We come across companies and organizations every day that need security help. Some companies hire in-house security engineers or analysts for support, but lack the leadership necessary to drive an effective security operation. The Chief Information Security Officer (CISO) remains a tough position to fill for a variety of reasons, but the most common are:
It's too expensive.
There's not enough work to justify a full-time resource.
It's hard to find a CISO that aligns with the organizational culture.
The Ponemon Institute published an article on security staffing in February 2014: IT Security Jobs Research. This research is insightful if you're currently navigating security staffing needs. One point that's resounding is that security executives are hard to find, hard to recruit, and hard to keep. They spend an average of 2.5 years in their role before moving on.
If you're struggling with any of the reasons above, or with maintaining consistent security leadership, perhaps a contract CISO is right for your organization. The role goes by a few terms including CISO On Demand, Virtual CISO (vCISO), and Contract CISO. Benefits of having an on-demand CISO include but are not limited to:
Security expertise to train and build in-house security muscle
Help with annual information security planning
On-demand advisory to augment your in-house team
A contract CISO doesn't have to be full-time – one day a week might be right for your organization. The company you partner with for on-demand CISO services should flex to your needs. It's important to point out that not all on-demand CISOs are equal. It's important to find someone who has been a CISO and understands the challenges of the role. Many security firms claim to provide this service, but they really offer senior advisory staff with limited experience as an industry CISO. At NuHarbor, our staff includes former CISOs of Fortune 500 companies. We've lived the security challenges you're facing today. We're the partner that makes cybersecurity easier.