Synopsis: Cybersecurity professionals share their hard-won experience and knowledge about hiring, managing, and firing one of your company’s most sensitive leadership positions–the virtual Chief Information Security Officer (vCISO).
Note: While comprehensive, this white paper is not intended to be a complete discussion of this subject matter. Instead, it is an overview of issues which must be considered by management in order to reduce risk, save money, and decrease internal brain damage.
Introduction: People who read this white paper typically have already reached the conclusion that they need a CISO, but realize that they don’t need a FULL-TIME CISO. And they believe that this position, if managed correctly, can be handled by a remote, virtual, part-time CISO.
But whether it is full-time or part-time, most companies are ill-prepared to screen, hire and manage this type of senior-level technical talent. Most companies and HR departments have a difficult time even correctly defining the requirements for this critical position.
Demand for senior CISOs exceeds supply, therefore it has become prohibitively expensive and problematic for most companies to hire and retain this type of talent
Please refer to: Why Choose Us as YOUR vCISO Partner
1. Hire your own CISO or vCISO. If this is your path, you will find much useful info here to support your efforts.
2. Engage our vCISO services. In this case you will off-load much of the work associated with this process and you will get access to our vCISO team. Please refer to Why Our vCISO Team Approach is Better.
Here are just a few of the ways an experienced vCISO can help your company:
The bottom line is that you require a vCISO who is a seasoned IT and cybersecurity professional and who is experienced at providing strategy guidance to management and the folks executing management decisions. Sadly, there are many folks representing themselves as CISOs or vCISOs and they are counting on your inability to properly define and vet such a position. By the time you figure out they are inadequate to the task, you will have wasted much valuable time and money.
If you are going to hire a CISO directly or a vCISO as a service (vCaaS), here are some of the questions to ask candidates:
Note whether the candidate is comfortable communicating with senior management and others in the organization. Do they try to impress with technical jargon that only they understand?
Someone famous once said, “if you can’t explain something in a way that a six year old can understand, then you don’t understand it well enough yourself.” Some technical folks pride themselves on being able to confuse management people with their jargon.
Some preparatory questions for your management staff:
If you have hired the right vCISO, in short order, that person’s judgment and knowledge will become trusted. The vCISO will start to have significant input and impact on strategic IT, security and privacy planning and execution. Note that we have included privacy here. Privacy has both compliance and technical (security) aspects. It is likely your internal IT team or MSP has no experience with this.
But even if that is the case, continuous, methodical management is required. There must be excellent written and verbal communication between the vCISO and all staff. The nature of the work is such that frequent meetings with the vCISO are required. The frequency will be based on exactly what your vCISO is doing for you. Use of project management software to monitor progress on all projects is recommended.
Obviously, there is MUCH more to this topic…but if you hire us, you will automatically solve that problem.
A full time CISO has the keys to your IT kingdom. They have passwords to many or all of your systems and they know the architecture and operating systems that make up your company’s IT infrastructure. If the CISO ever becomes your adversary, then you could be exposed to serious risk. Typically, a vCISO directs your employees to make changes and as a result, does not have keys to your systems. He or she does have a lot of knowledge about the security of your systems. This significantly reduces your risk, unless you give them more access and power..
Tips for reducing risk during termination and/or separation:
Some companies establish a separation bonus for such high positions. This bonus is designed to be paid out in six months if there is a smooth transition and the person leaving cooperates fully and returns all company property.
Why Choose Us as YOUR vCISO Partner?
THIS IS OUR BUSINESS AND WE ARE GOOD AT IT
We are a full-service, U.S.-based cybersecurity company that has been approved to work with DoD contractors and U.S. government agencies. No matter where in the world you are located, we are positioned to help you build the best cybersecurity program possible. Please see our websites below for more information about us.
OUR CISOs ARE FULLY VETTED U.S. CITIZENS
We understand how to vet and check out CISO candidate's qualifications and experience. We have made the decision to only hire CISOs who are U.S. citizens. This is the only way to fully comply with cybersecurity requirements associated with protecting your sensitive information.
ACCESS TO EXCLUSIVE CYBERSECURITY AND PRIVACY PROGRAMS
Turnkey Cyber has developed the country's only TURNKEY cybersecurity and privacy programs that meet NIST and DoD requirements. These programs reduce the expense and brain damage of implementing cybersecurity and privacy across the enterprise.
OUR CISO SYSTEMS SUPPORT YOUR CIO/EXECUTIVE MANAGEMENT
In most companies top management struggles to hire and manage Chief Information Security Officers. This can result in lost productivity, increased risk, increased expense, and potential staff conflict. Our vCISO experience is such that we can cut to the chase and make sure company objectives are being met.
YOU ARE MAKING NO LONG TERM COMMITMENTS TO ANYONE
Hiring, onboarding, and managing a CISO is a slow, tedious process and untangling such relationships can be problematic and even dangerous. Your relationship is with us. We handle any disengagements. Your risk with respect to this issue is minimized.
ACCESS TO VETTED TECHNICAL TOOLS
A cybersecurity program consists of people, processes, and technical tools. There are many potential tools. We have spent years vetting tools to get the best value for our clients. This knowledge is at your vCISO's fingertips and can prevent purchasing blunders.
See more at our vCISO web page here: https://www.your-vciso.com
More heads are better than one. Your company will be assigned a primary vCISO, but this vCISO is backed up by our lead vCISO, specialist vCISOs (DoD, compliance, privacy, etc.) and our technical and business teams. All vCISO strategic advice and project work is reviewed by our lead vCISO. If your vCISO has any cybersecurity or compliance questions, he or she can get support immediately. We are able to recruit principled, seasoned, experienced vCISOs because they prefer to work in our virtual, supported environment as opposed to traditional, geo-restricted office environments. Since we are not limited to any particular geography, we can recruit the best U.S.-based vCISOs.
Want to meet our lead vCISO? Please watch the video on this page:
https://www.cybercecurity.com/virtual-ciso-services/
Or contact Mitch directly at: