Picking the right Virtual CISO for your business is easier said than done. There are so many different vendors and individuals offering vCISO services these days that it’s hard to know where to start. We wanted to provide a guide to help businesses figure out the right type of vendor for them.
While Fractional CISO does operate in this space, we firmly believe that there is no one-size-fits-all solution in cybersecurity. We want every business to find the right cybersecurity solution for their unique needs, and so have published an ebook to help you make the right choice.
The ebook includes a quick-decision chart intended to help you quickly get in the ballpark area of what type of vCISO provider you should be looking for. A sample of the ebook and the chart is provided below.
Picking a vCISO: The Story of Three CEOs
Carl, Ernie, and Sarah are three CEOs of three very different companies who meet regularly in a business leadership group to share insights and learn from one another. Recently, they have been discussing cybersecurity practices and management. Each organization is currently facing its own, very different set of cybersecurity concerns they want a leader to help them solve.
Carl’s Consulting Company is a 100-employee consulting company specialized in technical consulting, customer experience, user retention, and rewards programs. They issue Macbooks to all employees and primarily use Google Workspace. They also use AWS in a limited capacity, where needed for certain contracts. Beyond attempts to securely configure their own systems, they have not yet paid much attention to cybersecurity. As their company has grown and built out an impressive portfolio of work, larger businesses have taken an interest in their services – but they want to see a stronger cybersecurity program in place and a SOC 2 attestation to prove it.
Ernie’s Enterprise provides healthcare management software and has approximately 2,000 employees across three office spaces in Boston, Austin, and San Francisco. They all use company-issued desktops and laptops both Macbooks and Laptops. They have a relatively robust cybersecurity team, but were recently hit with a HIPAA violation, landing them on the dreaded “Wall of Shame.” They want to quickly replace their current CISO with someone who can set a new path forward while maintaining or improving their existing HIPAA, SOC 2, and ISO 27001 compliance efforts.
Sarah’s SaaS Startup is a small, 15-employee company that provides a SaaS application intended for construction company administrators. They are a complete Microsoft shop, using Windows for devices, Microsoft 365, and running their product on Azure. Sarah doesn’t have any compliance needs, but is concerned about the damage a cybersecurity attack could do to her small business.
A Virtual CISO for All Three?
After sharing their myriad cybersecurity concerns. The mentor of the peer group, Margaret, suggests that three look into acquiring the services of a Virtual CISO provider. She explains that vCISOs are often able to perform the cybersecurity tasks an organization needs while being faster to hire and costing less than a full-time CISO.
The three start to evaluate vCISO providers only to discover that there are so many different options! They aren’t sure who to select. To help walk them through the decision, Margaret walks them through several points to consider in their evaluations, and the different types of vCISOs they could choose from.
Download the full ebook to learn:
- What the five common types of vCISO providers are
- What specializations each vCISO provider can bring to the table
- The four major points to consider when making your decision
