I met with the CIO, the Privacy Officer and several senior IT people. Several times they spoke about the previous security teams and how would I do something different. That raised a red flag. Several other security teams? In a HIPAA regulated organization? Then I realized that within a month, the CISO of Health and Hospitals and MetroPlus both left? As a security professional, that's concerning. As a HIPAA regulated organization, to have so many "teams" coming and going isn't good. Eventually, when it came time for an offer, I declined. $140k for a 15 year CISO is an insult in NYC. I've hired security managers for more than that. It's clear to me: Multiple security teams, lack of resources, no commitment to the proper tool set and subpar salaries? This organization does not value security or protecting of their data and their clients. After Equifax's breach, I don't want my face plastered all over the internet as the face of a major breach: I declined the offer