Are Virtual CISOs the answer to your security problems?

Virtual CISOs can be an invaluable resource for companies with limited resources. But are they a short-term fix to a long-term problem?

virtual executive
Thinkstock

Chief Information Security Officers are a relatively rare breed. Information security is, after all, a relatively recent addition or subset to IT, and while most large organizations now do profess to having a CISO, CSO or head of information security, many still don’t. Indeed, it’s often the case that a company appoints its first CISO in the aftermath of a data breach - like Target did in 2014 or Sony in 2011.

However, landing yourself a CISO, and a good one at that, isn’t straightforward.

It’s well documented that the InfoSec landscape has a huge skills gap, with Cisco, training body ISC2 and other authorities putting the shortage around 1.5 to 2 million personnel, and ISACA speaking of a “missing generation” of security staff.

This shortage  - though disputed by some, including the Department of Homeland Security, is most keenly felt with network analysts and - increasingly - data scientists, but it also impacts firms at CISO level too.

To continue reading this article register now

Security vs. innovation: IT's trickiest balancing act