Jan 30, 2020
All links and images for this episode can be found on CISO
A data breach usually spells financial and reputational
disaster. But such an event can also be an opportunity for a
security professional to capitalize.
Check out this post for the discussion that is the basis
of our conversation on this week’s episode co-hosted by
Spark (@dspark), the
producer of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
guest is Michael
Piacente, co-founder and managing partner, Hitch Partners.
Thanks to this week’s podcast sponsor,
Anomali is a leader in intelligence-driven cybersecurity
solutions. Anomali turns threat data into actionable intelligence
that drives effective security and risk decision making. Customers
using Anomali identify cyber threats from all layers of the web,
automate blocking across their security infrastructures, and detect
and remediate any threats present in their
On this episode of Defense in Depth, you’ll learn:
- Salary negotiation is a topic that is always in vogue, but the
post-breach angle shows the value companies are eventually seeing
in the CISO role. Unfortunately for them they realize it after the
- A bad breach incident will cost far more than an investment in
a good security team. But that's your insurance policy.
- Location, industry, and size of company are all key factors on
whether or not a CISO will be able to command a seven figure
- Industry specific skills will definitely come into play. If a
bank is breached and you've been a security professional or a CISO
at multiple banks that has maintained its cybersecurity without any
significant incidents, then you have a lot of leverage.
- When a company needs a CISO to right the ship, they're going to
want someone who has gained skills in the areas of communicating
with the board, strategy, vision, leadership, and successfully
creating a pro-security culture.
- Negotiating salary is not just isolated to CISO role. There are
cloud security architects that are in high demand and can garner a
much higher wage than just a couple years ago.
- Threats outnumber security people regardless of their rank.
There's no one person that's going to prevent breaches. But if you
have a poor security culture, then a company will need to pay for
the talent to get it operating in the right direction.