CISOSHARE, profile picture
Uploaded byCISOSHARE
387 views

Top Tips on Choosing a vCISO

The document outlines the key considerations for choosing a virtual Chief Information Security Officer (vCISO), an outsourced security role pivotal for leading cyber security programs. It emphasizes five steps: educating oneself about the organization's needs, assessing the current security state, exploring options for the vCISO role, communicating findings to stakeholders, and making an informed decision. Additionally, it describes various service providers and stresses the importance of understanding budgetary constraints and different outsourcing models.

Technology
Related topics:
Cyber-Security

Embed presentation

Downloaded 18 times
And What You Need to Know Beforehand Top Tips on Choosing a vCISO @CISOSHARE
What is a Virtual CISO? An outsourced security role to lead your cyber security program. Copyright © 2019
Why Use a Virtual CISO? • You need an interim security leader as you build an internal team. • You’re outsourcing security entirely. • You need support in improving your security program. There are no wrong reasons, only different business goals. Copyright © 2019
5 Steps to Choosing the Right vCISO: 1. Educate Yourself 2. Understand Your Current State 3. Determine Your Options Moving Forward 4. Tell the Story 5. Make a Decision Copyright © 2019
STEP 1: Educate Yourself Copyright © 2019
STEP 1 Understand the basics of your organization: Why do you want to improve cyber security? What problems will you face without the right program? What requirements does your organization have to meet? Copyright © 2019
Explore your implementation options: Outsource everything in your security program. Only outsource the CISO role and hire an internal security team. Hire an internal CISO and outsource roles to a service provider. Anything in between! STEP 1 Copyright © 2019
Evaluate available security service providers: Professional services consultants These teams offer project-based contracts, including vCISO services. Managed security service providers True service providers offer ongoing role and process performance to clients. One-person CISO consultancies These are individuals you can use to perform the CISO function. STEP 1 Copyright © 2019
Everything in security will have ongoing capital and operational costs. Don’t forget to factor in foundational costs, resource costs, and any necessary technology costs. Understand your budget and cost savings. STEP 1 Copyright © 2019
STEP 2: Understand Your Current State Copyright © 2019
• Alignment to best practices and security regulations • Foundation and process maturity • Existing resource capability • Existing remediation items and security roadmap • Security architecture and data map • Susceptibility to attack Understand key areas of your security program: STEP 2 Copyright © 2019
Different ways to measure your current state: Internal assessment using your own team External assessment through a consultancy Potential security service providers Utilizing a previous customer assessment STEP 2 Copyright © 2019
STEP 3: Determine Your Options Moving Forward Copyright © 2019
STEP 3 1 What the option is, so people can quickly understand it. 2 The annual capital and ongoing costs of each program option. 3 The foundational elements that will be built. 4 The resource elements and whether they’ll be internal, outsourced, or a combination of the two. 5 Any security architecture technology that might change or be added. 6 How the option will maintain or improve your current state. 7 Any pros and cons for each. Copyright © 2019
STEP 4: Tell the Story Copyright © 2019
Use everything you’ve gathered from your research, your current state, and any service providers you’ve found. Explain the needs of your security program. STEP 4 Copyright © 2019
Educate your upstream decision-makers and make a case for each option. STEP 4 Copyright © 2019
STEP 5: Make a Decision Copyright © 2019
Turn each option on the table into specific and actionable next steps. The more work you’ve put into the previous steps, the easier this one will be. STEP 5 Copyright © 2019
Want More Decisions? Download Our Guide to Selecting a vCISO! Copyright © 2019
Go Out There and Find the vCISO that will Improve Your Security Program! Learn More About Our vCISO Services @CISOSHARE Copyright © 2019
@CISOSHARE Copyright © 2019 Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE www.cisoshare.com | info@cisoshare.com | +1-800-203-381

More Related Content

PDF
How to Build a Cyber Security Framework
byCISOSHARE
 
PDF
CISOSHARE's approach to designing effective cyber security programs
byCISOSHARE
 
PDF
Building Cyber Security Policies
byCISOSHARE
 
PDF
Building Security Program Processes
byCISOSHARE
 
PDF
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
byFlexera
 
PPTX
Five steps to achieving hipaa compliance
byAnita Jones
 
PPTX
Importance Of A Security Policy
bycharlesgarrett
 
PDF
Flexera Event - The Game Has Changed - Are You Ready?
byFlexera
 
How to Build a Cyber Security Framework
byCISOSHARE
 
CISOSHARE's approach to designing effective cyber security programs
byCISOSHARE
 
Building Cyber Security Policies
byCISOSHARE
 
Building Security Program Processes
byCISOSHARE
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
byFlexera
 
Five steps to achieving hipaa compliance
byAnita Jones
 
Importance Of A Security Policy
bycharlesgarrett
 
Flexera Event - The Game Has Changed - Are You Ready?
byFlexera
 

What's hot

PDF
Icon Secure by Maintel
byJean-Frédéric KARCHER, CISSP 487843
 
PPTX
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
byFlexera
 
PPTX
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
byAccenture Technology
 
PDF
eCommunications Surveillance Solution Brief
byAttivio
 
PPT
Dave Tyson Profile for CISO Insights
byciso_insights
 
PDF
Cisco business cloud adoption report
byCMR WORLD TECH
 
PDF
6 Steps to Meet Regulatory Compliance
byEnviroSolutions & Consulting
 
PPT
Security Readiness Profile
bypds2k.com
 
PDF
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
byHernan Huwyler, MBA CPA
 
PPTX
Cybersecurity and Healthcare - HIMSS 2018 Survey
byImperva
 
Icon Secure by Maintel
byJean-Frédéric KARCHER, CISSP 487843
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
byFlexera
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
byAccenture Technology
 
eCommunications Surveillance Solution Brief
byAttivio
 
Dave Tyson Profile for CISO Insights
byciso_insights
 
Cisco business cloud adoption report
byCMR WORLD TECH
 
6 Steps to Meet Regulatory Compliance
byEnviroSolutions & Consulting
 
Security Readiness Profile
bypds2k.com
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
byHernan Huwyler, MBA CPA
 
Cybersecurity and Healthcare - HIMSS 2018 Survey
byImperva
 

Similar to Top Tips on Choosing a vCISO

PDF
Strengthening Cybersecurity with Virtual CISO Managed Services
byCyber Security Speed
 
PDF
When does an Organization need a Virtual Ciso?
bynityakaul992
 
PPTX
vCISO Overview Virtual CISO Chief Information Security Officer
byabstmsecure
 
PDF
How to Hire a CISO for Your Company And What to Look For.pdf
byAlliance Recruitment Agency - Staffing Agency In California, Esplanade Avenue, Pacifica, CA, USA
 
PDF
Virtual Chief Information Security Officer | VCISO | Cyber Security
byCyber Security Experts
 
DOCX
So you want to be a CISO - 5 steps to Success
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
PDF
ePlus Virtual Chief Information Security Officer (vCISO)
byePlus
 
PDF
Is a Virtual CIO Right for Your Business.pdf
byDelvalTechnologySolu
 
PPTX
Is a Virtual CIO Right for Your Business.pptx
byDelvalTechnologySolu
 
PPTX
Emerging Need of a Chief Information Security Officer (CISO)
byMaurice Dawson
 
PPTX
VCISO | Virtual Chief Information Security | VCISO services - 2023
byCyber Security Experts
 
PDF
CISO_Paper_Oct27_2015
byScott Smith
 
PDF
CISO_Paper_Oct27_2015
byJohn Budriss
 
PPTX
iDEAFest Enteprise InfoSec Program Lessons Learned
byMichael King
 
PDF
Top Strategies for a Successful CISO Executive Search in Today’s Digital Land...
byAlliance Recruitment Agency - Staffing Agency In California, Esplanade Avenue, Pacifica, CA, USA
 
PDF
GRCAlert Capabilities Deck - 2018
byRichard Marti - Principal
 
PDF
The Ultimate Guide to CISO Executive Search Finding Cybersecurity Leaders Who...
byAlliance Recruitment Agency - Staffing Agency In California, Esplanade Avenue, Pacifica, CA, USA
 
PDF
Cybersecurity Solutions
byErin Planting
 
PPTX
Why Does Your Business Need a Virtual CISO Now More Than Ever.pptx
byelizabethrdusek
 
PDF
Why Does Your Business Need a Virtual CISO Now More Than Ever.pdf
byelizabethrdusek
 
Strengthening Cybersecurity with Virtual CISO Managed Services
byCyber Security Speed
 
When does an Organization need a Virtual Ciso?
bynityakaul992
 
vCISO Overview Virtual CISO Chief Information Security Officer
byabstmsecure
 
How to Hire a CISO for Your Company And What to Look For.pdf
byAlliance Recruitment Agency - Staffing Agency In California, Esplanade Avenue, Pacifica, CA, USA
 
Virtual Chief Information Security Officer | VCISO | Cyber Security
byCyber Security Experts
 
So you want to be a CISO - 5 steps to Success
byGary Hayslip CISSP, CISA, CRISC, CCSK
 
ePlus Virtual Chief Information Security Officer (vCISO)
byePlus
 
Is a Virtual CIO Right for Your Business.pdf
byDelvalTechnologySolu
 
Is a Virtual CIO Right for Your Business.pptx
byDelvalTechnologySolu
 
Emerging Need of a Chief Information Security Officer (CISO)
byMaurice Dawson
 
VCISO | Virtual Chief Information Security | VCISO services - 2023
byCyber Security Experts
 
CISO_Paper_Oct27_2015
byScott Smith
 
CISO_Paper_Oct27_2015
byJohn Budriss
 
iDEAFest Enteprise InfoSec Program Lessons Learned
byMichael King
 
Top Strategies for a Successful CISO Executive Search in Today’s Digital Land...
byAlliance Recruitment Agency - Staffing Agency In California, Esplanade Avenue, Pacifica, CA, USA
 
GRCAlert Capabilities Deck - 2018
byRichard Marti - Principal
 
The Ultimate Guide to CISO Executive Search Finding Cybersecurity Leaders Who...
byAlliance Recruitment Agency - Staffing Agency In California, Esplanade Avenue, Pacifica, CA, USA
 
Cybersecurity Solutions
byErin Planting
 
Why Does Your Business Need a Virtual CISO Now More Than Ever.pptx
byelizabethrdusek
 
Why Does Your Business Need a Virtual CISO Now More Than Ever.pdf
byelizabethrdusek
 

Recently uploaded

PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
final.pdf
byomarbishtawi04
 
PDF
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PPTX
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
final.pdf
byomarbishtawi04
 
AI TOOLS FOR PRODUCTIVITY IN MODERN TIMES.pdf
bySantunu
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
apidays New York 2025 | AI in Application Security
byapidays
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
AI Vector Search Best Practices Multicloud Feb 2026
bySandesh Rao
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
Tech Trends 2026: AI Agents, Quantum Computing, Robotics & Cybersecurity
byridwansassman
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 

Top Tips on Choosing a vCISO

  • 1.
    And What YouNeed to Know Beforehand Top Tips on Choosing a vCISO @CISOSHARE
  • 2.
    What is aVirtual CISO? An outsourced security role to lead your cyber security program. Copyright © 2019
  • 3.
    Why Use aVirtual CISO? • You need an interim security leader as you build an internal team. • You’re outsourcing security entirely. • You need support in improving your security program. There are no wrong reasons, only different business goals. Copyright © 2019
  • 4.
    5 Steps to Choosingthe Right vCISO: 1. Educate Yourself 2. Understand Your Current State 3. Determine Your Options Moving Forward 4. Tell the Story 5. Make a Decision Copyright © 2019
  • 5.
  • 6.
    STEP 1 Understand thebasics of your organization: Why do you want to improve cyber security? What problems will you face without the right program? What requirements does your organization have to meet? Copyright © 2019
  • 7.
    Explore your implementationoptions: Outsource everything in your security program. Only outsource the CISO role and hire an internal security team. Hire an internal CISO and outsource roles to a service provider. Anything in between! STEP 1 Copyright © 2019
  • 8.
    Evaluate available securityservice providers: Professional services consultants These teams offer project-based contracts, including vCISO services. Managed security service providers True service providers offer ongoing role and process performance to clients. One-person CISO consultancies These are individuals you can use to perform the CISO function. STEP 1 Copyright © 2019
  • 9.
    Everything in securitywill have ongoing capital and operational costs. Don’t forget to factor in foundational costs, resource costs, and any necessary technology costs. Understand your budget and cost savings. STEP 1 Copyright © 2019
  • 10.
    STEP 2: Understand Your CurrentState Copyright © 2019
  • 11.
    • Alignment tobest practices and security regulations • Foundation and process maturity • Existing resource capability • Existing remediation items and security roadmap • Security architecture and data map • Susceptibility to attack Understand key areas of your security program: STEP 2 Copyright © 2019
  • 12.
    Different ways tomeasure your current state: Internal assessment using your own team External assessment through a consultancy Potential security service providers Utilizing a previous customer assessment STEP 2 Copyright © 2019
  • 13.
    STEP 3: Determine YourOptions Moving Forward Copyright © 2019
  • 14.
    STEP 3 1 Whatthe option is, so people can quickly understand it. 2 The annual capital and ongoing costs of each program option. 3 The foundational elements that will be built. 4 The resource elements and whether they’ll be internal, outsourced, or a combination of the two. 5 Any security architecture technology that might change or be added. 6 How the option will maintain or improve your current state. 7 Any pros and cons for each. Copyright © 2019
  • 15.
    STEP 4: Tell theStory Copyright © 2019
  • 16.
    Use everything you’vegathered from your research, your current state, and any service providers you’ve found. Explain the needs of your security program. STEP 4 Copyright © 2019
  • 17.
    Educate your upstream decision-makersand make a case for each option. STEP 4 Copyright © 2019
  • 18.
    STEP 5: Make aDecision Copyright © 2019
  • 19.
    Turn each optionon the table into specific and actionable next steps. The more work you’ve put into the previous steps, the easier this one will be. STEP 5 Copyright © 2019
  • 20.
    Want More Decisions? DownloadOur Guide to Selecting a vCISO! Copyright © 2019
  • 21.
    Go Out Thereand Find the vCISO that will Improve Your Security Program! Learn More About Our vCISO Services @CISOSHARE Copyright © 2019
  • 22.
    @CISOSHARE Copyright © 2019 Basedin Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE www.cisoshare.com | info@cisoshare.com | +1-800-203-381