Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Considering the value of leveraging a virtual chief information security officer (vCISO)

By John Roman
The Uncharted Path for New Security Leaders
January 7, 2021

Ensuring the confidentiality, integrity, and availability of information must be at the forefront of any business in today’s environment. While many think they are up to this task, there’s a lot that goes into protecting data. Cyberattacks and data security breaches are at an all-time high in 2020 due to the increase in remote work, and according to a recent Information Systems Security Association and Enterprise Strategy Group survey, 63% of cybersecurity professionals have seen an increase in cyberattacks and security breaches related to the pandemic. This ultimately is a call to all businesses today that we all need to take the proactive steps to remain safe and secure.

A company’s in-house chief information security officer (CISO) is a key component to making sure the risk of a cyberattack or security breach is greatly reduced. The responsibilities of this position are critical for businesses working to protect themselves against cyberthreats, but the reality is, some companies can’t afford to add another member to the c-suite with an average salary of up to $250K. However, there’s another option: a virtual CISO or vCISO.

For a fraction of the salary of a full-time CISO, companies can hire a vCISO, which is an outsourced security practitioner with executive level experience, who, acting as a consultant, offers their time and insight to an organization on an ongoing (typically part-time) basis with the same skillset and expertise of a conventional CISO. Hiring a vCISO on a part-time (or short-term basis) allows a company the flexibility to outsource impending IT projects as needed.

A vCISO works closely with senior management to establish a well communicated information security strategy and roadmap, one that meets the requirements of the organization and its customers, but also state and federal requirements. Most importantly, a vCISO can provide companies unbiased strategic and operational leadership on security policies, which includes:

  • Guidelines, controls and standards
  • Regulatory compliance
  • Risk management
  • Vendor risk management
  • Infrastructure planning
  • Business continuity
  • Database management

Since vCISOs are already experts, it saves the organization time and money by decreasing ramp-up time. Businesses are able to eliminate the cost of benefits and full-time employee onboarding requirements. Also, if another employee had been handline the responsibilities of a CISO, a vCISO frees up some of their workload, enabling them to take on other priority tasks.

Many in-house IT departments are multi-faceted and may not have the time or resources to properly manage all IT functions, especially as they relate to information security. A vCISO can align a company's information security program to a business's overarching strategy to provide predictive budgeting to senior management.

There are also disadvantages to hiring a vCISO. One is that the vCISO most likely will need time to understand the culture and business operations of a company. Second, depending on the contractual arrangements made, a company can have unrealistic expectations that they are getting a full-time person for the cost of someone who works less than 20% of the time. The truth is, vCISOs most likely have other clients who they are involved with, so unless a company is hiring a vCISO full time, his or her time may be split between multiple companies. Finally, those who market themselves as vCISOs may lack the current knowledge of the industry. While these vCISOs may have years of technical experience, they may lack managerial security experience. Organizations must take care to properly vet a vCISO’s experience.

Information security is complex and everchanging. New vulnerabilities and threats are identified daily. Keeping up with threats, risks, and vulnerabilities is often a full-time job in larger organizations. Developing a strategic information security plan and program is a difficult task, and not everyone has the skills or the time to do it effectively. The right vCISO can provide a business with quality executive level information security experts by collaborating with executive management to make smart decisions on various security, privacy, and compliance requirements and issues.

A seasoned vCISO will have had the advantage of seeing hundreds of companies struggling with many of the same challenges, and knows which policies, procedures, and technologies are best for solving specific problems. Overall, the main objective of a vCISO is to act as a bridge to the business and its technology team by providing a long-term framework that can be continuously modified as information security goals and threats evolve.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: Chief Information Security Officer (CISO) cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John roman foxpointe

John Roman is President and COO of The Bonadio Group's Information Risk Management and Cybersecurity Division, FoxPointe Solutions. In his role at FoxPointe, he is responsible for all aspects of the operations of a national cybersecurity consultancy.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • digital-cyber

    Five tips for chief information security officers to increase their strategic value to the CEO and board of directors

    See More
  • security leadership

    The state of the chief information security officer role

    See More
  • Shirley Erp

    Shirley Erp Named Chief Information Security Officer for the City of Austin, Texas

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing