CISO Series Newsletter
Posts
Can You Be a vCISO If You've Never Been a CISO?

Can You Be a vCISO If You've Never Been a CISO?

December 08, 2022

Defense in Depth

Can You Be a vCISO If You’ve Never Been a CISO?

Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? On LinkedIn, Michael Meis, associate CISO of The University of Kansas Health System asked this very question. It was an honest question, and not meant to be derogatory. So we decided to discuss it in this week's episode of Defense in Depth with my co-host Geoff Belknap, CISO, LinkedIn and our guest Steve Tran, CSO for the Democratic National Committee.What we realized is CISO skills are often highly dependent on the environment they're operating and getting more exposure to a variety makes a vCISO often a very valuable asset.We were all at one time not the title we are now. Justin P of Rapid7 argued the very existence of the question: "This is kind of like saying 'Why are there so many CISOs who have never been a CISO before?'" Ya gotta start somewhere." But the post’s author, Meis, argued it wasn’t the same: “It's another to be hired into a role to advise one or more organizations simultaneously on how to do a role you've never done." To which Brandon Rizzo of Amazon noted, “It's a self-designated title in most instances."Are we using the title vCISO as a status indicator? I questioned what the difference was between a vCISO and a consultant. And it was clear that a CISO or vCISO has a strategic purpose. Without it, others may undermine your position, even if you’re providing the same strategic purpose, noted Linda Rust, SecuriThink.You’re seeing a lot of vCISOs because there’s a lot of demand. "There is demand for the CISO experience at a lower price point and there is low supply. So others are stepping into that role in a limited capacity with less experience,” said Coin Graham of ClearDATA. Daniel Kennedy of The 451 Group likened it to hiring an accountant as a contractor versus hiring a very expensive full-time CFO.vCISOs’ experience is unique in that they get to see LOTS of environments. Taylor Hersom provides probably the best explanation as to the value of a vCISO: "I was a CISO for one organization and saw one IT environment. I've now become a vCISO and have seen close to 100 environments. The amount of use cases, vulnerabilities, tools, obstacles, etc. that I've seen as a vCISO has been an amazing training ground that I could have never gotten as a CISO!"Thanks to all our other contributors (witting and unwitting): Shane Roberts of CoreLogic and Joshua Copeland of AT&T.Please listen to the full episode over on our blog where you can find the full transcript. If you’re not already subscribed to Defense in Depth via your favorite podcast app, please do so now.

Thanks to our podcast sponsor, runZero

Super Cyber Fridays!

Join us NEXT WEEK, Friday [12-16-22], for "Hacking Non-Traditional Cyber Risk" - LAST SHOW of 2022

Join us next week on Friday, December 16, 2022, for “Hacking Non-Traditional Cyber Risk: An hour of critical thinking about how your third parties’ risks affect your business.”

It all begins at 1 PM ET/10 AM PT on Friday, December 16, 2022 with guests Jonathan Ehret, vp, strategy and risk, RiskRecon, A Mastercard Company, and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Mastercard

LIVE!

Cyber Security Headlines - Week in Review

Make sure you

to join the LIVE "Week In Review" this Friday for

Cyber Security Headlines

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Ken Athanasiou, CISO, VF Corporation.

You can participate live in the conversation by registering on YouTube

Subscribe to the podcast

or subscribe to the daily newsletter.

Thanks to this week's headlines sponsor, PlexTrac

Jump in on these conversations

"Now that Twitter is going up in flames, where is infosec Twitter going to go?" (

Now that Twitter is going up in flames, where is infosec Twitter going to go?
— P!bbl3 Ⓥ (@TechEmiiily)
4:09 AM • Nov 2, 2022

)

"My question is to experienced folks in cyber security, how do you manage time to study after full time job?" (

My question is to experienced folks in cyber security, how do you manage time to study after full time job? #infosec
— Rahul Bhichher (@rbhichher)
7:26 AM • Nov 2, 2022

)

"National Guard deploys cybersecurity units to 14 states to oversee midterm elections" (

National Guard deploys cybersecurity units to 14 states to oversee midterm elections
thepostmillennial.com/national-guard…
— Jack Poso 🇺🇸 (@JackPosobiec)
11:08 PM • Nov 7, 2022

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead we have:

[12-09-22] No show
[12-16-22] Hacking Non-Traditional Cyber Risk

Save your spot

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.