vCISO vs. CISO

Why Do I Need a vCISO or a CISO?

Managing security risk is a core business function in today’s world. It requires a professional and deliberate effort. Deciding on whether to insource to a Chief Information Security Officer (CISO) or outsource to a virtual CISO (vCISO) is a critical step in getting your security program up and running quickly and efficiently.

Like any important decision, both options certainly have their benefits.

vCISO

Cost

Most of the conversations we have at FRSecure regarding vCISO are about cost. Many smaller or even mid-sized organizations feel they can’t afford the total compensation of a full-time CISO, or simply wouldn’t be able to utilize their time effectively. With salary, benefits, stock programs, bonuses, etc., CISOs often cost$250k-$300k per year. A vCISO’s services typically cost $35k-$250k per year and decrease with time as the focus shifts to maintenance. A vCISO is a great way to apply verifiable industry experience to clarify your needs and apply scalable bandwidth with flexible costs.

Knowledge

Some organizations have employees who wear many hats. These employees often wouldn’t consider security as their primary role, may have very little formal security training, and therefore might not know where to begin when trying to implement security measures. In this instance, a vCISO is beneficial as it will enhance internal capabilities by bringing expertise and techniques from trained professionals.

Turnover

Employee turnover is something all organizations face, and the market for security talent is very competitive. Not only does a vCISO limit the turnover, but it also provides proven methodologies, and can help ensure that expertise isn’t lost during an employee transition,  regardless of whether your organization decides to hire another full-time security professional or not.

vCISO comic

CISO

Clearly, as the purveyor of virtual CISOs, I am in the corner of outsourcing. But, there are also advantages to a full-time CISO.

Consistency

If you employ a full-time CISO, they are ONLY your CISO. They are not pulled in other directions and can spend all their attention on your organization’s security.

Influence

If properly positioned, a full-time CISO will quickly improve the security posture of an organization through the focus of their bandwidth and their ability to internally influence executive management.

Perception

Having a full-time CISO, if they are managed well, can have marketing and public relations benefits. It simply looks good to have someone on staff full time.

Managing security risk is a core business function in today’s world. Whether you outsource or insource, get your security program up and running immediately. Don’t get left behind!

I hope that you’ve found these tips helpful. If you have any questions about how you can help protect your organization please contact us or check out what FRSecure can do for you.


John Harmon on FacebookJohn Harmon on LinkedinJohn Harmon on Twitter
John Harmon
President at FRSecure
John Harmon is an alum of Concordia College in Moorhead, MN and has 10+ years of business leadership and IT industry experience, through which he developed an affinity for information security. As president, John's focus is helping clients better understand security requirements and implement effective information security strategies. As FRSecure continues to enjoy positive growth, he is constantly working to refine procedures and leverage our customer feedback to keep FRSecure providing ever-improving value.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *