Hiring aChief Information Security Officer

A VCISO is a Chief Information Security Officer that works on behalf of several companies at once.

The market named what we do a Virtual CISO or Fractional CISO. We use that terminology to make it easy for people to know the general service that we provide. We also refer to ourselves as a VCISO or a VxCISO, which means a VioletX Virtual CISO.

A Virtual CISO performs different functions to a company, depending on what they need. Some serve in the role of the CISO, represent the company to customers, and set strategy. Some operate as an entire security team and deliver all aspects of security. Others act as a temporary teammate for times of rapid hiring or acquisition prep.  

People hire a VCISO for several reasons. One reason is to share the cost of a very expensive and senior leader, often while hiring an internal teammate under them to be trained into a security role.. The other is to rapidly grow a cyber program, something a VCISO can perfect because they are repeatedly performing this function for other similar companies.

A VCISO should be a CISSP, which is a Certified Information Systems Security Professional. Ideally, they should have worked as a CISO for several years at other reputable companies, have a background in both strategy and delivery, and also have experience with incident responding.

Customer onboarding is what we do the best. We have rapidly built security programs and prepared for exists for dozens of companies. Many customers provide access to their existing programs, contracts, tools and open tasks and we get going immediately. Others have a formal process where we integrate into executive meetings. We have onboarded most ways.

VioletX specializes blending together very diverse projects into one integrated work space..
Our customers are able to build total cybersecurity programs, while completing immediate
issues like open customer requirements and audits.  We make it easy by tracking our work
with our customers, as well as breaking down the resources that are required from their
team in advance, with the priority of removing as much as possible from the engineering
teams.

We fully take over the SOC2 process for our customers and work directly with their auditor.

There is not a technology that can fully automate cybersecurity. Cybersecurity tools require human interaction.  Cybersecurity policies and procedures must be created by a professional that understands both cybersecurity and the specific business of topic. We provide for free and also partner with many commercials tools.  We bring capabilities of point solutions together, correlate everything and find the most urgent work to be done.

All of our customers operate across several frameworks that we blend and map to business operations and strategy. This allows us to master aspects of cybersecurity like value at risk and threat management. It also allows us to meet business goals like building business continuity, creating an acquisition-worthy program and closing deals.

A VCISO a the strategy and builds a program so that you can cleanly scale. Many of our customers have existing security programs and come to us to become more efficient and effective. Others are hiring their first team members and want to correctly lay a foundation. Our work allows companies to scale towards high-quality enterprise security.

Most of our contracts are annual, with the majority of our customers renewing. That said, we welcome customers to use us as it fits their goals.

A large part of our job is to measure ourselves. From the onset, our customers see a large volume of work as we re-write their entire suite of policies and procedures, complete outstanding audits and questionnaires, and create program plans. We also measure the efficacy of our work analytically.

VioletX uses many open source tools to service our customers the way that an internal cybersecurity team would. Moving forward into 2022, we begin to provide the MVP of our product that will compliment and extend the work that we do today as a feature of our engagements.

While VioletX VCISO customers currently renew 99% of the time year-over-year, it is our intent to help companies build programs that they could ultimately take in house to be led by a Director of Security or engineer. We work alongside these roles in companies to prepare for this strategy.