Preview Mode Links will not work in preview mode

Defense in Depth

Jan 30, 2020

All links and images for this episode can be found on CISO Series (

A data breach usually spells financial and reputational disaster. But such an event can also be an opportunity for a security professional to capitalize.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Michael Piacente, co-founder and managing partner, Hitch Partners.

Thanks to this week’s podcast sponsor, Anomali.


Anomali is a leader in intelligence-driven cybersecurity solutions. Anomali turns threat data into actionable intelligence that drives effective security and risk decision making. Customers using Anomali identify cyber threats from all layers of the web, automate blocking across their security infrastructures, and detect and remediate any threats present in their networks.

On this episode of Defense in Depth, you’ll learn:

  • Salary negotiation is a topic that is always in vogue, but the post-breach angle shows the value companies are eventually seeing in the CISO role. Unfortunately for them they realize it after the fact.
  • A bad breach incident will cost far more than an investment in a good security team. But that's your insurance policy.
  • Location, industry, and size of company are all key factors on whether or not a CISO will be able to command a seven figure salary.
  • Industry specific skills will definitely come into play. If a bank is breached and you've been a security professional or a CISO at multiple banks that has maintained its cybersecurity without any significant incidents, then you have a lot of leverage.
  • When a company needs a CISO to right the ship, they're going to want someone who has gained skills in the areas of communicating with the board, strategy, vision, leadership, and successfully creating a pro-security culture.
  • Negotiating salary is not just isolated to CISO role. There are cloud security architects that are in high demand and can garner a much higher wage than just a couple years ago.
  • Threats outnumber security people regardless of their rank. There's no one person that's going to prevent breaches. But if you have a poor security culture, then a company will need to pay for the talent to get it operating in the right direction.