Watch Now

Show Notes

Michael Piacente, Managing Partner & Cofounder at Hitch Partners, answers the essential question on many cybersecurity professionals’ minds: Where do CISOs find CISO jobs? As it turns out, Michael helps many cybersecurity teams find their perfect CISO match with the assistance of his own team at Hitch Partners. In this episode, Michael clarifies what the role of a CISO really is, explains the compensation and benefits, and reveals the many responsibilities a CISO may take on during their team in the role.

 

Timecoded Guide:

[00:00] Defining the role of CISO & finding the right homes for each CISO

[05:21] VCISO & fractional CISO as an alternative to a full-time CISO

[11:49] CISO annual income, benefits, & non-monetary incentives

[16:37] Explaining additional responsibilities & tasks taken on by the CISO

[25:11] Giving advice to future CISOs looking for the next cyber executive opportunity

 

Sponsor Links:

Thank you to our sponsor Axonius and NetSPIfor bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.

 

In your own definition and experience, what is a CISO?

Although there’s many definitions of the role, Michael clarifies that defining CISO should always include being an executive. To have a CISO who makes a positive impact and fulfills an organization’s needs, that CISO has to be properly placed, properly sponsored, and be in an environment where they have the proper reporting processes. Michael also believes the CISO should always be looking over their shoulder to be diligent of the next threat.

“In my version of it, a CISO is the executive— and that's the key term here— that has been properly placed, properly sponsored to handle all of the business information and data risk policy execution and operations in the company.”

 

What is the difference between a fractional CISO and a VCISO?

In Michael’s opinion, a VCISO (virtual CISO) and fractional CISO can be used interchangeably in a situation where a company does not need a full-time CISO executive. Unless they’re looking to support a strong security program, Michael understands that many companies don’t need a full-time CISO in order to be successful. A VCISO makes an impact on an organization’s security without being an overwhelming role in a smaller organization.

“Bringing in your starter package to implement the baseline or foundational building blocks of what will become a security program, in the form of a consultant or consulting firm, is often a wiser choice than going in building a security program around a full-time CISO role.”

 

Are there different types of CISOs, and have those types changed over time?

Previously, Michael defined 3 different types of CISOs in his search for CISOs with Hitch Partners. However, a fourth type has emerged in recent years: the BISO, or Field CISO. This fourth type joins the ranks alongside other impactful CISO types, including the client (or governance) facing CISO, highly technical CISO, the IT-focused CISO, and now, our fourth type, the BISO, who focuses on the business side of the risk.

“It's amazing that all of our CISO searches contain all these different types of CISOs. The fun part of that we get to figure out is: What's the priority [for the role]? What's the order? What does everyone in the organization think the priority should be?” 

 

How would you direct someone to take that first step after realizing they want to be a CISO?

Discovering the CISO role exists and being the right person for the role is an important distinction, and Michael encourages potential CISOs to take some time to research the job before getting involved in a job search. However, once someone knows they want to be a CISO, Michael advises finding a CISO mentor and diving into a passion. Each type of CISO needs an expertise and passion to propel them into the superpower status needed to be a CISO. 

“I think it’s about finding a passion. I'm a big believer that you just have to know where your superpower is, or what your superpower wants to be. In other words, that thing that's passionate to you, that you probably know better than 99% of the population out there.”

---------------

Links:

Keep up with our guest Michael Piacente on LinkedIn

Learn more about Hitch Partners on their website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Recent Episodes

Jul 9, 2024

What We All Should Be Talking About When It Comes to AI and ...

In this episode, Host Ron Eddings is joined by guests Anirban Banerjee, CEO and Co-Founder at Riscosity, and James Berthoty, Founder and Analyst at Latio Tech. Together they focus on data ...

Jul 2, 2024

Navigating AI as a CISO with Whitney Palacios

In this episode, Host Ron Eddings catches up with one of his colleagues, Whitney Palacios, Vice President and CISO at BigBear.ai. They explore the challenges and responsibilities of being a CISO ...

Jun 26, 2024

The Power of AppSec, Cyber Education, and Friendship with Tanya ...

In this episode, Host Ron Eddings catches up with longtime friend, Tanya Janca, Head of Education and Community at SemGrep and author of 'Alice and Bob Learn Application Security.' Tanya shares ...

Jun 18, 2024

Networking 2.0: The Future of Decentralized Networking & Access ...

In this episode, Hosts Ron Eddings, and Jen Langdon share takeaways from Ron's RSA conversation with Colin Constable, Co-Founder and CTO at Atsign On this show, they’ll break down Networking 2.0 ...

Jun 11, 2024

How AI and TPRM Makes Security the ‘Dept. of Innovation’ with Paul ...

In this episode, Host Ron Eddings enjoys a reprieve from the hectic RSA conference with guest Paul Valente, CEO of VISO Trust. Paul discusses how he used his extensive experience as a CISO to ...

Jun 4, 2024

A Deep Dive into MSSPs: Understanding the Evolution and Secrets ...

In this episode, Ron Eddings and Jen Langdon explore the origins of MSSPs and the solutions they offer to the cybersecurity industry with insights from Ricardo Nicolini, CTO at Bulletproof. ...

May 28, 2024

Zero Trust Tactics: Preventing Breaches with Ivan Fonseca & Nick ...

In this episode, Host Ron Eddings teams up with Ivan Fonseca and Nick Cottrell, Cybersecurity Engineers at ThreatLocker, as they break down the anatomy of previous breaches and the attacker’s ...

May 21, 2024

Enterprise Browsers: Work’s Natural Next Step

In this episode, Ron Eddings and Jen Langdon talk about the evolution of browsers and how enterprise browsers have entered to change the game for corporations. Special guest Brayden Rogers, ...

May 14, 2024

Building Tech and Adding Value in the Era of AI with Josh Danielson

In this episode, Ron Eddings talks with guest Josh Danielson, CEO at Kustos, about how his journey at a previous organization has led him to build and create new products in the industry. ...

May 7, 2024

Building Fast and Not Breaking Things with Shlomi Matichin

In this episode, Ron Eddings and guest Shlomi Matichin, Co-Founder & CTO at Valence Security, discuss how the hurdles and triumphs in the journey of establishing Valence Security resulted in ...

WORK WITH US

PODCASTS + SPEAKING + EVENTS

Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.