CISO Interview: "Transparency isn’t a weakness—it’s the cornerstone of trust."
Signal to Noise: An Interview with Buzz Hillestad, CISO at Prismatic
Welcome back ABCbyD community to Signal to Noise! We’re trying a slightly different format (thanks to some awesome reader feedback), getting you closer to the interviewer with more direct snippets of wisdom. In this edition of Signal to Noise, I had the privilege of speaking with Buzz Hillestad, CISO at Prismatic. With a career spanning IT, security, consulting, and incident response, Buzz brings a wealth of experience and practical wisdom to the cybersecurity table. From his early days disassembling computers to leading security at a dynamic startup, Buzz has seen the evolution of security threats and solutions firsthand.
Our conversation covered everything from prioritizing investments to parsing marketing hype and the evolving threat landscape. Here are some highlights, distilled to cut through the noise and provide actionable insights for security practitioners and vendors alike.
On Signal to Noise: Finding Clarity in Chaos
When asked what “signal to noise” means to him, Buzz immediately reflected on the infamous Target breach—a cautionary tale of alerts buried under excessive noise.
"The information was there, but they missed it because their system wasn’t tuned properly. Good tools and processes refine the signal, minimizing the noise, and help teams focus on the critical threats."
Buzz’s takeaway: Effective security operations are built on tuning systems and processes to surface actionable insights. Without that, even the best data becomes lost.
The Vendor Litmus Test: Transparency Over Hype
Buzz is no stranger to vendor pitches, and he’s developed a keen sense for what works—and what doesn’t.
"If it smells like BS, it probably is. Don’t sell me on fear or flashy dashboards. Show me the science, the proof, and where you excel—and be honest about where you don’t."
He shared his admiration for companies like Red Canary, which openly highlight both their strengths and limitations. This transparency not only builds trust but allows CISOs to make informed decisions tailored to their needs.
"I’d rather work with a less performant but transparent vendor than one with high efficacy but a black-box approach. As long as you’re actively improving and transparent, I’ll be in your corner."
The Evolving Threat Landscape: Knowing Your Enemy
Having spent years in incident response across healthcare, government, and now tech, Buzz has a grounded perspective on the modern threat landscape.
"Hacking has changed. It’s no longer about street cred—it’s about profit and power. You’ve got crime syndicates committing fraud for money, and nation-states like China targeting intellectual property."
Buzz emphasized the importance of understanding how threat actors operate. By knowing their tactics and objectives, teams can better defend their systems and prioritize resources.
"You can’t watch everything. But knowing who’s likely to come after you and how they’ll do it allows you to focus on protecting the right pathways and identifying areas of higher risk."
Building a Castle: Prioritizing Investments in Security
For Buzz, security investments come down to solving real problems with measurable results.
"A product must do what it claims to do. If I’m in a demo or POC and there’s a failure—or the team doesn’t seem to know their product—I’m out."
He shared five key criteria for evaluating tools:
Efficacy: The solution must solve the problem it claims to address.
Ease of Use: Tools should reduce friction, not add to it.
Measurable ROI: Whether it’s reducing breaches or saving time, the value must be quantifiable.
Trust and Transparency: Vendors should openly share strengths, weaknesses, and real customer feedback.
Proactive Updates: Continuous improvement to address emerging threats is non-negotiable.
"Tools that are hard to use or overly complex to integrate are dead on arrival. Integration and automation are table stakes today."
Advice for Vendors: Be the Signal, Not the Noise
Buzz had clear advice for vendors looking to stand out:
"Understand my problems, demonstrate proven results, and provide transparency. Don’t try to dazzle me with fluff—show me how you tangibly improve security posture or reduce risk."
He stressed the importance of focusing on core functionality, building customer trust, and maintaining a transparent relationship.
"The best vendors are less about marketing and more about customer success. If you can’t show measurable outcomes, you’ll get lost in the noise."
Final Thoughts: The Case for Transparency
Buzz ended our conversation with a reflection on transparency in the industry.
"Everything has problems. The more transparent you are about your weaknesses, the more you can work on them—and the more people will trust you."
In a world increasingly driven by buzzwords and hype, Buzz’s perspective is a refreshing reminder of what truly matters: trust, clarity, and a relentless focus on solving real problems.
Talking with Buzz Hillestad was a breath of fresh air for folks looking to cut through the noise to find what matters most. From understanding threats to evaluating tools, his insights reflect a seasoned CISO who values practical solutions over flashy promises.
For Buzz, success in security is about more than just tools—it’s about processes, partnerships, and the willingness to be honest about strengths and weaknesses.
Stay tuned for more conversations like this in Signal to Noise.
Stay curious and stay secure, my friends!
Damien