Does your organization use vCISOs or CISOs?

Team & Organizational Design

vCISO28%

CISO71%


757 PARTICIPANTS
2.5k views2 Upvotes7 Comments
IT Director, Technology Services in Manufacturing, 501 - 1,000 employees
no
1 1 Reply
Director, Information Security Engineering and Operations in Manufacturing, 5,001 - 10,000 employees

I don't think that it was a yes/no question. Did you mean that your org has no CISO?

VP of Global IT and Cybersecurity in Manufacturing, 501 - 1,000 employees
Depends on the business and how its setup, for most places the CISO reports directly to CEO or board members. VCISO is an outsourced security program which interacts with an internal liaison resource.
1 1 Reply
Assistant Director IT Auditor in Education, 10,001+ employees

Ideally, the CISO should report to the CEO, but many organizations the CISO reports to the CIO. This reporting structure is flawed, because the CIO may control the CISO's budget.

Senior Technology & Management Consultant in Retail, 10,001+ employees
No organization can claim that Security is not important to them. But the same argument holds good for other horizontal concerns such as performance, reliability, privacy, compliance etc. So do we have a separate role for taking care of each of them? Obviously not. All horizontal concerns are the joint responsibility of everyone in the organization and hence a virtual role is mostly preferable. I have seen organizations where the CISO has a parallel ops team, engineering team and testing team. In short he/she runs a parallel organization that is not so closely connected with engineering. I don't think that is desirable.

Having said that, there are organizations where compliance, security et all constitute a full time job. In these organizations it is good to have a full time CISO who also may have other responsibilities such as compliance, regulation, privacy etc. This person may have a band of experts. But it is important that this person is also supplemented by a virtual team of engineers who are schooled in security, privacy etc. Otherwise, they tend to get more "academic" or even worse become policy cops. No one wants that!
4
Assistant Director IT Auditor in Education, 10,001+ employees
When someone is held accountable, you tend to get better results or service. The vCISO does work for some organizations based on the type of business they do.
VP of IT in Software, 1,001 - 5,000 employees
The challenge with vCISOs or what I equate to CISO-as-a-service is the lack of accountability. It is still a consultancy service by and large.
3

Content you might like

If you are a current SAP customer, when do you plan to migrate to SAP S/4HANA?

People & LeadershipStrategy & ArchitectureCloud+73 more

No plans on undergoing a migration yet34%

Currently deploying SAP S/4HANA27%

Migrating to SAP S/4HANA within the next 1-2 years19%

Migrating to SAP S/4HANA within the next 3-6 years10%

Already have SAP S/4HANA in production9%


3998 PARTICIPANTS
31.5k views154 Upvotes32 Comments

If you’ve hired a staff engineer, what role do they fill in your org?

Team & Organizational DesignEngineeringTalent Sourcing & Hiring

Team lead15%

Project lead63%

Domain lead8%

Architect13%


52 PARTICIPANTS
380 views

Any guidance for an org that’s growing its software engineering team to a distributed, global model? What mistakes are commonly made that should be avoided?

EngineeringTeam & Organizational DesignTalent Management & Performance
21 views

What's a quick win for optimizing spend? What's been your focus or "lowest hanging fruit"?

People & LeadershipStrategy & ArchitectureCloud+28 more
Read More Comments
1.5k views4 Upvotes3 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
48.7k views133 Upvotes326 Comments