The Chief Information Security Officer position has become the mainstay of a formal information security program. The position—which you would rarely find at a Fortune 500 company 20 years ago—is now essential for a business that takes protecting data and assets seriously.
The role has grown from simply overseeing the rollout and management of a suite of technical controls to a force for cultural change in an organization: overseeing risk management, awareness training, data protection, regulatory compliance. Their efforts influence multiple areas of technology, including application development, network operations, and cloud migration.
For many of our customers, though, employing a CISO still feels excessive. Small businesses consider security as an extension of IT and rely on systems and network administrators to protect the environment using a disparate set of tools in between building new infrastructure, putting out fires, and supporting employees.
In 2020, if you make securing your business an afterthought, you are exposing the organization to risk. With no formal leadership, risk can go unidentified and may not be addressed; tools and products deployed may not be adequate or even targeted at the right threats and use cases; and controls may erode away over time with no ongoing oversight. Unfortunately it’s not always as simple as “hiring someone.” The right security leader is tough to find and even more challenging to afford. Over the last few years we’ve gotten requests from customers for security leadership with a smaller footprint, which is why we’ve begun offering Virtual CISO services (don’t worry, they’re actual humans, not sentient software!).
Imagine having a master chef step into your kitchen to help you craft amazing cuisine or a decorated NASCAR driver riding shotgun in your minivan to show you how to draft through neighborhood traffic (don’t tell me you’ve never wanted to!). This is what we envision with our Virtual CISO services: engaging a seasoned security leader that’s been where you’d like to go, and can show you the way.
Our long-standing position in the IT and security space, combined with our roster of technical talent, has provided us connections with some of the most capable, best-regarded security leaders in the world. We can provide this talent to assist with the development of a security program or risk management efforts, for strategy of ongoing security operations and initiatives, or even for help with specific decision points that might require a veteran’s expertise. We can design engagements that fit nearly any scenario, budget, or work schedule. Contact us if you’d like to explore engaging one of these experts to help jumpstart your organization’s security program.
More from Justin Hall: Security Trends of 2020