The Bedel Security Blog

Top 5 Benefits of a Virtual CISO

Written by Chris Bedel | Mar 23, 2018

 

Ever wonder what a virtual CISO is?  Or more importantly, if it could be a feasible solution for your financial institution?

While we plan to do a Friday 5 on the top things your Virtual CISO should be doing for you sometime in the near future, it's worth taking a few moments to clarify what a vCISO is for this post.

As you may know, a "Chief Information Security Officer" is charged with leadership and strategy for cybersecurity in an organization.  Every bank and credit union must have one.

A Virtual Chief Information Security Officer is where the organization contracts with an outside party, rather than hiring an individual to fill this role.  It can also be referred to as an Outsourced CISO, Fractional CISO, Virtual ISO (Virtual Information Security Officer), among other terms.

 

So why do some banks and credit unions choose the virtual route?

Well, there are a number of benefits to a Virtual CISO, and that is the focus of today's Friday 5:

  1. Independent - Independence for the CISO position from IT Operations is mandatory and for a community financial institution with limited staff, this can be a challenge.  A Virtual CISO can be a great way to solve this.  Not only is the vCISO independent from IT, but office politics as well.
  2. Expertise - Hiring and keeping experienced CISOs is tough, so a Virtual Chief Information Security Officer can be a way to shore up cybersecurity expertise without adding another FTE.  More importantly, if you go with a company that has a number of vCISO clients, the group knowledge of their client base can be invaluable.
  3. Continuity - Having an in-house CISO can be great, until someone else hires them.  A Virtual CISO can offer financial institutions continuity in this role.  Even if people move, there's the benefit of having the continued relationship with the company and the rest of the team, along with the continued processes and approach.
  4. Specialization - If you work with a firm that specializes in Virtual CISO services, this is a huge benefit.  Having a vCISO that is focused on doing a few things really well can have a positive impact on overall strategy and effectiveness of the role in your organization.
  5. Cost effective - Although many community banks and credit unions just can't justify the $125K+ salary of an experience full-time CISO, they are finding that a Virtual CISO can have many of the benefits of an FTE at a lower cost.  This is often due to the fact that most smaller community banks don't need 2000 hours per year for the position.  Another factor is that larger community banks and credit unions are using vCISO services to selectively fill only the highly specialized portion of the role, also saving money.

If you're ever curious if the "virtual route" might be a good fit for your financial institution, send us an email at support@bedelsecurity.com.  We love talking about this stuff and will give you honest feedback on if it could work for you, and we'll even tell you if we think it won't.