Frequently Asked Questions

Questions? Concerns?
We are here to explain everything you might want to know. Let us help!

What does vCISOaaS stand for?

(Anything-as-a-Service) refers to something being presented to a customer as a service. Hence, virtual Chief Information Security Officer-as-a-Service.

Over the last few years, the trend in IT has been moving in the direction of As-a-Service offerings. With As-a-Service models, the offering has shifted to subscription-based technology designed to reduce upfront expense, enhance client flexibility, and give access to the latest technologies. All this is accomplished while the As-a-Service provider maintains their infrastructure entirely.

As-a-Service models include PaaS (Platform as a Service), SaaS (Software as a Service), IaaS (Infrastructure as a Service).

CISO is an acronym that stands for Chief Information Security Officer.

vISO is an acronym that stands for Virtual Information Security Officer.

A vCISO is a Virtual Information Security Officer. The vCISO is a security practitioner who uses their years of cybersecurity and industry experience to help organizations develop and manage the implementation of the organization’s information security program.

While nearly every organization needs a CISO, not everyone can afford one. A vCISO allows organizations to avoid the expense of employing one in-house full-time, only paying for the services and time used.

Short answer “No.” Similar roles, just different verbiage around the title. They will all be a 3rd party out-of-house Information Security Officer that will help bridge the gap between Business, IT, Compliance, and Governance. 

All will provide Strategic & Governance Support, create and update Policies and Risk Assessments, Cybersecurity assessments, provide Education & Training, Vendor Management Support & Due Diligence, Business Continuity Planning & preparedness, facilitate Business Continuity roundtable exercises, Incident Response and Incident Response preparedness, facilitate Incident Response roundtable exercises, and will provide research and feedback on current cyber issues.

  • Identify threats, assess vulnerabilities, determine risk, implement control strategies to reduce the risk, and lastly, monitor and review the Information Security program.
  • Provide Strategic & Governance Support through ITSC Meetings, Project Management, IT Strategic Planning, GLBA/Executive Reporting, and provide interaction with the Board.
  • Create Policies sets, and conduct Risk Assessments.
  • Provide education & Information Security Awareness training to all employees, including the Board. 
  • Create a Vendor Management Program which includes, annual Vendor Risk Assessments, creating a Critical Vendor Analysis Report, assessing risk when onboarding new vendors, tracking performance management, and if necessary, help facilitate a corrective action plan for non-performing vendors.
  • Create and maintain a Business Continuity Plan and conduct annual BC roundtable exercises.
  • Create and maintain an Incident Response Plan and conduct annual IR roundtable exercises.  
  • Provide Research / Feedback on current cyber events, regulations, and compliance.
  • Provide IT Audit and Exam preparation and support.
  • We are not Helpdesk support.
  • We do not install software or troubleshoot software.
  • We do not troubleshoot printing issues
  • We do not troubleshoot Networking issues.
  • We do not Manage IT staff.
  • We are not a SOC (Security Operations Center).  
  • We are not software resellers. We are vendor agnostic.

The national average salary for a CISO is $176,131 in the United States.

On average, a vCISO costs between $30,000 a year and $54,000 a year.

Turnover among key business leaders isn’t unusual; a CISOs average tenure is approximately 24 to 48 months. Many executive leaders are coming to understand that CISOs face excessive stress in their role, leading to frequent burnout and increased turnover. Recruiting and training can be difficult. Organizations that can successfully hire a CISO struggle to retain those individuals long-term. Unfortunately, lots of knowledge leaves when those CISOs leave. This constant change is stressful on the business.

  • vCISOs are business enablers who understand compliance and regulation.
  • vCISO can be a fantastic and trusted advisor to existing CISOs, CEOs, CIOs, CTOs, and to the Board.
  • vCISOs understand the vision and the goal of the business.
  • vCISOs cost a fraction of what an in-house CISO costs. vCISOs do not require benefits, bonuses or profit sharing, insurance or any ongoing training.
  • vCISOs can be a great mentor to someone that is not experienced and is fielding the role of a CISO.
  • vCISOs can be a turnkey solution to train and mentor an aspiring CISO.  
  • vCISOs can be an interim CISO while a candidate is selected and hired.
  • vCISO do not wear many hats. They are Chief Information Security Officers only.
  • vCISOs remain current on cybersecurity threats, compliance, and governance.  
  • vCISOs know how to run a cybersecurity program efficiently.
  • vCISOs are effective and efficient at moving the business cybersecurity posture from reactive to proactive.
  • vCISO typically have 20+ years of industry experience and hold several industry-recognized certifications.
  • vCISOs can offer peer review perspectives.
  • vCISO are scalable and flexible and succussion planning is built into your team of VISOs.
  • With a vCISO you have access to a specialist you normally could not afford.  
  • vCISOs come with a full arsenal of subject matter expertise.
  • No matter what business you are in, data and networks need to be secured and available for the business to function. Therefore, all businesses need a CISO.
  • A vCISO will give you confidence that your information security is of the highest quality.
  • When the Board of directors asks how do you manage cybersecurity and no one on your staff knows how to answer the question confidently.
  • When clients are asking you about privacy readiness exercises and no one on your staff knows what that means.
  • vCISOs are most common in small to medium-size businesses. Larger organizations with 1,000+ Employees have complexities that would typically require an onsite CISO.

That’s a big question. The question of whether to hire an in-house CISO or a vCISO comes down to the organization’s business strategy, as well as any constraints (such as a lack of budget).

If you are a Small to Midsize Business and are on the fence about what is right for you, you need an experienced security practitioner on staff but are not quite ready to onboard and bear the expense of a full-time job CISO. We would suggest starting with a vCISO to get the groundwork in place, then using our vCISO services in the interim while hiring and training a full-time CISO to take over the Information Security program.

Simplify Your Cybersecurity Journey

Curated Cyber eases the responsibility of cybersecurity oversight, ensuring comprehensive protection while simplifying the process for us.
- COO at a 400 million dollar community bank
Curated Cyber is like hitting the “Easy Button”, they just get it, making our jobs easier.
- Vice President at a 700 million dollar community bank
Curated Rules!
- President at a 400 million dollar community bank
Curated makes sure I can focus on everything else, the bank couldn’t do our jobs without them!
- Director at a 700 million dollar community bank
Curated Cyber has put my company ahead of the rest of our industry.
CEO of a Managed Service Provider

Share this: