CISO pay has gone up, according to a recent report, but don’t spike the laptop in celebration just yet. Responsibilities are rising, too, which can lead to elevation—or frustration—of someone in the role.

“CISO compensation is increasing and growing, but the scope of the CISO role and the expectations on the CISO are expanding at a rate that is still faster than compensation can keep up, and we’re getting toward a tipping point in the industry where the pressure on the CISO is in some ways exceeding the reward system,” Nick Kakolowski, senior research director at IANS Research, told IT Brew.

• Compensation: According to a survey from IANS and Artico Search—one that polled 755 security executives (mostly from the US and Canada) between April and August 2024—US-based CISOs on average earned a median of $403,000. That’s a bit more moola than last year’s numbers, when IANS reported a median of $388,000.

Eight in 10 respondents reported increased compensation, and 38% of respondents said compensation rose by 6% or more.

• Scope: The report also saw CISOs increasingly taking on IT functions. For 220 CISOs, the most common assigned IT responsibilities included IT compliance (69% of CISOs with IT responsibilities), infrastructure (61%), architecture (58%), networking (58%), and operations (58%).

Read the rest here.—BH

Threat actors have discovered new ways to sneak unwanted emails past spam filters in a John Cena-like fashion.

According to a September Cisco Talos blog post, spammers are initiating attacks against the web pages and mail servers of legitimate organizations in order to send junk mail from seemingly credible sources, thus bypassing spam filters.

The blog post was penned by Jaeson Schultz, a technical leader for Cisco Talos’ security intelligence and research group, who identified two tactics spammers are using to execute their attacks.

Tactic one and tactic two. The first tactic involves overloading the text fields on web forms that trigger an email to be sent back to a user with unsolicited messages and links. Possible web forms that could be abused for this scheme include online account registration, event signup, and contact form pages.

Extra crafty spammers are also using the tactic on popular Google softwares such as Google Quizzes. To do so, Schultz said the attacker would first need to create a quiz and fill it out using a victim’s credentials. They would then be able to spread their unsolicited message through the email that is sent back to the victim after grading the fake quiz.

Read more here.—BM

After a slight rise in August, the tech unemployment rate plummeted nearly a full percentage point in September, showing the sector’s strength on the back of an unexpectedly powerful national jobs report.

As IT Brew reported, August’s tech unemployment rate stood at 3.4%, up from July’s 3.2%, indicating the unsettled nature of the economy as a whole. But September’s bounce-back numbers—an addition of 254,000 total jobs rather than the 150,000 economists were expecting—showed that the country’s outlook is trending positive.

Timing is everything. Tim Herbert, CompTIA chief research officer, said in a statement accompanying an analysis of Bureau of Labor Statistics numbers from the group that overall positive economic news helped push the tech unemployment rate down.

“It was never really a question of if, but when employers were going to resume hiring,” Herbert said. “A broad mix of companies viewed recent economic developments as the greenlight to move forward in addressing their tech talent needs.”

Tech employment increased by a net 8,583 jobs, CompTIA reported, with cloud infrastructure, data processing, and hosting accounting for 6,000 of those positions. IT and custom software services and system design came in second with 2,900 jobs; the gains were slightly offset by a 1,600 position drop in the telecommunications subsector.

Keep reading here.—EH