As we have explained in previous articles, there are several types of IT security specialists that are valuable to companies and organizations fending off (or recovering from) Cyberattacks. Three of these specialists are:
- Chief Information Security Officer (CISO)
- Fractional Information Security Officer (FISO)
- Virtual Chief Information Security Officer (vCISO)
In this article, we’ll compare these three kinds of specialists, including how they benefit the companies they work for.
Pros and cons of hiring a staff CISO
Some businesses hire a staff Chief Information Security Officer (CISO) because they want one professional devoted full-time to their company. They reason that the CISO will be fully immersed in their business and not distracted by work for other clients.
That said, businesses should also be aware of some potential drawbacks of hiring a staff CISO. One consideration is the high cost. Depending upon a CISO’s level of expertise and the size of the company, he or she may command an annual salary in the range of $185,000 to $400,000. Additional costs of hiring a staff CISO include a benefits package, stock options, bonuses, etc.
Also, the average tenure of a CISO is just under two years. The burnout rates are very high, and the amount of stress that is placed a CISO can easily detract from their focus on the tasks and projects they are hired to accomplish.
Another key aspect to keep in mind is that the CISO will have a limited range of expertise. While a CISO may be highly skilled in one specific area, those skills will not necessarily transfer to other areas of Cybersecurity that are needed by businesses today.
How are the FISO and vCISO different?
There is very often confusion about the different roles played by a Fractional Information Security Officer (FISO) and Virtual Chief Information Security Officer (vCISO). Both the FISO and the vCISO are typically hired as part of an Managed Service Provider (MSP) contract. This means that they work for your company on a contractual basis, so you can terminate the contract and onboard them at a later date as needed.
A FISO is typically hired on a sporadic basis, working far fewer hours than a vCISO does. This makes hiring a FISO a much more affordable option, especially for the SMB.
A vCISO, on the other hand, is usually hired on a full-time, contractual basis for a predetermined period of time.
Now that you understand the different functions of the CISO, vCISO and FISO—as well as the advantages and disadvantages of hiring them—you can make a more informed decision about hiring specialists to help address your company’s Cybersecurity needs.
Ravi Das is a Cybersecurity Consultant and Business Development Specialist. He also does Cybersecurity Consulting through his private practice, RaviDas Tech, Inc. He also possesses the Certified in Cybersecurity (CC) cert from the ISC2.