South Dakota have unemployment rates that are lower than they were in the same month of the year as last year.
In the case of IT job market, that is a very good sign.
Unemployment Levels over 6% in 12 states Unemployment Levels over 6% in 12 states State Unemployment Levels Unemployment Levels by State — The National unemployment data provides a measure of the health...
H-1B visa holders paid less. According to the latest filings by Apple Computer. 99.6% of the 4,807 visa applications for the current year have a “stated” average salary that is less than the going rate for the current year.
Granted that Apple may pay individuals more than is stated in the application, but they do have the option to pay less. That is the core of the issue with the H-1B visa program as it is implemented today.
The question is the program to be be altered in such a way to eliminate the possibility that companies like India based outsources can use the program for their own profit at the expense of US workers’.
In our next IT salary survey we will address this issue this issue in depth. Janco’s survey is an industry standard and is (and has been) used by over 3,000 organizations in the US and Canada, In addition, the results of the survey have been published in the Wall Street Journal and CNN to mention a few media outlets.
Several major unions and governmental agencies use the survey for setting pay grades and overall compensation levels.
CIO role changes and faces new challenges – no longer just a technologist now a business partner
The role of the CIO and CTO is changing as more enterprises more towards a “Value Added” role for the Information Technology function. The Strategic Implications of each type of technology are different. The CIO, as a result needs to be able to adapt qucikly
The job of overseeing technology at corporations is changing as fast as the technology itself. No longer is the chief information officer the “nerd-in-chief,” merely chasing after viruses and ordering new mouse pads. Now the CIO is finding ways to utilize hardware and software for strategic business purposes, such as discerning market opportunities and improving customer service. The high-tech tools of choice can include sophisticated data mining like social networking, and enhancements to the company website.
As the CIO’s role changes, a key question for the chief executive is whether the individual in that position can handle all of these new challenges. Today, the CIO often is working directly with all of the other C-Level executives. He or she now has to undertake customer-service, marketing, and new-product analysis. This can require “people” and analytic skills in addition to advanced e-knowledge. CIOs are called upon to think like business people.
Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments. Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.
This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.
Here are top 10 best practices for WYOD:
Have a strategy for how, when and why WYOD devices can be used
Implement an acceptable use policy
Identify the connectivity options that are available to both internal and external users
Approved devices should be easily connected to the available secure access points
Define a management process for the WYOD devices
Plan for the activity WYOD devices will add to the network
Make collaboration tools a priority
Secure the end points and isolate sensitive/confidential information and locations
Be prepared for little to no advance notice on upgrades
10 best practices electronic meetings 10 best practices electronic meetings 10 best practices electronic meetings have been identified by Janco Associates, Inc. They are: Have an agenda that is available...
10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...
Why H-1B is wrong solution – a question that we have been asked
Why H-1B is wrong solution – a question that we have been asked by a number of reporters (see press release). Below are two tables that Janco has created in getting the answer to that question.
Below are some of the questions that we were asked by a reporter for a national publication.
Reporter: Is the Information Security Analysts job the only H-1B security job in your findings?
Janulaitis: Yes, that is the only pure security role. However, there are individuals who have those skills and are classified as Network and Computer Systems Administrators. They fill some of the roles of the security analysts.
Reporter: Do you have any insights into whether that number is so low because. A) no company’s are looking abroad for security skills. or B) people with these skills are applying but not getting accepted?
Janulaitis: First there has to be demand for that role. Many C-Level executives do not feel comfortable with security being done by non-US workers who are not on shore and/or are outsourced.
When C-Level executives have a choice, the idea that an H-1B is responsible for security is not one they relish. They need some assurance that H-1B employees will remain with the company. There have been too many hacks that have taken place where immediate response is required. There is less control when the individual is an H-1B employee that is a contractor. Companies like Microsoft and Apple (vs Tata’s) offer real opportunities for security specialists. These are US companies, not outsourcers, and have a long term view. I know both Microsoft and Apple have good internal training programs in place with real career paths for the “best of breed” technologist that they hire with H-1Bs.
Reporter: Do you think that IT security and cyber-security skills should be given special consideration for H-1B visas? Under the proposed revamping of the program that may include moving to merit-based selection program rather than a pure lottery system.
Janulaitis: In general, all H-1B visas should be merit based. My feeling is that the first choice for jobs should be US nationals who are qualified, then foreign nationals who are graduates of US Universities and want to become US residents and lastly, graduates of foreign Universities who want to become US residents. The idea that there is a lottery and companies like Tata win a large number of positions that they then use to “replace” US workers does not make any sense at all. The purpose of the program is to give the US a competitive edge in technology not reduce cost for US corporations.
Reporter: The question is being raised because the global demand for cyber-security workers is expected to reach 6 million by 2019. There is a projected shortfall of 1.5 million qualified security pros. More than half of organizations today say that finding and recruiting talented IT security staff with the right skill sets is a “significant” or “major” challenge.
Janulaitis: First we start to educate our IT pros in the disciplines required. Then have jobs for them when they graduate and there will be much less of a need for “foreign” workers. It should be a H-1B requirement that these individuals have a “desire” to become full time US residents. If companies like Tata game the system, they should be penalized. Perhaps they could be required to post a bond of say 20% of the annual salary be put in trust. That would be returned when the individual qualifies to be a permanent resident. If they do become full time residents within a specified period, then the bond would be forfeited and the individual would have to leave the US. We need to take the profit out of gaming the H-1B program.
Reporter: Any other insight you might have into this would be greatly appreciated.
Janulaitis: Companies like Tata should not be allowed to get the number of H-1B visas they do. They are gaming the system by creating US subsidiaries that are just a shell to get revenue out of the US and not necessarily help the US to be a technology leader. The focus of the H-1B program should be to get foreign nationals that are world class to come to the US, become full time residents, and contribute to our society. Currently students come to the US and take the limited number of advanced degree slots available we have and are capping the number of US nationals who can fill them. It is not the US’s role to educate the world. We need to do everything possible to have H-1B visa holders stay here. It is not good when over 75% graduates leave and go back to place like China and India.
I believe much of the problem we have is due to our educational system. We need to have more of a focus on math and science and less on social engineering. As a county we spend more on education but rank behind Poland. We have a bias towards foreign nationals in our graduate and doctoral programs. We need an educated population of college graduates who focus on both math and the science. Then we need to have jobs for the individuals that have STEM (Science, Technology, Engineering and Math) degrees. That includes undergraduate as well as masters and doctoral degrees. It is much easier to grow our skill base if we have the professors who can teach those subjects. China, for example, is graduating more students from it universities in robotics on an annual basis than we have in total.
Changing H-1B visa program should be a priority. There are too many companies that need top IT talent. We should not waste H-1B visas on companies that want to reduce costs. It would be better to pay foreign nationals who bring value to The US economy. There is no way that we can maintain a leadership position in IT by cutting costs and eliminating US based jobs and resulting experience and training.
The current H-1B system is being gamed by outsources. That just has to stop. Suggestions for changes that should be made are:
Eliminate the lottery.
Give priority to only those companies who have graduates from US universities. Do not allow companies to use foreign nationals who have not attended US universities. At the same time allow for exceptions for individuals who command salaries in excess of US median salaries for positions in question. Include a bond equal to 20% of annual salaries. Refunded to companies after individual becomes a full time resident.
3. Certify companies are NOT just replacing US nationals for profit. If they are, do not allow them to get any future H-1Bs and have them re- justify any existing H-1Bs. Use industry groups for the justification process not govt employees or agencies.
These are simple changes to the H-1B program but they need to be made if we are to maintain our technical leadership.
There are 10 burning questions that CIOs need to have answers to.
The chief information officer’s (CIO) role, responsibilities and influence is growing in today’s boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges. The CIOs who will succeed will have a common set of skills.
The 10 CIO questions are:
Can the CIO and IT organization sustain technology hype and deliver value?
How secure is the data of the enterprise and its customers and suppliers?
What is the next core systems evolution that the CIO and IT organization going to undertake?
How and when will drones be used with the enterpriser?
What are the implication of “industry giants” like Goggle going to impact the operations of the enterprise?
Can Blockchain (a distributed database that maintains a continuously-growing list of ordered records called blocks that interconnect enterprise data) be implemented within the enterprise?
Can enterprise’s product designs keep up with opportunities from technology?
Will vendor consolidation continue?
Is digital distribution and marketplace about to take over?
Are KPI metrics and analytics investment paying off?
10 Security Assessment Questions 10 Security Assessment Questions Security Assessment Questions To stop a breach tomorrow, what does the enterprise need to differently today? Does the enterprise know if...
CIO tenure moves up as more CIOs are staying in their jobs. However that is about to change as the “baby-boomers” will begin to retire over the next several quarters. This data is according to Janco’s 2017 IT Salary Survey.
ERP – Enterprise Resource Planning Job Description Bundle Released
Janco has just released 15 Enterprise Resource Planning Job Descriptions in its ERP Job Description Bundle. In Janco’s continuing efforts to make IT recruiting efforts easier, they have released this set of ERP job descriptions. Victor Janulaitis, the CEO of Janco said, “As CIOs continue to look into the future with mobile computing, BYOD, and social networking the demand for ERP technologists is on the rise. The 15 job descriptions included in this bundle have been created with these new requirements in mind.”
The ERP bundle contains 3 to 5 page detail job descriptions for 15 job positions including following specific ERP positions : Project Manager – ERP, Business Analyst, Data Architect, Decision Support Analyst, ERP – Developer, Functional Lead, Infrastructure Administrator, Master Data Analyst, Process Owner, Security Administrator, Security Analyst, Subject Matter Expert, Team Lead, Technical Lead, and Trainer. These job descriptions are fully compatible with all mandated requirements and have been updated with ISO and security compliance requirements in mind.
The CEO said, “CIO in organizations of all sizes have infrastructure they need to manage, increasing cost pressures and uncertainty in the market, at the same time they are focused on growth agendas, whatever they may be. CIOs have to leverage technology in a more effective and efficient manner to allow that to happen. That is the driver behind the increased demand for ERP.” He added, “With the project increase in staffing in the new year, many CIOs are looking to increase staffing in ERP. With these standardized job descriptions the recruiting process should be much easier. “
In addition to the ERP job description bundle, Janco has bundles position description bundles for eCommere, Enterprise Architecture, IT Service Management, Disaster Recovery / Business Continuity, Security, Metrics / Service Level Agreements, and a model mid-size IT organization in addition to the full set of 244 job descriptions. More information is available on its web site www.e-janco.com on https://www.e-janco.com/jobdescriptions.html .
IT job market poor as growth continues to trend down. This year, only a little more than one half (53% – 66,600 jobs) of that number of new IT jobs were created. Telecommunication job growth continues to be slow and still has not recovered from the Verizon strike earlier in the year. Where the Verizon strike was about limiting shipping jobs overseas it did not cover companies that continue to outsource telecommunication jobs.
Year to date there are 47,400 fewer new jobs in 2016 than in 2015. The forecast for all of 2016 is only 75,600 new jobs will be created for the year versus 129,400 in 2014 and 112,500 in 2015.
That is not a good sign for IT Pros who are looking to advance and for overall compensation for IT professionals.
IT Median Salaries 2015 vs. 2016
In the process of capturing the data for Janco’s 2017 IT salary survey to be released in January, the trend for IT salaries remaining flat seems to be continuing.
You can get a free copy of the full survey if you provide 10 valid data points and use a corporate e-mail address. Free e-mail accounts like gmail or yahoo do not qualify as we have no way to verify the accuracy of the data provided.
With this latest quote Janco is now viewed by many enterprises as the go to sources for IT job market and IT salary information. This keeps it in line with the long-term identification of Janco and its CIO as a leader in the field of IT management information.
Janco continues to keep tabs on the IT Job Market, IT Compensation, and trends that impact the overall infrastructure and strategy of IT and the CIO who are in charge. With this in mind Janco has identified 3 common skills that sucessful CIOs have.
Successful CIOs are both visionary and pragmatic\
Successful CIOs focus on ROI improvement of IT
Successful CIOs inspire the enterprise and expand the business impact of IT
Mid-Year Salary Survey Released by Janco Mid-Year Salary Survey Released by Janco Mid-Year Salary Survey – Janco Associates, Inc. has just released its 2015 mid-year salary survey. To read about the salary...