Typical comp shape
Head of securitys usually earn large rsu + sign-on grants. Common employers include Cloudflare, CrowdStrike, Okta. Security leaders joining post-breach often negotiate accelerated sign-on vesting, concentrating tax in the first 12 months.
What California changes
In California, every RSU vest, NSO exercise, and ESPP purchase carries 13.3% state tax on top of federal. For a senior head of security with $300k+ of equity income, the state layer routinely adds $25-45k to the annual bill.
State AMT for ISO holders
If your head of security role grants ISOs (common at pre-IPO startups, uncommon at post-IPO mega-caps), be aware that California runs its own AMT calculation. An ISO exercise-and-hold here generates AMT at two layers, not one.
Planning cadence
For a head of security in California, the three planning windows are: after each RSU vest (withholding check and sell-vs-hold), before any ISO exercise (AMT model at both federal and state), and in Q4 (estimated tax top-up to clear the safe harbor).