February 15, 2016

10 Things I Know About...Hiring a vCISO

10. A hedge against a breech

A virtual chief information security officer can serve as security consul or as an interim CISO to fill the gaps during a planned information-technology security policy review. Better to be safe than sorry.

9. High talent at low costs

As a temp hire, a vCISO offers flexibility and cost controls. He/she can help build programs, conduct employee training, draft security policies and set standards for compliance mandates.

8. Bridge the divide

Most small and midsize businesses do not have senior security talent on call. Having someone conversant in identifying and analyzing threats, creating strategic security plans and ensuring compliance requires the right level of expertise.

7. Help companies succeed

Cisco reported only 29 percent of organizations have a CISO. Businesses with a CISO recorded the highest levels of confidence in their security stance in terms of optimization and clarity.

6. Finding the shoe that fits

For small to midsize businesses, it doesn't make sense to invest in a full-time CISO. A virtual one delivers a pay-as-you-go option and specialty skills required to draft a strategic security plan for a sound future.

5. How to contract

There's no universal standard for hiring a vCISO. Set up a retainer for a number of hours, contract on a per-project basis, or buy a chunk of hours to use as needed.

4. What to look for

A qualified vCISO will be up to speed on the latest best practices, with experience in conducting risk assessments, penetration testing, intrusion detection and other key services. Should also have ability to train internal security staff.

3. Comparative costs

A contract rate for virtual CISOs is 35-to-40 percent of the average salary for a full-time information security person.

2. Trust in leadership

Many companies are forced to spend an increasing proportion of budget on cleaning up after a breach. A vCISO can be invaluable as a firefighter and leader. Don't wait until a breach occurs; prevention is better than cure.

1. Who needs them

Businesses with access to personal consumer data or companies in regulated industries, or with proprietary intellectual property, or with data security concerns are the best candidates for a vCISO.

Michelle Drolet is CEO of Towerwall, a data security services provider in Framingham. You may reach her at michellle@towerwall.com.

Comments

Type your comment here:

Today's Poll If you were in charge of a family company would you sell it to a corporation?<>
ADVERTISEMENTS
Most Popular on Facebook
Most Popular on Twitter
Copyright 2017 New England Business Media