Leadership, Security awareness

When Should You Just Do It Internally or Hire a Consultant? – John Iatonna – CSP #54

With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone externally, or bring in a consultant? What are the pitfalls of each approach? Join John as he discusses his experience in making these tough decisions.

To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_John_Iatonna_Article.pdf

Iatonna, J. 2019. Develop from Within or Hire a Consultant. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 423-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.

This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Sponsored By

Full episode and show notes


John Iatonna
John Iatonna
CISO at Spencer Stuart

John Iatonna is Chief Information Security Officer at Spencer Stuart, an international executive search and leadership advisory firm based in Chicago, IL, where he oversees global operations of the company’s information security program. Prior to his current role, John served as Senior Vice President of Information Security, Governance and Risk at Edelman, Inc. a global communications firm. John holds a master’s degree in IT management from Northwestern University, a bachelor’s degree in Business Administration from DePaul University and has been a certified information security professional (CISSP) since 2008.


Todd Fitzgerald
Todd Fitzgerald
Vice President, Cybersecurity Strategy at Cybersecurity Collaborative
prestitial ad