I’ve been doing Information Technology work for a long time—starting in 1984 with a volunteer job teaching how to use personal computers, throughout my time in the Marines, as a professional information security trainer, a network consultant, the head of Information Security and, eventually, CIO for a two billion dollar financial institution, and now at Parameter Security full-time—it has been quite a journey.

Though it was tempting, I decided to avoid starting out with something like, “You need a vCISO to augment the efforts of your CIO in your PCI InfoSec program to ensure your BIA was accurate enough to assist in generation of your BCP, because we all know if a DR event occurs, and the SHTF, everyone will be MIA, and if you failed to CYA, you will likely find yourself in hot water with HR, the CEO, and will be SOL.” Now, some of those acronyms were just for effect and I won’t be explaining them, at least not in this post, but some of them are relevant and you're likely to find me referencing them in the future.

A vCISO is a way to augment (or even fulfill completely) your Information Security (InfoSec) strategy and cybersecurity oversight needs. Perhaps you are facing regulatory or compliance issues such as PCI, or you are concerned about things like ransomware, or have supply chain questions. Even better, maybe you are concerned about what you don’t know you don’t know.

There are many InfoSec concerns that can plague small to medium sized businesses, and no easy means to address them. A vCISO can walk alongside you through a discovery process to get an idea of where your security program is, where you want it to be based on your business concerns and goals, and what it will take to bridge that gap. There are many specifics that could be discussed, but then I would have to get into more acronyms, and I said I wouldn’t do that today.

In a nutshell, just think of a vCISO as a means to access a resource with InfoSec expertise only gained by years of diverse experience across varying industries, without having to pay for one full time. You use them only when you need them, and don’t have to pay for a full forty hours a week. You save money, and most importantly, as promised: It means one less dinner you must buy at the annual Christmas party.

Every client is different and presents unique opportunities. Parameter uses a flexible “boot camp” approach during vCISO engagements: evaluating, teaching, and reporting in an organized fashion. We collaborate with you to set the priority for meeting your needs, but still ensure that all areas are covered to best manage your risk. For example, a client might have a pressing regulatory need that we usually address later in our vCISO process, but because we’ve built our vCISO program to include flexibility and prioritize meeting the client wherever they are, we would be able to build that section early, and return to revise it later after completing due diligence.

Ready to learn what our vCISO services can do for you? Let me know what you're looking to accomplish in the form below, and I'll be in touch.