Show Notes
Michael Piacente, Managing Partner & Cofounder at Hitch Partners, answers the essential question on many cybersecurity professionals’ minds: Where do CISOs find CISO jobs? As it turns out, Michael helps many cybersecurity teams find their perfect CISO match with the assistance of his own team at Hitch Partners. In this episode, Michael clarifies what the role of a CISO really is, explains the compensation and benefits, and reveals the many responsibilities a CISO may take on during their team in the role.
Timecoded Guide:
[00:00] Defining the role of CISO & finding the right homes for each CISO
[05:21] VCISO & fractional CISO as an alternative to a full-time CISO
[11:49] CISO annual income, benefits, & non-monetary incentives
[16:37] Explaining additional responsibilities & tasks taken on by the CISO
[25:11] Giving advice to future CISOs looking for the next cyber executive opportunity
Sponsor Links:
Thank you to our sponsor Axonius and NetSPIfor bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
In your own definition and experience, what is a CISO?
Although there’s many definitions of the role, Michael clarifies that defining CISO should always include being an executive. To have a CISO who makes a positive impact and fulfills an organization’s needs, that CISO has to be properly placed, properly sponsored, and be in an environment where they have the proper reporting processes. Michael also believes the CISO should always be looking over their shoulder to be diligent of the next threat.
“In my version of it, a CISO is the executive— and that's the key term here— that has been properly placed, properly sponsored to handle all of the business information and data risk policy execution and operations in the company.”
What is the difference between a fractional CISO and a VCISO?
In Michael’s opinion, a VCISO (virtual CISO) and fractional CISO can be used interchangeably in a situation where a company does not need a full-time CISO executive. Unless they’re looking to support a strong security program, Michael understands that many companies don’t need a full-time CISO in order to be successful. A VCISO makes an impact on an organization’s security without being an overwhelming role in a smaller organization.
“Bringing in your starter package to implement the baseline or foundational building blocks of what will become a security program, in the form of a consultant or consulting firm, is often a wiser choice than going in building a security program around a full-time CISO role.”
Are there different types of CISOs, and have those types changed over time?
Previously, Michael defined 3 different types of CISOs in his search for CISOs with Hitch Partners. However, a fourth type has emerged in recent years: the BISO, or Field CISO. This fourth type joins the ranks alongside other impactful CISO types, including the client (or governance) facing CISO, highly technical CISO, the IT-focused CISO, and now, our fourth type, the BISO, who focuses on the business side of the risk.
“It's amazing that all of our CISO searches contain all these different types of CISOs. The fun part of that we get to figure out is: What's the priority [for the role]? What's the order? What does everyone in the organization think the priority should be?”
How would you direct someone to take that first step after realizing they want to be a CISO?
Discovering the CISO role exists and being the right person for the role is an important distinction, and Michael encourages potential CISOs to take some time to research the job before getting involved in a job search. However, once someone knows they want to be a CISO, Michael advises finding a CISO mentor and diving into a passion. Each type of CISO needs an expertise and passion to propel them into the superpower status needed to be a CISO.
“I think it’s about finding a passion. I'm a big believer that you just have to know where your superpower is, or what your superpower wants to be. In other words, that thing that's passionate to you, that you probably know better than 99% of the population out there.”
---------------
Links:
Keep up with our guest Michael Piacente on LinkedIn
Learn more about Hitch Partners on their website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Recent Episodes
The Future of Cyber Talent Is African with Confidence Staveley
The world’s youngest continent is also its most untapped resource. Confidence Staveley, Founder of CyberSafe, makes a powerful case for why Africa’s youth are the answer to global cybersecurity ...
Compliance Isn’t the Enemy with Jeff Man
Is compliance just a checkbox, or the backbone of real security? Returning to the show with decades of hard-earned insight, Jeff Man makes the case that compliance, especially PCI-DSS, isn't ...
What Makes a Great CISO? A Playbook from Gary Hayslip
What separates a great CISO from a great one? In this powerhouse conversation, Ron invites friend and cybersecurity leader Gary Hayslip, CISO at SoftBank Investment Advisers, back on the mic to ...
Confidence, Coaching, and the S-Word with Mel Reyes
Want to stand out as a leader? According to our guest Mel Reyes, you need to dress like you mean it and speak like you’ve got nothing to prove. In this episode, Mel shares how he built ...
Purple Teaming Is the New Job Security with Maril Vernon
Cybersecurity isn’t just red or blue anymore... it’s purple, white, and deeply human. Maril Vernon, award-winning ethical hacker and Senior Solutions Architect at NetSPI, returns to the Hacker ...
The AI Gold Rush in Cybersecurity with Chris Cochran
The new cybersecurity pioneers aren’t chasing alerts, they’re building with AI. But what happens when tools meant to assist begin making decisions for us? And what skills do we lose when ...
The AI That Tried to Escape with Ron Eddings
What happens when AI refuses to be replaced? This episode kicks off with a chilling real-world example of an AI threatening blackmail—and only gets more intense from there. Host Ron Eddings ...
Zero Trust Isn’t a Tool — It’s Everything with George Finney
What if Zero Trust isn’t a framework, but the only viable cybersecurity strategy—more about people than products? In this episode, George Finney, CISO at the University of Texas System and ...
Your Two-Year Edge Starts Now with Marco Figueroa
You won’t be replaced by AI—you’ll be replaced by someone using it better. Returning guest Marco Figueroa is back with a frontline report on the AI agent boom. This isn’t a prediction—it’s a ...
Badge Cloning, Alarm Triggers & Getting Hired to Hack with Greg ...
Most people think red teaming is digital—until someone bypasses your locks, plants a Raspberry Pi in your server room, and walks out with your data. That’s not sci-fi. That’s White Knight Labs. ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon and reach out to you at