How I Became a vCISO

by Brian Petzold | Oct 25, 2024

How-I-Became-a-vCISO

I have a lot of passion for my role as a Virtual Chief Information Security Officer (vCISO) for financial institutions, and I am always happy to tell people why. It is because I grew up in banking and realized early on that all banks were building similar information security programs from scratch. Once the program was created, we would wait for auditors and examiners to tell us what we were missing through findings, and then we would adjust based on that feedback.

I always worked at banks where efficiency was stressed, so the above process drove me nuts. If 90% of a security program was the same across institutions, why was there not someone I could hire to provide the 90% so I could focus on the remaining 10%? And why was there not somebody I could turn to who could tell me what my auditors and examiners were looking for before they came in? There were policy templates I could download, but these did not help me to implement what was in the policy. I needed someone who had experience successfully implementing programs.

By 2005, I had enough experience that I thought I could be the someone that helped multiple institutions implement their security programs. I started talking about it with those around me, and for the most part they told me I was crazy. There was too much risk involved. Nobody would pay me to do what their IT staff should be doing. I would need to charge too much. This opposition to my idea kept me from acting on my idea. But I still talked about it a lot!

While I continued to work for an institution over the next 13 years, a lot changed in banking and in cybersecurity. The Internet went from being a novelty to becoming a critical part of a bank’s infrastructure. Along with this came more complexity and more of a realization that an information security program required dedicated resources and expertise. By 2016 the FFIEC was telling banks they should have a dedicated, qualified, independent (not in IT) ISO who reported directly to senior management or the board. Suddenly banks had to pay big bucks to comply with guidance. Many banks outside of major metropolitan areas could not find qualified people to fill this role, which created a need waiting to be filled.

It was early 2018 when a coworker sent me a job posting for a Senior vCISO position with Bedel Security. When I read the job description, I could not believe that somebody was doing exactly what I had been dreaming of all these years. I contacted Chris Bedel and told him I knew exactly how to do what he was looking to do, and that I would do whatever it took for him to hire me. I became employee number 3 at Bedel Security.

The model works. Just six years later Bedel Security has 20 employees and serves many banks and credit unions from coast to coast. We work with the board and senior management and with the IT and risk departments of each institution to make sure that every part of a security program is documented, implemented, and monitored. We have documented, repeatable processes in place so that institutions do not each have to reinvent the wheel. We went from needing to convince early customers that this is a viable model to often having our customers and other vendors recommend us to those who are struggling with their program.

So if you are working in a financial institution and are struggling with your information security program, remember that Bedel Security is here with qualified staff who are passionate about helping you to make sense of what has become a very complex cybersecurity world. Call us at 833-297-7681 x714 or email us at support@bedelsecurity.com to find out more!

 

 

 

Want these articles delivered weekly to your inbox? Subscribe to our Newsletter!

Recent Posts

Stay in the Loop!