Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

What Does a Virtual CISO Do, and When Should an Org Have One?

Organizations can turn to a virtual CISO to build a tailored security strategy; they don't need to wait till they have an in-house security leader.

Aaron Boissonnault, CISO, Navisite

September 3, 2021

2 Min Read
Group of people around a conference table
Rawpixel.com

Question: What does a virtual CISO do, and when should an org have one?

Aaron Boissonnault, Chief Information Security Officer at Navisite: Virtual CISO (vCISO) services give companies on-demand access to cybersecurity leadership, expertise and guidance. This enables companies to overcome the time-consuming and costly challenge of finding seasoned cybersecurity leadership and expertise to help them build a tailored security strategy; identify gaps in their security program; and put the right teams, tools and processes in place to reduce risk and support continuous improvement.

A good vCISO service should assess cybersecurity risks, develop a security roadmap, develop policies and procedures, help companies align with regulatory compliance and governance goals, and track performance of and continuously improve upon cybersecurity programs. And, a strong vCISO service not only comes with a named virtual CISO, but also with access to the entire cybersecurity team supporting them—all of whom are focused on securing your business from cyber threats.

There are a number of scenarios when a company should consider a vCISO. Cybersecurity is a full-time job and if the IT team is responsible for a company’s cybersecurity, a vCISO can provide much needed strategic insight and alleviate the IT team’s responsibilities. Another scenario is if a company is in the midst of moving its operations and applications to the cloud. A vCISO can provide the expert guidance and support to securely move to and operate in the cloud and offer shared responsibility model expertise. This helps companies put the right security controls in place to significantly reduce risk and fully reap the rewards of the cloud. One last scenario is if a company doesn’t have an up-to-date security plan. A vCISO can help companies develop and implement a tailored cybersecurity plan, which assesses the changing threat landscape, and addresses any potential compliance regulations a company must consider.

About the Author

Aaron Boissonnault

CISO, Navisite

Aaron Boissonnault is responsible for security and compliance programs at Navisite, overseeing the delivery of managed security and advisory services to help customers maintain the highest levels of cybersecurity protection. He has nearly 20 years of experience helping organizations build world-class, enterprise-level security programs.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights