top of page
Search

How To Engage a Fractional CISO

Audience:

  • Executives feeling the pressure to meet security requirements from clients and partners

  • Companies with an existing cyber security program, but in need of a dedicated resource for continuous improvement and execution

  • Leaders low on resource who need to build and implement a security program quickly

  • Anyone wanting to learn more about CISO services and developing a complete cyber risk strategy

The Brass Tax:

A Fractional CISO has real benefits that you may not realize. To start, the pay gap is usually the first thing people notice - a Fractional CISO is typically 50% less.

A rather unrealized benefit of the Fractional CISO is an important one - experience!

By advising multiple companies, you gain greater experience and/or diversity:

  • in technical strategy

  • in business strategy

  • with compliance and regulations

  • with people (personalities and culture)

The Fractional CISO gains more experience and understanding of the various risk and revenue strategies available by advising multiple companies. After all, most businesses use the same solutions in different ways.


With all this said, there is a caveat I must mention - not every person serving as a CISO has the acumen to pull it off. This is an industry problem as a whole, and people have differing opinions on how to solve it. The information I provided solely applies to Security Excellence.


Tips on how to engage a Fractional CISO:

Identify your organization's needs: This will help you determine what type of expertise you may need, as well as the level of support you require. Do you think someone with PCI experience is required? Is your goal to pass an audit, become certified, meet a new board driven strategy (perhaps brought on by the SEC), or simply maintain the status quo.

Research and compare candidates: Once you have a clear understanding of your organization's needs, you can start researching and comparing different candidates. Look for professionals with a proven track record of success in helping organizations like yours. You can also entertain candidates who have track records outside your domain, they may be able to do a great job. In my expertise working with 450+ companies, experience does not always equate to expertise.

Request proposals: After identifying a few potential candidates, reach out and request proposals outlining how they can help your organization.

Evaluate and select a candidate: Once you have received proposals from a few different candidates, carefully evaluate each one to determine which one is the best fit for your organization. Consider factors such as their experience, expertise, and pricing.

Engage the CISO: Once you have selected a candidate, you can engage them to provide expert advice and guidance on your organization's cybersecurity and information security needs. This may involve regular meetings and consultations, as well as assistance with developing and implementing appropriate security controls and processes.

In short, engaging a Fractional CISO is not very different than a regular candidate, or a consultant, or advisor.

 
 
 

Kommentare

bottom of page