November 11, 2022

Hiring the Next Fractional CISO with Michael Piacente

by Hacker Valley Studio

Show Notes

Michael Piacente, Managing Partner & Cofounder at Hitch Partners, answers the essential question on many cybersecurity professionals’ minds: Where do CISOs find CISO jobs? As it turns out, Michael helps many cybersecurity teams find their perfect CISO match with the assistance of his own team at Hitch Partners. In this episode, Michael clarifies what the role of a CISO really is, explains the compensation and benefits, and reveals the many responsibilities a CISO may take on during their team in the role.

 

Timecoded Guide:

[00:00] Defining the role of CISO & finding the right homes for each CISO

[05:21] VCISO & fractional CISO as an alternative to a full-time CISO

[11:49] CISO annual income, benefits, & non-monetary incentives

[16:37] Explaining additional responsibilities & tasks taken on by the CISO

[25:11] Giving advice to future CISOs looking for the next cyber executive opportunity

 

Sponsor Links:

Thank you to our sponsor Axonius and NetSPIfor bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.

 

In your own definition and experience, what is a CISO?

Although there’s many definitions of the role, Michael clarifies that defining CISO should always include being an executive. To have a CISO who makes a positive impact and fulfills an organization’s needs, that CISO has to be properly placed, properly sponsored, and be in an environment where they have the proper reporting processes. Michael also believes the CISO should always be looking over their shoulder to be diligent of the next threat.

“In my version of it, a CISO is the executive— and that's the key term here— that has been properly placed, properly sponsored to handle all of the business information and data risk policy execution and operations in the company.”

 

What is the difference between a fractional CISO and a VCISO?

In Michael’s opinion, a VCISO (virtual CISO) and fractional CISO can be used interchangeably in a situation where a company does not need a full-time CISO executive. Unless they’re looking to support a strong security program, Michael understands that many companies don’t need a full-time CISO in order to be successful. A VCISO makes an impact on an organization’s security without being an overwhelming role in a smaller organization.

“Bringing in your starter package to implement the baseline or foundational building blocks of what will become a security program, in the form of a consultant or consulting firm, is often a wiser choice than going in building a security program around a full-time CISO role.”

 

Are there different types of CISOs, and have those types changed over time?

Previously, Michael defined 3 different types of CISOs in his search for CISOs with Hitch Partners. However, a fourth type has emerged in recent years: the BISO, or Field CISO. This fourth type joins the ranks alongside other impactful CISO types, including the client (or governance) facing CISO, highly technical CISO, the IT-focused CISO, and now, our fourth type, the BISO, who focuses on the business side of the risk.

“It's amazing that all of our CISO searches contain all these different types of CISOs. The fun part of that we get to figure out is: What's the priority [for the role]? What's the order? What does everyone in the organization think the priority should be?” 

 

How would you direct someone to take that first step after realizing they want to be a CISO?

Discovering the CISO role exists and being the right person for the role is an important distinction, and Michael encourages potential CISOs to take some time to research the job before getting involved in a job search. However, once someone knows they want to be a CISO, Michael advises finding a CISO mentor and diving into a passion. Each type of CISO needs an expertise and passion to propel them into the superpower status needed to be a CISO. 

“I think it’s about finding a passion. I'm a big believer that you just have to know where your superpower is, or what your superpower wants to be. In other words, that thing that's passionate to you, that you probably know better than 99% of the population out there.”

---------------

Links:

Keep up with our guest Michael Piacente on LinkedIn

Learn more about Hitch Partners on their website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio



Transcript

Hacker Valley Studio 00:07
Who says tech can't be human?
Michael 00:10
Passion, whether that's one of those four areas or something else. I'm a big believer, you've probably heard me say this before, that you just have to know where your superpower is, or what your superpower wants to be. In other words, that thing that's passionate to you, that you probably know better than 99% of the population out there.
Hacker Valley Studio 00:30
Welcome to the Hacker Valley Studio podcast.
Axonius Ad 00:35
When it comes to it, and security, we can all agree on two things, complexity is increasing. And the manual asset inventory approach no longer cuts it, it's time to adapt. And that's where Axonius comes in. Axonius correlates asset data from existing cybersecurity and SaaS solutions to provide an always up to date inventory, uncover gaps and automate actions, giving you the confidence to control complexity, sign up for a free walkthrough of the platform at Axonius.com/Get-A-Tour.
Chris 01:10
What's going on, everybody? You are in the Hacker Valley Studio with your hosts, Ron and Chris.
Ron 01:23
Yes, sir.
Chris 01:27
Welcome back to the show.
Ron 01:30
Glad to be back again. You may have the question like I've had the question before: Where does a CISO go to find a CISO job? Well, worry no more. We've brought in a good friend of the Hacker Valley Studio podcast, we brought in Michael Piacente. Michael is the Managing Partner and Co-founder of Hitch Partners, and someone who helps executives and organizations fill those gaps for talent like CISOs. Michael, welcome to the podcast. It's always a pleasure to speak to you.
Michael 02:03
Thank you, gentlemen. Great to be here. I love the show, I'm really enjoying it. Thank you so much.
Chris 02:08
Thank you so much for taking the time out of your busy schedule to hop on the mics with us. We've known you for years at this point, and you really have some interesting insights into the plight and the world that is being a CISO. How did you first get into that realm of finding the homes for different CISOs across the United States, and even abroad?
Michael 02:28
Yeah, I think some would agree with interesting insights. Yeah, I actually started in the practitioner world of IT, and when I moved into executive recruiting, I had really focused on CIO search and everything in the CIO's roles of deputies. One of which, of course, was this wonderful role called a CISO. We started seeing around 2008, 2009, companies contacting us looking for CIOs, because they had had a situation where their engineering organization went out and maxed out their personal credit cards on this thing called AWS, and they didn't know where their source code was sitting. And so, they would actually call and say, "We need to do an audit of our software licenses." And I would say, "Audit? Aren't you worried about security?" "Oh, no, AWS handles all that pretty well, they've got all these amazing tools." And so, I'm thinking to myself, "So, that's how this is going to be." At that point, you already had IT security expanding and compliance expanding at a fascinating pace of governance, and that was right around the time of SOCs coming about. But then you have this entire other wing of
interest around application security, product level security, and no one seems to be paying attention to it, except for in some high-caliber engineering environments. And so, that was kind of the premise of Hitch Partners is we wanted to be that high-consequence, data- focused, cloud native, cloud first security executive, which we now know as the kind of modern system. So, that's kind of how it all started.
Ron 04:01
I love it. I love the work that you've done and I've met a lot of the CISOs that you've helped be retained at organizations, but also help find new organizations to join as a CISO. So, big kudos to you there. I got to ask, there's a lot of definitions for a CISO, and I think there's no right or wrong definition, but I would love to hear it from your perspective. What is a CISO in your world?
Michael 04:23
In my version of it, is the executive, and that's the key term here. The individual that has been properly placed, properly sponsored, properly reporting structure within an organization that is handling all of the business information and data risk policy execution and operations in the company. That doesn't end there, there is an external function. We see an enormous amount of sales and pipeline enablement and customer support enablement piece today, but in a general sense, it is that translator, the ultimate identifier, and really, the narrator of what business risk is occurring within the organization. Typically, they have to be looking around the corner at all times, versus seeing what is going on. By the time something's happened, it's already happened. Now, they have to think about the next potential attack. All during this time, the attack surface has expanded, and so, thus has the definition of the system.
Chris 05:21
One of the most incredible things, and probably the most important thing, is the placement and making sure that they're in the right environment, because I'm sure there's a lot of startups out there, that think "Okay, we need to take security seriously. Of course, we need CISO," but that might not always be the case. What has been your perspective going through that process?
Michael 05:42
We will run about 30 to 35 CISO and Deputy CISO searches a year, we're actually pretty boutique in that nature. But we speak to about 150, on average, companies a year. And then, there is certainly competition, but as far as competition losing to us, or vice versa, it's a handful, maybe a few times a year. So, that leaves a good 100+ clients or prospects, and so, you have to figure out what goes on there. What we've established is that about 80% of the companies that approach us actually don't need a CISO. Unfortunately, we're also the first people that are telling them that. Someone, somewhere along the line that's out of my paygrade has told them to talk to me, and I'm happy to do it. In the first 30 seconds of the discussion, we realize they don't have any C and they don't have any O, and they're trying to maybe get a SOC two or GPR, or something more technical in play. We have to really listen first and understand what it is they're trying to achieve, but most of the time, we are recognizing that they don't either need a CISO. A big trend lately has been maybe looking at who you have already hired and brought on and trained and invested, see if there's some gaps that can be overcome with some investment in some advisors. There’re some nuances that can be adjusted there, and see if you can just turn the individual you have today into your future CISO. There's all kinds of trends going on, fractional and VCISO is certainly up and coming and very robust. But there's a whole state of the CISO today that we can get into as to why this is so hard and why this is such a nuanced role.
Ron 07:16
Let's dive deeper into it. I've recently come across the term fractional CISO. I feel like I've been hearing it on and off for the past year or so. But what is the difference between a fractional CISO and a VCISO?
Michael 07:28
A VCISO and a fractional CISO can be used synonymously. VCISO, the V standing for virtual, can sometimes be misleading in that the individual is not actually physically there on site, or they're sitting across the country somewhere. That's not necessarily true, they could certainly be there on site physically or be there in person, but what it really means is that the company does not require a fulltime CISO or security program at this point, but they do have some difficult complex and timeconsuming programs and projects that need to be implemented. Bringing in your starter package to implement the baseline or foundational building blocks of what will become a security program, in the form of a consultant or consulting firm, is often a wiser choice than going in building a security program around a full-time role. What we look at is: What is the company's risk model? What are they selling? Who are they selling it to? What kind of data are they holding onto? What kind of data are they creating? A lot of factors go into it, it's not just, wow, these guys are too small, they don't need a real CISO. We're not that trite. We actually get deep into the evaluation. If we make a mistake and recommend a VCISO or fractional CISO option, when really the business model is going to be supporting a very strong security program in just six months, and they just didn't recognize it, then we would be doing the client a disservice. We do have to get a little bit deeper into what's the business all
about, and that's where we focus. But in general, the VCISO and the fractional CISO are fairly
synonymous terms, fractional being you don't need a full-time entity at this point or individual, and that seems to be the more logical way to go in many cases. Like I said, 80% of the time, we will try to make that introduction.
Chris 09:17
One of the first conversations you and I had about three and a half years ago was the different types of CISOs for an organization. I'd love to hear some of your thoughts on that. I think, at the time, we were talking about three different types of CISOs for particular companies and whatever their use case is. Have you seen that change over the last three years? Are there more types of CISOs? Is there less types? Has it evolved in any way over the last few years?
Michael 09:43
Yeah, and that kind of goes to sort of where the state of the CISO is today, but to answer your question briefly, I think we have another category. So, add a fourth category in there, maybe even a fifth one coming, but a fourth one for sure, in that you have a clients facing or governance facing CISO, someone that's really focused on the business risk. They may or may not have come from a technical background, but they understand how to communicate and translate business risk. You have the highly technical CISO, you typically see them in the security engineering and AP SEC or prod SEC space, they're coming from that space. You have an individual that's focused in the IT security space, also incredibly important, looking at insider threats and detection and response and all the security operations components that are not touching the application, not touching the product. And then, you have this kind of newer model, which has a couple of different subsets. Some people call it the BISO, or others call it a Field CISO, but it's this concept, there's a lighter version of that, which is just an
executive that's involved in the sales enablement activities. That's really driven by the fact that you now have the CISOs organization and the CISO themselves, who are really seen as competitive advantage enablers in the business. It's no longer this mundane, stagnant program, where you call in and here's your incidents. It's very much a proactive, moving from a cost center to a profit center type of model. And so, now, we have a flavor of CISO if you will call it, that really is a sales enabler, a pipeline enabler, a business enabler, and they're speaking to their counterparts in large enterprise opportunities. And so, it's amazing that all of our CISO searches contain all four of these parts. The fun part of that we get to figure out is: What's the priority? What's the order? What does everyone in the organization think the
priority should be? That's why we do this thing called interviewing the interviewers. We ask eight executives in a company what they think their future CISO or program should look like. You're probably going to get a different opinion, and that's actually very healthy, but we really do need to figure that out before we start introducing the humans to the process.
Ron 11:49
You said at best, there's a lot that goes into being a CISO. You mentioned the sales enablement piece, I think that is an untapped resource, where organizations are starting to tap into their CISO and have them do more public-facing events to showcase, "Hey, this is how serious we take security." I think that's a selling prop in itself. When you look at all of that, it can be a little overwhelming for the CISO. They have to manage these risks, they have to promote awareness to their stakeholders and the team, and maybe even help other customers understand how serious their organization is taking security. To me, this is a lot of work. I can't imagine anybody can do this in 40 hours, whether they're a full time CISO or a VCISO, so there's gotta be some incentives. I'm looking at this report you created at Hitch Partners, and I see in this report, it says that, on average, if a CISO joins an enterprise software company that's publicly traded, they may be able to make up to $866,000. Quite a bit. I love that, and I
would imagine that, maybe it's not always like that, maybe there's a low end. Can you describe what that low end is? Or, even average? But also, what are the other non-monetary incentives that CISOs enjoy?
Michael 13:10
The problem when we first started this, what we would consider a modern CISO, is there was no data. The data, as much as they tried, you had folks like red for studies, which in the case of a technology company, a software company, or other, they were sometimes 40 or 50% off the mark. Not that they were wrong, but they just didn't have the data. And so, we had to figure out a way to go collect this data. We had these relationships, and thankfully, we have the trust of the community and people started participating. That particular report had over 500 participants from the CISO space, which was pretty awesome. We're expecting an increase this year, the lower end could be as low— Well, I say low end, but it really depends on what the company is doing. What are they selling? What are they protecting? How do they organize? What industry are they in? We've seen CISO searches that are people making $200 to 300,000 in cash, and then, a little bit of stock, you know, as low as the sort of the $400-500 range. The average, as you mentioned, is sort of that $860,000+. Our average searches
are around $1.25 million in total annual compensation, which is probably about 35% cash and the remainder in equity and other incentives. So, it is an enormous range is kind of my point. So, it's hard to actually put out a report like this, because we certainly don't want to exclude anyone. We certainly don't want to think anyone's underpaid. A lot of it just has to do with the particular model that you're a part of and how they value IT, in some cases, how they value security in their organization. So, it's kind of a tough question to answer. We get that a lot, by the way.
Ron 14:44
What about the non-monetary incentives?
Michael 14:47
A couple of things that come to mind. They are increasingly becoming more board ready. I think a lot of that was driven, if I look at history here, this has been a really odd year of historical events. One of which was in March, the SEC announced that they proposed amendments calling for the enhancement and standardization disclosures regarding cyber risk and incident reporting and governance for public companies. That created a massive wave of CISOs becoming more interested and more prepared to take on board level positions. And so, this has become a huge incentive and a huge play for CISOs, where they're going in their future direction. They can keep their day job and, at the same time be on a public board, that's the end game goal, even a private board. It brings them further into the executive layer stratosphere that they've all been yearning to get into, you know, moving away from the technical know-how and into more of a business executive. So, that's kind of one of the interesting incentives there. Being part of industry committees. I have a lot of CISOs that will be the thought leader in insurance or FinTech or automotive or weapons, whatever it might be, because they are looking at how to secure their own environments and they're using those best practices to create standards for their industry. So, being thought leaders, and really enabling that. One of the big incentives, or one of the big transitions we see, is that the number of CISO or up and coming CISO leaders that have gone out and started their own security product, product security and services companies, many of which you've had on the show, but it's great to see these budding executives and entrepreneurs who just had amazing
ideas. They were very sound at their role, they could have continued on their path, but CISOs have a lot of organizational skills, they have a ton of communication superpowers. They make for great CEOs, many of them, so there's a lot of directions and incentives that can happen in and out of the CISO role.
Chris 16:37
We talked about the benefits and some of the compensation that goes into being a CISO, but one of the most jaw-dropping and awe-inspiring things is the responsibility that CISO has for an organization. I'm sure that there's a lot of folks that are out there that say, "You know what? I love cybersecurity, I want to continue to grow and evolve my career and they think that the only destination is being a CISO." But every time I've had a conversation with someone that is either looking to be a CISO, or maybe they're looking for a mentor in being a CISO the first question they're often asked is: Are you sure you want to be a CISO? And that comes with a lot of baggage. Could you illuminate for everyone exactly some of the responsibilities that might not be at the forefront of people's minds?
Michael 17:22
Just to cover that piece of it, it's kind of a gripping time, right? For those who are old like me, we remember the MBC model "must see TV," that's kind of where we are right now with CISOs. There’re really two sides of the story. There's this unprecedented expansion of scope, in a relatively short period of time, with a new executive leadership role that happens to come from a technical background. New superpowers are being created before eyes, new scope, very rapid scope being added. And at the same time, you have this kind of unprecedented lack of awareness and a great need for further education around what CISOs do and what a proper security program actually looks like. This leads to rapid mis-calibration, which leads to short tenures and high turnover, which leads to stress. Unfortunately, there's a significant increase in both burnout and some mental health challenges that we see, it's really hard to see every day. And so, you have this sort of two-sided monster. But to your point as to where the CISO is, what people aren't seeing, I would say the biggest thing is that level of communication. The CISO has to be an executive Horse Whisperer in a way, right? They have to know the balance of what language to use, when to use it, how to present it, what not to say, and what to say. But there is a wave of education around this that I think most people are starting to recognize and actually the pandemic, the mid-pandemic, really exposed this, you know? The CISO became the chief crisis officer in many cases, it was driven by remote workforce using remote software development in many companies for the first time. They are protecting, they're looking around the corner at what's next, you start adding things like the war in Ukraine, it really woke up many boards and executives to how to secure critical infrastructure and OT, a massive increase there. And then, of course, the attack surface just continues to explode with the increase of cloud native and cloud first environments. So, all these things tie to all the hidden scope and hidden items that CISOs have to be aware of, but I always point it back to this communication excellence. It's the thing I work on with CISOs all the time, working on your communication, both internally with your company, externally and making sure you're considered a thought leader. People want to know what you want to talk about. Start a conversation, make sure you're writing a piece on that, get your branding out there, because CISOs do have this kind of library of knowledge that they just have to figure out how to communicate it to both their internal constituents and external community.
Ron 19:50
One of the other aspects is like what you mentioned, a lot of the CISOs that are working at big
organizations, or organizations that are disrupting industries, they've almost become influencers. People seek their wisdom, they seek the posts and the insights that they share on social media, podcasts, videos, conferences, and I think that's always really great to see, you know, someone being able to take such a job that requires so much responsibility and make the best of it. But I got to ask you: What have you found after speaking to 500+ CISOs just this last year on your report? And even going back further, what have you found to be the most productive or successful types of backgrounds that CISOs have?
Michael 20:36
Just because we are so niche in what we do and that we work primarily with technology and softwaredriven companies, the ones that are successful with our searches— This is not an answer to why are all CISOs successful, or not successful, but it just more about our searches, if that makes sense. They have a great balance of the four components we talked about. They may be an absolute dynamo, and in superpower category for let's say, OpSec, advanced OpSec in a cloud environment. And they may be so good at that, that they've kind of graduated to being able to have others handle a lot of the scope there and they're working on things like communication with the board or the executive team, how to distill business risk in a non-technical or threatening manner. And so, there's that balance there. There's the understanding, or at least passion around the nuance of compliance. It's a big, huge scope
item. A lot of people think that CISOs should be split into two areas, you know, compliance and
technical. I'm not a big fan of that, I actually think that CISOs are bright and expansive enough to include both, there just has to be investment in this area. And so, I think, what we'll see is we'll see a lot of systems where actually, they're extremely excellent and the technical end, but they can balance the governance piece. They may not run everything on their own, they may have a lieutenant helping them, but they are very passionate about the space. And then, the final area is just, which is the place that they're probably not shining from day one if they're up and coming, is this concept you talked about earlier about sales enablement, customer enablement, and partner enablement. Being able to speak to others about the product or about what we're doing internally and our own best practices, how to be that sort of outwardly facing evangelist in many ways. Also, being able to run the operation. So, at the
end of the day, having a superpower and being able to run a very strong operation, protecting the data first and foremost, everything else is kind of learned. Those candidates that can balance all of that and usually come through in interviewing situations. There might be holes, but they can certainly close those gaps pretty quickly.
Chris 22:48
So, I gotta ask, I mean, in all the work that you do, you're obviously very, very busy looking for homes for CISOs. You're speaking to CISOs, you're serving CISOs, trying to get as much data as you can, and I'm sure that really gives you an opportunity to really see what's going on in the space of cybersecurity. Is there a story that really comes to mind? Because I'm sure that there are times where you're like, "Wow, this is so much work. This is so hard for us to do," but you continue to do it anyways. I'm sure that there are stories that keep you going. Is there a story that comes to mind that makes you think, "This is why we do what we do," in getting CISOs to the home they need to be in?
Michael 23:28
Yeah, first of all, I'm not that busy. I just go fishing all day.
Chris 23:31
I'm sure. You wish.
Michael 23:34
Right? I know it sounds weird. People think we're masochists. We absolutely love this community. This is a community that actually gives back to us as much as we give to them, which is pretty special. There's a trust level there, and that's why we started the VCISO matching program. We see VCISOs and fractional CISOs as just as much as a community as a full- time CISO. The problem is no one's advocating for them, and they get these really unqualified situations they have to walk into. It's highly frustrating. It's time consuming. These are usually single proprietor entities. Sometimes they're firms with a bunch of systems, but either way, it's very inefficient. So, we're like, "Okay, well, what can we do to give back to the community that's been so good to us?" We're really only good at one thing, and that is matchmaking, right? So, we're using that power that we have of matchmaking of full time CISOs and just carrying it over to the virtual side, it's been a fun program to start off, but I think the community is really the thing that keeps us going. Clients, it's always at Rubik's Cube every client we have, it's just like, "How fast can we do it? How much is it going to take us?" I was horrible at Rubik's Cubes I should mention, I think I could get like, one side maybe. When you hear in the voice of someone that, "Hey, I've been here for two or three years and it is just the best career move. I'm getting sponsored the way I thought, I'm getting the education I thought I would get," they could be a 25-year-old or a 50-year-old, they could be in their third CISO role or their first one, there's just nothing like that feeling to us. That just lightens up our day and the same thing with the client, like, "You brought in this amazing executive, and they've really changed the way we've thought about this and we're just a much better company than we were." That's sort of what keeps us going.
Ron 25:11
I would love to speak to that 25-year-old person about the range, right? There's got to be someone out there that's 25-years-old, maybe a little older, a little younger, and they have a few years of cybersecurity experience and they saw that they could be a CISO one day. They heard the numbers, they heard the responsibilities, they were so happy about it, but they don't know where to start. What would be your recommendation, with all of the wisdom and experience that you've gained, for directing that person to take that first step after knowing that they want to be a CISO?
Michael 25:44
Yeah, go find a 50-year-old CISO. Yeah, or they can talk to me, who is approaching 50, unfortunately. But it is a journey, I think most people understand that, most people realize this is not going to be a leapfrog event. There certainly are battlefield promotions that happen every day, and actually, this is aneconomic environment where we're seeing it much more, which is awesome. We love it. Like, we just had a situation, two situations where a client hired us, and we said, "You know, the person that you have in the role is actually probably your candidate, even though we're gonna go run an exhaustive an comprehensive search for you, but we may be back into the same place, but you'll be better educated on what the model will be and we'll make sure we flush everything out." And it turns out that one case, particularly like, that's exactly where we ended up, and it's a great result. There was no disruptive
change in direction, it was continuing on, but they realized that the gaps that they had with their up and coming CISO was just as easily fixed or easily plugged by just getting the right sponsorship. But for the 25-year-old, I mean, I think finding a passion, whether that's one of those four areas or something else. I'm a big believer, you've probably heard me say this before, that you just have to know where your superpower is, or what your superpower wants to be. In other words, that thing that's passionate to you, that you probably know better than 99% of the population out there. And really start talking about that and start building a community around that. What will happen, amazingly, is that people will grasp onto the fact that you are a thought leader in this one area, which I firmly believe, once you're a
superpowered evangelist or thought leader in one area, then the trust will come out in other areas as soon as you start expanding your own knowledge. And so, that's how we've seen the younger crowd get further into executive levels. It doesn't happen overnight, but it is definitely a recipe there that seems to work.
Chris 27:34
Great information for anyone out there looking to be a CISO. Obviously, Michael has a wealth of knowledge in this space, so be sure to reach out to him directly. We're gonna drop all of his information down in the show notes wherever you're listening to this. Definitely check out Hitch Partners. Michael, thank you so much for taking the time out of your busy schedule to hop on mics with us, and with that, we will see everyone next time.
Hacker Valley Studio 28:05
If you found value in this content, it would mean the world to us if you shared it on social media, sent it to a friend, or talked about it over coffee.

Keeping Cyber Course Prices Equitable with Kenneth Ellington

November 29, 2022 Hacker Valley Studio

00:00:00