We live in a world where cybersecurity plays a major part in our professional and personal life. Having a high-level executive, such as a Chief Information Security Officer (CISO), who not only understands the business, but is also a highly-technical cybersecurity expert is crucial to most organizations. A CISO is responsible for the organization’s overall security program and provides the strategic leadership that’s essential for protecting the business data and other assets. You won’t ride a ship without a captain, why would you want to run a business without an experienced leader, such as CISO, leading your security program?
The Health Service Executive (HSE) is Ireland’s largest employer with 130,000 staff members and provides public health services to the entire Republic of Ireland. When an employee opened an Excel attachment in a phishing email on March 16, 2021, it installed a malware on the device. This event was the beginning of a Conti ransomware attack that would cost HSE at least $600 million. According to Wikipedia, “The group responsible was identified as a criminal gang known as Wizard Spider, believed to be operating from Saint Petersburg, Russia.”
The Board of the HSE asked PricewaterhouseCoopers (PwC) to conduct an independent review. PwC published a 157-page Independent Post Incident Review on December 3, 2021. Perhaps the biggest shocking news in the report was that the HSE was running this massive national healthcare system without a CISO. PwC determined that HSE had 15 inexperienced full-time cybersecurity staff members, which included two students. According to PwC, “The HSE does not have a single responsible owner for cybersecurity at either senior executive or management level to provide leadership and direction.” The moral of this story is obvious. Having a single responsible owner for cybersecurity, like a CISO, is crucial and could have prevented this ransomware attack.
If you don’t have a CISO on your staff because of the high cost of hiring a full-time CISO, you may want to consider SeattlePro’s CISO as a Service (CaaS) as an alternative. Every organization needs a CISO, the question is can it afford one. Some organizations can’t afford to have an experienced full-time CISO and most CISOs don’t want to work part-time anyway. The best way to deal with this issue is to hire a virtual CISO (vCISO) from SeattlePro who can remotely work for you on a part-time basis as an independent contractor. In other words, you would only pay for the services you consume.
Here are some of the benefits of hiring a vCISO from SeattlePro.
Everyone knows that vCISOs are in great demand. According to Salary.com, the average annual salary of a full-time vCISO is $273,148. This includes the base salary and other elements. In the U.S. metropolitan areas, full-time vCISOs make closer to $400,000/year. For experienced vCISOs with over 15-20 years of experience, the annual compensation is often much higher. By hiring a vCISO from SeattlePro, you are only paying for the amount of CISO service you need so you don’t need to necessarily hire a full-time employee. Because our vCISOs usually work as Independent Contractors, you don’t have to pay any benefits (health insurance, 401-K, vacation, business liability insurance, moving expenses, etc.).
The significance of business continuity can’t be ignored. Cybersecurity impacts almost every aspect of your business and there’s hardly a time when you’re not juggling several cybersecurity projects simultaneously. You can’t afford your CISO to leave when she gets a better offer from another organization, especially when you are in the middle of some critical projects. That’s when a vCISO can be a valuable resource. Here are some important points to consider.
If your organization can’t afford to hire a full-time experienced CISO, you can hire the same experienced CISO who is qualified to work for a multi-billion dollar corporation as a part-time vCISO for you. SeattlePro’s vCISOs are highly-qualified technical experts who have worked as C-level executives. Most of them are well-known nationally and/or internationally in the cybersecurity field, speak publicly at conferences and seminars, many of them are established authors, and they have experience working as a vCISO in the real-world. In addition, our vCISOs hold some of the top security credentials and certifications, such as Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Computer Hacking Forensic Investigator (CHFI), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), etc.
By hiring our vCISO, you can avoid the cost of adding a full-time employee to your team and pay only for the services and time that’s necessary at a cost that’s usually between 20% – 40% of a CISO’s standard salary.
When you hire a vCISO from SeattlePro, you are hiring a person to represent your organization as a high-level security expert to your customers, partners, vendors, and to your industry.
SeattlePro’s vCISOs work remotely, so it’s easy for them to avoid the typical office politics. Because our vCISOs work from their home office, they don’t have to deal with the daily commute. This means they have less stress, are well-focused, more productive, and can work longer hours in case of an emergency.
SeattlePro’s vCISOs have no agenda and their only goal is to serve your interest as cybersecurity experts. They are truly “independent” contractors who come with a vendor-agnostic view, which is helpful when you want to control the proliferation of vendors and tools in your environment.
Our vCISOs are primarily focused on enhancing your security posture and providing the necessary guidance to secure your business assets. We can help you consolidate your vendors, if possible, to enhance your security and lower the overall costs.
In addition to some of the major benefits listed above, there are some additional advantages offered by our vCISO consulting services that you may find are crucial to the success of your cybersecurity program. SeattlePro’s vCISO role can:
Please contact us if you would like to know more about our vCISO services and various plans, or are interested in an assessment and analysis of your organization’s current security infrastructure and environment. There are lots of ways we can assist you and we would love to share our approach and methodology that’s customized for your organization.