By Jon Clark
July 8, 2022
I’ve been doing Information Technology work for a long time—starting in 1984 with a volunteer job teaching how to use personal computers, throughout my time in the Marines, as a professional information security trainer, a network consultant, the head of Information Security and, eventually, CIO for a two billion dollar financial institution, and now at Parameter Security full-time—it has been quite a journey.
Though it was tempting, I decided to avoid starting out with something like, “You need a vCISO to augment the efforts of your CIO in your PCI InfoSec program to ensure your BIA was accurate enough to assist in generation of your BCP, because we all know if a DR event occurs, and the SHTF, everyone will be MIA, and if you failed to CYA, you will likely find yourself in hot water with HR, the CEO, and will be SOL.” Now, some of those acronyms were just for effect and I won’t be explaining them, at least not in this post, but some of them are relevant and you're likely to find me referencing them in the future.
A vCISO is a way to augment (or even fulfill completely) your Information Security (InfoSec) strategy and cybersecurity oversight needs. Perhaps you are facing regulatory or compliance issues such as PCI, or you are concerned about things like ransomware, or have supply chain questions. Even better, maybe you are concerned about what you don’t know you don’t know.
There are many InfoSec concerns that can plague small to medium sized businesses, and no easy means to address them. A vCISO can walk alongside you through a discovery process to get an idea of where your security program is, where you want it to be based on your business concerns and goals, and what it will take to bridge that gap. There are many specifics that could be discussed, but then I would have to get into more acronyms, and I said I wouldn’t do that today.
In a nutshell, just think of a vCISO as a means to access a resource with InfoSec expertise only gained by years of diverse experience across varying industries, without having to pay for one full time. You use them only when you need them, and don’t have to pay for a full forty hours a week. You save money, and most importantly, as promised: It means one less dinner you must buy at the annual Christmas party.
Every client is different and presents unique opportunities. Parameter uses a flexible “boot camp” approach during vCISO engagements: evaluating, teaching, and reporting in an organized fashion. We collaborate with you to set the priority for meeting your needs, but still ensure that all areas are covered to best manage your risk. For example, a client might have a pressing regulatory need that we usually address later in our vCISO process, but because we’ve built our vCISO program to include flexibility and prioritize meeting the client wherever they are, we would be able to build that section early, and return to revise it later after completing due diligence.
Ready to learn what our vCISO services can do for you? Let me know what you're looking to accomplish in the form below, and I'll be in touch.
Jon has been providing guidance in information security and technology risk for the last 24 years. His background includes serving as head of the information security program for a $2B financial institution, SVP of enterprise risk, and as CIO.
Once a university adjust professor, Jon has the heart of a teacher and ensures his clients understand the ‘what’ and ‘why’ of solutions as he guides them through the establishment and maintenance of their information security programs.
Jon earned a Masters’ degree in Computer Information Resource Management and has served in the United States Marine Corps. In his free time, Jon enjoys time with his wife and three ever-growing children, playing guitar and bass, and reading non-fiction. A favorite quote of his is from Charlie “Tremendous” Jones: “You are the same today as you’ll be in five years expect two things: the books you read and the people you meet.”