Mean Compensation for all IT Pros in 2018 now is $90,116 up by 3.5% from 2017
IT Professional Mean Pay now is well over $90,000 in both large enterprises and Mid-Sized ones. IT executives in large enterprised now command a mean salary of $159,748 – which is up 2.53% from last year and rising.
IT professionals are now among the highest paid staff level individuals in many organizations.
IT Professional Mean Pay
Salaries for qualified IT Pros will continue to increase as there currently is a short supply of individuals who have the skill sets necessary to work with several new and advancing technologies.
The positions in the greatest demand are for Executive and Middle Management positions with experience and working knowledge of Iop, Blockchain, and migration of applications to SmartPhones and Tablets in both the iOS and Android worlds.
IT Job in Demand
Janco released its full suite of IT Recruiting, Hiring, and Job Description suites of offerings to help HR departments and IT management teams to help them have the tools at hand as the IT job market continues to expand.
Security is a pipe-dream, few enterprises are fully protected from events that have occurred in the past several months. All one has to do is to look at the recent cyber attacks at Uber and Experian. In both of those cases, the CIO and/or CSO were blamed and left the organization.
Not many CIOs and CSOs feel they have 100% of their security risks covered. In a recent survey that was published in NetworkWorld:
55% said that was the case
40% said they hope the had all of their security bases covered
6% said that they did
With only 6% saying they had all of their bases covered there are many opportunities for security hackers and data breachers to attack the systems in place.
Now that we know that a security breach may occur, how sure are these same CIOs and CSOs that they will be able to react in time? The first step is detection that a hack or breach has occurred. In another survey by Janco Associates, we found that in midsized and large enterprises:
35% had a detection solution in place and they automatically quarantined the server(s)
43% had a detection solution in place but had to “manually” quarantine the server(s)
23% had to “manually” put the server(s) offline when they found out they had a problem
When you put these two sets of data together, you conclude that less than 2% of enterprises are protected adequately enough to prevent a major security hack or breach occurs.
Disaster Recovery / Business Continuity &
Security Template Bundle
ISO 27000, Sarbanes-Oxley, and HIPAA Compliant
Experts Agree You Should Update Your Plan Annually
Security is a critical concern during the recovery process
It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don’t have a disaster recovery plan or haven’t updated yours recently, now is the time to take this critical step to protect your business.
Security lacking at SEC Security lacking at SEC according to GAO Security is not as good as it should be at the Securities and Exchange Commission (SEC). The SEC...
10 Security Assessment Questions 10 Security Assessment Questions Security Assessment Questions To stop a breach tomorrow, what does the enterprise need to differently today? Does the enterprise know if...
Women CIOs – 28% of CIOs in public companies are women
Women CIOs – Women in management are making it as CIOs in large publicly traded companies. In reviewing Janco’s historical data we have found that in 2013 only 19% of the CIOs in our sample were women. That has grown to 28% with our more recent data.
Failed Business Continuity – This morning about 2:00 AM MST one of the largest providers of cloud services went down. As I write this it is 11:30 AM MST and the service is still down.
It seems that their entire network – both the east coast and west coast is down. I talked to their corporate office and at this time they have no idea as to when they will be back up and at the same time the person I talked to said he did not know what their business continuity plan was since this was a nation-wide failure in their network.
They should have followed the 10 commandments that we published earlier.
Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing silo testing alone does not accurately reflect multiple applications going down simultaneously.
Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.
Top 10 Disaster Recovery Best Practices As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
China Hidden Competitive Advantage – China Owns Key Technology Media Firms
China Hidden Competitive Advantage – Should the US be concerned that key technology firms and publications are now owned by China? In March of 2017, China Oceanwide completed its acquisition of IDG. China Oceanwide is an international conglomerate founded by Chairman Zhiqiang Lu. Headquartered in Beijing, China and include operations in financial services, real estate, media, technology and strategic investment. Following the acquisition, China Oceanwide has nearly 20,000 employees worldwide.
Within two months of the acquisition, there were extensive layoffs in the IDG’s US staffs of both writers and editors. It has been estimated that between 90 t0 100 seasoned professionals were laid off.
IDG was founded in 1964 and the publications that were included in this acquisition were CIO, Computerworld, PCWorld, and Macworld. IDG also has its own international news agency, IDG News Service. It is headquartered in Boston and has bureaus in cities such as New York, Beijing, Amsterdam, and Brussels. It provides news, images, video and other editorial content to IDG’s web sites and print publications worldwide.
The insight that IDG has in the technology market is very high. With this level of access to the technology market, should US based corporations be concerned? Will China based enterprises get a competitive advantage over US based enterprises?
Historic IT Compensation analysis by Janco Associates shows that the Vice President of Technical Services has fared better in organizations of all sizes over the past five years than CIOs.
Since 2013 mean compensation for CIOs in large organizations has risen by 7.5% from $181,240 to $194,841 ($13,601). At the same time, in those same organizations, the VP of Technical Services compensation has risen by 19.7% from $140,267 to $167,961 ($27,653). In addition CSOs, also topped CIOs in large enterprises with an increase of 14.2%.
In midsize enterprises CIOs, in the same five years saw their compensation rise by 9.6% or $15,523. However, the VP of Technical Services saw their compensation increase by $17,991 or 13.8%.
That does not mean that CIOs are doing poorly. Rather the difference in compensations has eroded a bit in the past few years.
Minimize breach response cost with operational strategy
While the costs of a data breach can vary widely on a case-by-case basis, CIOs who understand the drivers behind the expense will be better positioned to take steps needed to protect their organization.
Here are 6 way to minimize breach response cost:
Eliminate data you do not need.
You can potentially dramatically reduce your exposure by destroying records of past customers. You cannot lose data if you do not save it. In 2015 one company served 69 million customers, yet when they were breached that year, they exposed 78 million records. The extra nine million records most likely come from former customers. Each of these individuals had to be notified and offered credit monitoring, driving up costs.
Do not store street address if there is no real business requirement.
When a breach occurs, companies are typically required to notify affected individual via old-fashioned, handwritten “snail mail.” But they can use alternative methods of notification, such as email or public announcement if they do not have a valid mailing address. Physical, written notifications can cost up to $2 per person, and the cost quickly adds up. It may be worth asking twice what the business need for those customer addresses is and considering not capturing these addresses to reduce the exposure to notification requirements.
Utilize logs to prove proof a breach or data loss did not occur.
One industry study shows that in 44% of incidents, public notification is not required. To avoid notification, companies must prove that, even if they were attacked, no records were improperly accessed. To do so, they use systems logs. Without logs, a company may be forced to assume a breach occurred because it cannot prove otherwise.
Follow PCI rules and protect credit card data.
For breaches that involve credit card data, reimbursing card companies for fraudulent transactions can amount to a staggering cost, from $3-$30 or more per card. New chip cards are designed to reduce fraud, and early data show they are having the intended effect – MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.
Use experts who know the breach response landscape.
Your breach response effort is not a good time to reinvent the wheel. Missteps happen fast and have serious consequences. Credit monitoring alone can cost $5 to $30 per person. Data breach specialists, such as PR consultants or data privacy lawyers, often have seen as many as hundreds of data breaches and are highly practiced at helping you craft a genuine story that keeps confusion – and costs – down.
Be prepared for additional audits and compliance reviews.
In the wake of a breach, a company may be audited and investigated by a number of regulatory agencies. While it’s not guaranteed to occur, it is likely, and there are simple steps you can take to prevent sensational fines if it does. To start, CIOs and CFOs should be strong advocates for the implementation of the security controls recommended by external auditors or by regulators themselves.
High Unemployment continues to persist in four states: Alaska – 6.7%; New Mexico – 6.6%; District of Columbia – 6.9%; and Louisiana 5.7%. All four of these states have had a dismal recovery.
It is not clear what it will take to get the people in those states back to work. In the case of the District of Columbia, with the emphasis of reduction in the size of goverment, unemployment will stay high.
Both Alaska an Louisiana should have a clear path to recovery with the emphasis on energy independence. New Mexico is an unknown at this time.
Full employment states
There are 21 states that are in a full employment mode. That is the best it has been since early in the George W. Bush administration.
All but 2 of these states (New Hamphsire and South Dakota have unemployment rates that are lower than they were in the same month of the year as last year.
In the case of IT job market, that is a very good sign.
Unemployment Levels over 6% in 12 states Unemployment Levels over 6% in 12 states State Unemployment Levels Unemployment Levels by State — The National unemployment data provides a measure of the health...
H-1B visa holders paid less. According to the latest filings by Apple Computer. 99.6% of the 4,807 visa applications for the current year have a “stated” average salary that is less than the going rate for the current year.
Granted that Apple may pay individuals more than is stated in the application, but they do have the option to pay less. That is the core of the issue with the H-1B visa program as it is implemented today.
The question is the program to be be altered in such a way to eliminate the possibility that companies like India based outsources can use the program for their own profit at the expense of US workers’.
In our next IT salary survey we will address this issue this issue in depth. Janco’s survey is an industry standard and is (and has been) used by over 3,000 organizations in the US and Canada, In addition, the results of the survey have been published in the Wall Street Journal and CNN to mention a few media outlets.
Several major unions and governmental agencies use the survey for setting pay grades and overall compensation levels.
CIO role changes and faces new challenges – no longer just a technologist now a business partner
The role of the CIO and CTO is changing as more enterprises more towards a “Value Added” role for the Information Technology function. The Strategic Implications of each type of technology are different. The CIO, as a result needs to be able to adapt qucikly
The job of overseeing technology at corporations is changing as fast as the technology itself. No longer is the chief information officer the “nerd-in-chief,” merely chasing after viruses and ordering new mouse pads. Now the CIO is finding ways to utilize hardware and software for strategic business purposes, such as discerning market opportunities and improving customer service. The high-tech tools of choice can include sophisticated data mining like social networking, and enhancements to the company website.
As the CIO’s role changes, a key question for the chief executive is whether the individual in that position can handle all of these new challenges. Today, the CIO often is working directly with all of the other C-Level executives. He or she now has to undertake customer-service, marketing, and new-product analysis. This can require “people” and analytic skills in addition to advanced e-knowledge. CIOs are called upon to think like business people.
Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments. Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.
This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.
Here are top 10 best practices for WYOD:
Have a strategy for how, when and why WYOD devices can be used
Implement an acceptable use policy
Identify the connectivity options that are available to both internal and external users
Approved devices should be easily connected to the available secure access points
Define a management process for the WYOD devices
Plan for the activity WYOD devices will add to the network
Make collaboration tools a priority
Secure the end points and isolate sensitive/confidential information and locations
Be prepared for little to no advance notice on upgrades
10 best practices electronic meetings 10 best practices electronic meetings 10 best practices electronic meetings have been identified by Janco Associates, Inc. They are: Have an agenda that is available...
10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...
Why H-1B is wrong solution – a question that we have been asked
Why H-1B is wrong solution – a question that we have been asked by a number of reporters (see press release). Below are two tables that Janco has created in getting the answer to that question.
Below are some of the questions that we were asked by a reporter for a national publication.
Reporter: Is the Information Security Analysts job the only H-1B security job in your findings?
Janulaitis: Yes, that is the only pure security role. However, there are individuals who have those skills and are classified as Network and Computer Systems Administrators. They fill some of the roles of the security analysts.
Reporter: Do you have any insights into whether that number is so low because. A) no company’s are looking abroad for security skills. or B) people with these skills are applying but not getting accepted?
Janulaitis: First there has to be demand for that role. Many C-Level executives do not feel comfortable with security being done by non-US workers who are not on shore and/or are outsourced.
When C-Level executives have a choice, the idea that an H-1B is responsible for security is not one they relish. They need some assurance that H-1B employees will remain with the company. There have been too many hacks that have taken place where immediate response is required. There is less control when the individual is an H-1B employee that is a contractor. Companies like Microsoft and Apple (vs Tata’s) offer real opportunities for security specialists. These are US companies, not outsourcers, and have a long term view. I know both Microsoft and Apple have good internal training programs in place with real career paths for the “best of breed” technologist that they hire with H-1Bs.
Reporter: Do you think that IT security and cyber-security skills should be given special consideration for H-1B visas? Under the proposed revamping of the program that may include moving to merit-based selection program rather than a pure lottery system.
Janulaitis: In general, all H-1B visas should be merit based. My feeling is that the first choice for jobs should be US nationals who are qualified, then foreign nationals who are graduates of US Universities and want to become US residents and lastly, graduates of foreign Universities who want to become US residents. The idea that there is a lottery and companies like Tata win a large number of positions that they then use to “replace” US workers does not make any sense at all. The purpose of the program is to give the US a competitive edge in technology not reduce cost for US corporations.
Reporter: The question is being raised because the global demand for cyber-security workers is expected to reach 6 million by 2019. There is a projected shortfall of 1.5 million qualified security pros. More than half of organizations today say that finding and recruiting talented IT security staff with the right skill sets is a “significant” or “major” challenge.
Janulaitis: First we start to educate our IT pros in the disciplines required. Then have jobs for them when they graduate and there will be much less of a need for “foreign” workers. It should be a H-1B requirement that these individuals have a “desire” to become full time US residents. If companies like Tata game the system, they should be penalized. Perhaps they could be required to post a bond of say 20% of the annual salary be put in trust. That would be returned when the individual qualifies to be a permanent resident. If they do become full time residents within a specified period, then the bond would be forfeited and the individual would have to leave the US. We need to take the profit out of gaming the H-1B program.
Reporter: Any other insight you might have into this would be greatly appreciated.
Janulaitis: Companies like Tata should not be allowed to get the number of H-1B visas they do. They are gaming the system by creating US subsidiaries that are just a shell to get revenue out of the US and not necessarily help the US to be a technology leader. The focus of the H-1B program should be to get foreign nationals that are world class to come to the US, become full time residents, and contribute to our society. Currently students come to the US and take the limited number of advanced degree slots available we have and are capping the number of US nationals who can fill them. It is not the US’s role to educate the world. We need to do everything possible to have H-1B visa holders stay here. It is not good when over 75% graduates leave and go back to place like China and India.
I believe much of the problem we have is due to our educational system. We need to have more of a focus on math and science and less on social engineering. As a county we spend more on education but rank behind Poland. We have a bias towards foreign nationals in our graduate and doctoral programs. We need an educated population of college graduates who focus on both math and the science. Then we need to have jobs for the individuals that have STEM (Science, Technology, Engineering and Math) degrees. That includes undergraduate as well as masters and doctoral degrees. It is much easier to grow our skill base if we have the professors who can teach those subjects. China, for example, is graduating more students from it universities in robotics on an annual basis than we have in total.