CISO as a Service

April 21, 2017

How do CISOs make companies successful? By ensuring the company they are supporting has all the correct security and compliance in place to completely satisfy the companies customer's expectations. I have worked for multiple SaaS companies in the past and you can win business by having the right levels of compliance in place. It can actually be a determining factor over your competition.

The point in a companies life cycle that a CISO becomes important is NOW! If you don't have one then get one. If you are a startup then the CISO can help position the company's security and compliance in such a way to make the company overcome the competition.

I don't believe that a CISO position is always a full-time position. This could be true no matter what size your company is. You might just need guidance and direction for a point in time or a few hours a month. It's kind of like having an attorney available for advising on legal matters.

So, the CISO as a Service is one that a qualified individual performs the CISO role for several companies. This individual, performing as a CISO for several companies must be a very sharp and talented individual that is willing to invest their time in learning your company operations and culture.

This type of arrangement fits very well in the startup community and the mid-sized companies. These companies normally don't either have any security support or they have security personnel with a lack of good guidance and direction. Placing a CISO as a Service in one of these types of organizations can help them quickly grow their security and compliance programs and may translate into an increase in customer growth.

There are also financial cost benefits for working in this CISO relationship. Instead of hiring a full-time employ that demands a high dollar salary, you could end up paying a fraction of that with the similar guidance and direction of a qualified individual.

On the downside, not having a CISO could get your company into hot water with regulatory bodies and end up paying hefty fines. Security breaches are on the rise and good security personnel is hard to find.

This type of service relationship might be the best for your company to start with and then grow into a full-time position if needed.