Another Successful Information Security Summit

Once again, the Information Security Summit hosted by Towerwall and MassBay was a resounding success. Hundreds of attendees and vendors participated in  diverse data security panels and networked with industry leaders and peers. The Summit opened with Michelle Drolet, CEO of Towerwall, and Shamsi Moussav, Computer Science Professor at MassBay Community College, presenting scholarships to MassBay students Kirk Barge and Julius Newton. Michelle Drolet said,

“ This is the 3rd year in a row the Information Security Summit has given out scholarships to MassBay students in their Cyber Security Certificate Program. We are planning on creating two new scholarships for the new Cyber Security Associates Degree which is being launched this Fall. ”

After the scholarships were awarded, Sophos Americas Lead Corporate Engineer Alan Phillips educated attendees about the importance of encryption, starting from the basic definition to why it’s critical for any small or large company. @CISOatBrownU tweeted about Philips’ encryption presentation:

“It’s not just losing a device, it’s losing an unencrypted device; that’s the real issue. #summitbuzz #infosec #datasecurity #privacy

Throughout the day, attendees went to multiple breakout sessions. Topics of the sessions ranged from mobile, cloud, network, application and infrastructure security to risk management and compliance, steps to satisfy the demand for security talent, and industry trends and technology. Local FBI agent Scott Brown was unable to present due to the Usaama Rahim incident.  Keynote Speaker William T. Crushing, Jr., Senior Vice President, Chief Audit Executive and Chief Risk Officer at Blue Cross Blue Shield of Massachusetts, ended the event. Attendees were educated on how to have a well-founded security infrastructure and defense. Overall, this year’s Information Security Summit was a success. The next Summit will be on June 9th, 2016, until then, please stay informed about latest security threats and tips by following us on Twitter: https://twitter.com/Towerwall

Securing Your Future with a Virtual CISO

The enterprise is facing a dangerous combination of mounting cybersecurity threats of increasing subtlety, and a widening gap in the skills required to identify and combat them.

Having someone that knows how to lead the charge in identifying and analyzing threats, creating strategic security plans and ensuring compliance, requires the right level of expertise.

Many businesses, especially small and medium businesses, simply don’t have it.

Last October the Information Systems Security Association spoke of a “missing generation” in information security, pointing to an estimated 300,000 to 1 million vacant cybersecurity jobs.

Clearly it’s going to take time to fill that gap, but if the talent isn’t available right now, what are companies supposed to do?

 

Do You Have the Right Person for the Job?

According to Cisco’s 2015 Annual Security Report, 91 percent of companies have an executive with direct responsibility for security, but only 29 percent of them have a Chief Information Security Officer.

Businesses with a CISO in place recorded the highest levels of confidence in their security stance, both in terms of optimization and clarity.

Many organizations are asking other executives to step into the gap and they often lack the expertise required to outline a solid information security policy and drive it forward.

There may be areas of your business where you can afford to have employees feeling their way and learning through trial and error, but security is not one of them.

“For small to mid-sized businesses it may be difficult to justify the expense of a full-time CISO,” says Candy Alexander, CISSP, CISM and Boston GRC Consultant.

“Recruitment can also be a real challenge. How do you find the right fit for your business within your budget when you lack the internal experience to properly evaluate a candidate?”

 

Enter the Virtual CISO

Perhaps it’s time to consider a less traditional approach. There are lots of reasons to consider a virtual CISO. If you’re suffering from attrition and need someone to step in on an interim basis, if you want some supervision and advice for a relatively green InfoSec manager, or if you want to ensure that you only pay for what you actually need, then a vCISO could be the answer.

For smaller businesses it simply doesn’t make sense to invest in a full-time CISO when you can hire a virtual one and get the specialty skills you need to draw up a strategic overview and deliver the big picture. No need to worry about benefits or monthly overhead.

It’s a flexible solution. You can set up a retainer for a certain number of hours, you can hire someone on a project basis, and/or you can even buy a chunk of support hours and use them when you need them.

It’s a way of getting the cream of security talent for a fraction of the cost. And it’s totally scalable. If you decide you need a full time CISO then you can even have the vCISO help you create a tailored job spec and then screen and interview candidates.

Contracting a virtual CISO can be far most cost effective than hiring a full timer. They can fill in where you need it the most, helping your CIO pull together your security policies, guidelines, and standards.

That could entail anything from getting to grips with HIPAA or PCI compliance, to staying on top of vendor risk assessments.

A qualified vCISO is going to be fully up to speed on the latest best practices, they have experience dealing with a wide variety of scenarios, and they are well-placed to train your internal security staff.

 

Planning for a Brighter Future

Many companies are being forced to spend an ever increasing proportion of their budget on cleaning up after incidents. A vCISO can be invaluable as a firefighter, but don’t wait until the worst happens: prevention is always better than cure.

A deeper dive into potential vulnerabilities, and support with a remediation plan now, could save your organization a great deal of time and money in the long run.

Whether you’re looking to fill a temporary gap, get a snapshot of your security health, or you need some leadership to roll out a comprehensive security policy, the vCISO is a compelling value proposition.

Until the new generation of security graduates matures, the vCISO may be your best shot at reducing security risks.

 

This article was recently published in Dark Matters.

Image courtesy of Dark Matters.