Hunting for Cyber Security Managers in Italy
An interview with Fabio Sola, Network Director, conducted by Luigi Dell'Olio, for the article: Le imprese a caccia di manager della "cyber security" published December 19, 2016, in the Affari & Finanza section of La Repubblica newspaper
Are there cyber security managers in Italy?
The theme of Cyber Security is heating up, given the increasingly pervasive role of IT in our daily lives and for its progressive shift to the Cloud. Nevertheless, the theme is still in its infancy here in Italy. Those who invest in Cyber Security, tend not to advertise it (for the same reason that we do not disclose the new anti-theft system we have at home).
At present, there are more articles about the Cyber Security Manager role than active recruiting searches. Consulting firms carry out around 50% of the searches, some of which are gradually specializing in the sector. Otherwise, only the very largest Italian companies are managing in-house all activities related to system security.
Certain sectors are already heavily invested in Security, including Finance (banking and insurance), due to the sensitivity of data treatment and transactions handling, and Hi Tech, in order to protect their intellectual property (e.g. think of the continuous Apple-Samsung legal war and the potential value of research on a new microprocessor).
What does a cyber security manager do?
From PRAXI's privileged vantage point as a provider of executive search services and IT consulting, we would divide the role into three main “responsibilities”:
- Technological, meaning focused on solutions that protect internal systems and processed data (For example, Praxi and other groups have invested to switch over to a top-level domain (our site has an extension .praxi instead of the previous .com), which adds a layer of protection to the security of their systems).
- Organizational, meaning relative to the behaviors of the people within an organization (often at risk in terms of potential outside attacks, not necessarily going to the extreme case of Hillary Clinton's email).
- Regulatory, meaning the application and updating in terms of data compliance management and the use of tools.
- To complicate the profile further, strong economic sensitivity is necessary, because Cyber Security activities are quite costly; therefore, it is necessary to measure and compare the ability to invest against the real value of what you are protecting.
What is the typical career path of a cyber security manger?
Today in Italy, the technological aspect is prevalent, because the positions often originate from the Senior Professional level rather than Managerial, unlike other more developed markets. For example, in Italy it is common to find a Cyber Security Manager reporting to a CIO or IT director, while in the US the Cyber Security Manager is often on the Board). It is important to have a broad organizational vision, but there is often a focus on understanding sub issues like artificial intelligence (or "machine learning"), for example, which is fundamental to many Cyber Security platforms (if the system does not learn from experience it quickly becomes obsolete).
How much do they earn?
In the US, the average salary of a Cyber Security Manager is approximately $100,000; in Italy it is about half (€50,000). Be careful because this statistic can be quite misleading, as it depends on the specific context. It would be more appropriate to define the current market rate as the average between a Cyber Security Specialist, sourced from the top managerial level (€120,000 and up) and a Professional Specialist (€35,000 and up).