• +64 (0) 210 809 8700
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8am - 5pm

What is a vCISO

The vCISO is a security practitioner who uses the culmination of their years of cybersecurity and industry experience to help organizations with developing and managing the implementation of the organization’s information security program. At a high level, vCISOs help to architect the organization’s security strategy, with some helping to also manage its’ implementation. Internal Security staff may still exist, either reporting to or working with the vCISO and their team to execute an impactful security program.  Additionally, the vCISO is usually expected to be able to present the organization’s state of information security to an organization’s board, executive team, auditors, or regulators.

 

CyberGrape's 'SUPER' Approach

Before starting the role, we prepare thoroughly by conducting company research, reading annual reports, investigating whether there are headline breaches related to the company and exploring the executive team’s critical members.
We meet with important stakeholders to learn about the business, issues and areas with room for improvement. Examine board reports, assessments, audit findings, existing strategy documents, policies, and metrics to understand critical risks and issues.
We focus on identifying the quick wins and complex capabilities that take time to rollout. This way, we can rapidly secure credibility with key stakeholders while giving ourselves enough time to plan more complex initiatives. We typically identifying two projects that we can complete or show meaningful progress on in the first three months. We remain open to feedback and constantly refine the plan as new information emerges.
Deliver on some of the quick wins we have identified. Put in place agreed plans to address some of the longer-term issues. Organize our team by creating security team roles and responsibilities, setting up our management system, and ensuring governance effectiveness.
Re-confirm key actions we’re taking and identify any progress made where we might need our key stakeholders’ help and feedback. Complete an executive assessment report of critical risks and issues.

Why are vCISO services popular?

CISOs are in demand
Cybersecurity has moved to the forefront of organizational concern.  With the rise in cyberattacks, data breaches, sophistication in attacks, and the focus locked in on an organization’s information, organizations wanting to put a comprehensive set of controls and technologies in place need a CISO. A vCISO allows organization to quickly fill a vCISO role, without needing to go through the hiring process.
CISOs are expensive
vCISOs can be more experienced
vCISOs can be anywhere
vCISOs are 'consumption based'

Use cases for a vCISO

Bridging the gap hiring a new CISO
The departure of a business’s existing CISO may be untimely with regard to current security initiatives.  A seasoned vCISO can come in, provide value in reviewing the current cybersecurity strategy and help recruit, select and transition to a full-time CISO.
Smaller Organisation maturing Cyber Security
Creating a compliance Program
Re-aligning cyber security spend
Please fill the required field.