Merritt Group CISO Blog


Estimated Reading Time: 2 minutes

A Q&A with John Masserini, CISO at Millicom Telecommunications

This Merritt Group blog is part of an ongoing Q&A series with CISOs on preferred marketing and sales techniques, leading up to the RSA Conference, taking place March 4-8, 2019 in San Francisco – where cyber professionals from all over the country will come together to make connections and keep the digital world safe. 


As an industry veteran, John Masserini has gained widespread recognition across multiple verticals in information security, especially in providing a more business-focused approach to information risk programs for today’s security challenges. In his current role as Global Chief Information Security Officer (CISO) for Millicom (Tigo) Telecommunications, Masserini leverages this extensive background to drive the company’s information security and risk management strategies, including security architecture, security operations, regulatory compliance and business continuity for all global business lines at Millicom.

In an interview with Merritt Group’s Security Practice Lead, Michelle Schafer, Masserini shared his views on what it means to be a CISO in today’s landscape and what security vendors should know before trying to market and sell to him. He will be presenting his views at the upcoming T.E.N. & ISE® Sales and Marketing Breakfast during RSA 2019.

How long have you been a CISO?

In total, I’ve spent almost 15 years building and developing information security teams. I’ve been a CISO at Millicom for the past year and a half. I’ve also previously served as CISO for MIAX Options Exchange and Dow Jones/The Wall Street Journal, where I oversaw security, risk management and business continuity.

 What are your top vendor challenges when it comes to securing your enterprise?

One of the biggest challenges is finding vendors out there who are ready to be partners, instead of just “vendors.” To me, this means working with people who care about both our organizations’ success, and who call me more than once a year – not just to see if I got the annual invoice. They work with my team to provide the full picture about a solution, sending details on relevant industry topics and what’s going on locally. Finding partners who are interested in our mutual gain, and who I can trust, can be pretty hard to come by in today’s market.

 What turns you off about security vendor sales?

Too many solution providers fail to understand the operational complexity they will introduce into the enterprise. No matter how good a solution is, it’s going to be disruptive to my organization because the vast majority of security solutions are inherently disruptive. Posing questions like,  “How do you support hot/hot failover in geographically disparate regions?” often results in complexities when working to implement a new solution, which more often than not is also operationally intensive. I’ve seen many potentially amazing products crash and burn because the product team had forgotten about one of these three aspects of the process.


Read the rest of the interview on the Merritt Group Blog


Copyright © 2002-2024 John Masserini. All rights reserved.


By JM

Leave a Reply

Your email address will not be published. Required fields are marked *

Chronicles of a CISO