10 Things I Know About…Hiring a vCISO

leadership team img1

By Michelle Drolet

Founder & CEO

Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of,

Read More

10. A hedge against a breach

A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry.

9. High talent at low costs

As a temp hire, a vCISO offers flexibility and cost controls. He/she can help build programs, conduct employee training, draft security policies and set standards for compliance mandates.

8. Bridge the divide

Most small and midsize businesses do not have senior security talent on call. Having someone conversant in identifying and analyzing threats, creating strategic security plans and ensuring compliance requires the right level of expertise.

7. Help companies succeed

Cisco reported only 29 percent of organizations have a CISO. Businesses with a CISO recorded the highest levels of confidence in their security stance in terms of optimization and clarity.

6. Finding the shoe that fits

For small to midsize businesses, it doesn’t make sense to invest in a full-time CISO. A virtual one delivers a pay-as-you-go option and specialty skills required to draft a strategic security plan for a sound future.

5. How to contract

There’s no universal standard for hiring a vCISO. Set up a retainer for a number of hours, contract on a per-project basis, or buy a chunk of hours to use as needed.

4. What to look for

A qualified vCISO will be up to speed on the latest best practices, with experience in conducting risk assessments, penetration testing, intrusion detection and other key services. Should also have ability to train internal security staff.

3. Comparative costs

A contract rate for virtual CISOs is 35-to-40 percent of the average salary for a full-time information security person.

2. Trust in leadership

Many companies are forced to spend an increasing proportion of budget on cleaning up after a breach. A vCISO can be invaluable as a firefighter and leader. Don’t wait until a breach occurs; prevention is better than cure.

1. Who needs them

Businesses with access to personal consumer data or companies in regulated industries, or with proprietary intellectual property, or with data security concerns are the best candidates for a vCISO.



This article was originally posted on the Worcester Business Journal.