October 15, 2020
Work meetings and happy hours are often online these days, but it didn’t take a global pandemic for certain technology roles to go virtual. An increasingly common example is the virtual chief information security officer (vCISO). The typically remote version of a position that has traditionally been filled by in-house staff, the vCISO is a top-tier security expert available to organizations that helps them set long term security strategy, identifies risk, improves measurement and ultimately helps protect a company’s data and assets. The role augments the cybersecurity skills gap present in many small and mid-size companies and helps them navigate the complex and growing security landscape.
According to Mindsight chief security architect Mishaal Khan, the shift to vCISOs lowers costs and greatly expands the security talent pool in a sector with limited supply and high demand. Which means you don’t have to be a large enterprise or the Federal Government to afford top-notch cybersecurity experts. Now small and mid-market organizations “that previously couldn’t dream of having a CISO can enjoy similar advantages,” Khan says.
But just because they can doesn’t mean they are. A recent report from the insurer Hiscox revealed that despite being aware of mounting cybersecurity threats, many companies worldwide still don’t have sufficient defense systems in place — even those that have the financial means to institute them.
“The message that cyber risk is a real threat to businesses of all sizes is sinking in,” said Meghan Hannes, Cyber Product Head for Hiscox in the U.S. “Companies are increasingly aware of the risks and pouring more resources into cyber protection, and yet, there is still a tremendous gap between awareness of the issue and actually having an effective defense. Many believe that increasing cyber-related spending fully protects a business, but it isn’t enough. Businesses must take a holistic approach, ensuring they can properly maximize their investment with appropriate internal protocols, staffing, and employee training, ultimately creating a human firewall as the first line of defense.”
For organizations with tighter budgets (especially now amid pandemic reallocating and downsizing), vCISOs can be hugely effective at bolstering that culture. Even as they grow in number and popularity, however, not all of them are equally informed or skilled. “Today’s CISOs must demonstrate a higher level of effectiveness than ever before,” Sam Olyaei, a research director at Gartner, said in September. “As the push to digital deepens, CISOs are responsible for supporting a rapidly evolving set of information risk decisions, while also facing greater oversight from regulators, executive teams and boards of directors. These challenges are further compounded by the pressure that COVID-19 has put on the information security function to be more agile and flexible.”
Besides being more cost effective than their in-house counterparts, who can command north of $300,000 plus benefits in major markets, Khan says vCISOs stay put longer. And if an on-site CISO departs, he adds, it’s easy to plug the gap with virtual replacements from Mindsight or elsewhere that can immediately step in on a temporary or permanent basis.
Most vCISOs are generalists, Khan explains, and knowledgeable about all of the most common cybersecurity risks. They must also understand the business impact of each security measure deployed while managing regulatory expectations to ensure privacy and security compliance. The best CISOs “translate risk and vulnerabilities into business impact in order to prioritize a security program’s approach.”
Thanks to the democratizing effect of virtual technology, more companies than ever are benefitting from the expertise of these dedicated specialists. “All your security problems are under our umbrella,” Khan says. “And you don’t have to understand every single aspect — we’ll make sense of it and prioritize for you.”
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About the Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.