Product Specials — Episode 2: Virtual CISO (vCISO)

videoDuration

Do not index

Thumbnail

Product_Specials__Episode_2-_Virtual_CISO_(vCISO).png

CISOs and vCISOs

CSO Online defines a CISO as “The chief information security officer (CISO) is the executive responsible for an organization’s information and data security.” CISOs tend to be relatively expensive when compared to a vCISO, besides the additional overhead of hiring and retaining them.

Introducing Virtual Chief Information Security Officer (vCISO)

A vCISO is an outsourced security practitioner or provider who provides their time and insight to an organization on an ongoing basis, usually part-time and remotely.

Key benefits of vCISOs include:

· Bring a wide range of expertise: i.e. extensive experience and exposure in various domains

· Networking with multiple cybersecurity solution providers

· Flexibility of working, often remotely

· Provide SMBs access to the global talent pool

Adapting from Gartner, the key responsibilities of a vCISO are highlighted below:

According to multiple publications, vCISOs tend to be relatively more budget-friendly. In the US alone, the average salary of CISOs tends to be around $200,000, whereas vCISO compensation is much lesser. They can also be hired quicker, relying on trusted third-party (e.g. Ofofo Marketplace) references and rating, without extensive vetting.

Relevance to SMBs

While 71% of SMBs report that they have only the basic security infrastructure and the majority (52%) admit to lacking in-house skills to properly deal with security issues, a vCISO can bridge the gap by bringing in focussed knowledge and domain expertise.

Off-the-shelf knowledge and expertise, higher levels of cost-effectiveness, quicker integration with cyber security teams and a better level of scalability tend to be some of the primary motivations to hire a vCISO. Other reasons include end-to-end cyber security posture management and solution implementation/deployment.

As vCISO, the professional is responsible for the overall cyber readiness of your business, it is recommended that the following factors are considered while hiring for this position:

· Relevant Experience: Their work with similar-sized companies and industry

· Tools and Support: What kind of support and solution do they plan to bring onto the table

· Trust: Alignment of expectations, rapport and communication skills

Service Usage

Most businesses tend to consume this service by making sure adequate cybersecurity infrastructure and the right environment is in place. The figure below further details the same.

Upon on-boarding, they contribute towards cyber security vision, strategy & implementation, framing appropriate cyber security architecture and policies, and conveying security goals to the Board of Directors.

Additional contributions might include:

· Advisory for compliance and regulatory audits

· Risk mitigation and incidence response

· Offer consultation on defining security budgets & cost-effective solutions

· Help plan and training of various teams

How can a marketplace help?

Some major pain-points SMBs face with traditional buying channels include:

Apart from the curation of solutions and enablement of easier comparison of vCISO expertise and pricing, marketplaces (like Ofofo) focus on creating an environment of transparency and trust by carefully vetting service offerings.

Conclusion:

Virtual CISOs are helping businesses better their security posture. They offer significant expertise and knowledge as traditional chief information security officers and tend to be relatively more flexible and budget-friendly. They are of utmost relevance to SMBs to better their security posture. Marketplaces can play a key role in SMBs’ vCISO procurement journey by bringing trust, confidence and ease of hiring.