Home > Uncategorized > Title Inflation in Information Security

Title Inflation in Information Security

I meet new people all the time. Not surprisingly, many of them are information security professionals. After we’ve said goodbye, I often look over their business cards a bit. What is amazing to me is the loftiness of the titles on so many business cards. I meet presidents, vice-presidents, CEOs, COOs, CTOs, CISOs, executive directors and managers, senior directors and managers, and by now you get my drift. But it does not end here–some have downright humorous titles such as “chief security visionary” or “I seldom see plain old everyday titles such as “member of the technical staff” or “security engineer.” Title inflation runs rampant.

I know of one organization in the information security arena that has about 40 employees. The head of this organization used to have the title of director, but apparently this title became insufficient, because now this person is the CEO. This organization also has a COO, CIO, CISO, and a CFO, but then more titles–the really amusing ones–begin. There is also a chief education officer, chief relationships officer, and a chief marketing officer. Hmmm, in an organization with only 40 employees, eight C-level positions exist. Many other employees’ titles include the word “director” or “senior,” and the CIO is in reality little more than a system administrator. There must be some “foot soldiers” in this organization, but their titles do not indicate so.
Why is title inflation so prevalent? I can think of at least a few reasons:

  1. Increased leverage. A person who has an aggrandized title tends to be perceived as more influential and powerful. This gives the person an advantage in being able to get in contact with people in higher positions–the “decision makers”– in organizations with which the person potentially may potentially or actually do business
  2. A type on on-the-job reward. Especially during these economically tough times, organizations may not be able to pay employees who are performing well as much as the employees deserve. An easy solution is to give them a new, more prestigious title, something that at least in part compensates them.
  3. Puffery. A person who has the ability to assign him/herself a title because of having set up a little company may attempt to sound more impressive through self-assignment of a title such as CEO, even though there is no one else in the company.
I don’t mean to single out information security. I meet plenty of other types of professionals in other fields who also have inflated titles. I do not foresee the end of title inflation any time in the near future, so I have a few constructive pieces of advice to dealing with the problem:

  1. Don’t be part of the problem. To the maximum extent possible, assign realistic titles to any positions for which you are responsible. If you have an inflated title, have the humility to explain to those you meet what your job function actually entails.
  2. Don’t promote any employee of yours to a position with a high and lofty title until that person actually performs at the expected level that the position requires.
  3. Adjust for title inflation. Instead of assuming that someone with a fancy title is somewhere high in that person’s company’s organization chart, check out where that person actually is. You can often go to the organization’s Web site to obtain this information. Another thing you can do is ask someone how many people s/he directly manages. You should not be surprised when you hear something like “er, ah, well, I don’t actually directly manage anyone.”
Title inflation is not one of the worst problems that we face, and it is in some ways more amusing than anything else. But as I’ve urged before, achieving situational awareness is one of the most important goals we information security professionals can achieve, and being situationally aware of what job titles really mean goes hand-in-hand with this endeavor.

–Gene Schultz, Ph.D., CISSP, CISM, GSLC
Categories: Uncategorized Tags:
Comments are closed.