Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. View our editorial policy here.

Cybersecurity is, to put it mildly, a hugely complicated web of tools, considerations, and compliance needs that every business needs to follow in some capacity to stay safe in the modern threat landscape.

For many small- and medium-sized businesses (SMBs), and even some companies at the public enterprise level, the costs associated with getting and staying secured can be overwhelming and impossible to fulfill. One of the hardest challenges, both financially and operationally, is having the right professionals onboard. MSPs and MSSPs have long filled the void for most technical needs, but security advisors are now taking this one step further.

vCISO addresses growing security gaps

A virtual chief information security officer (vCISO) might conjure images of robots, chatbots, or shadowy non-human figures lurking in the dark. In reality, vCISO offerings are less sci-fi fantasy, but more practical importance, for many jumping on the trend.

vCISO programs, or in the case of Pittsburgh, Pa.-based Echelon Risk + Cyber, “Security Team as a Service” programs, aim to provide businesses additional security expertise and strategic resources.

“We are not an IT vendor. We take a top to bottom approach with each business and advise them on how their security practice affects their goals,” said Hernan Popper, Founder and Principal Consultant at Canadian firm POPP3R CYBERSECURITY. “We ask questions like, ‘do you have policies documented for employees? What are security processes like at your business?’ because these issues matter more than just what tech they use.”

“Traditionally, providers and businesses see cybersecurity as a technology problem and then try to use technology to fix it,” said Dan Desko, CEO and Managing Partner at Echelon Risk + Cyber. “We say security is a people problem, and businesses need to get the right team in place to identify problems, and then they can bring technology in as the next step.”

Security advisors work with MSPs, MSSPs for client success

Popper and Desko both explained their businesses are not in the MSP or MSSP model, as neither company’s offering includes the selling of technology solutions. Both also said that for this reason, they often work in tandem with a business’ solutions provider to form a holistic team that together addresses the full security needs of a client.

While each vCISO program is unique to the company offering it, there are a standard set of problems that almost all programs aim to solve for businesses, including:

  • Understaffing, or no staffing, of in-house IT leadership.
  • Lack of capacity for existing in-house IT professionals to take on additional strategic projects.
  • Need for specialized expertise for strategic goals, including certifications and compliance requirements.

Some partners are packaging their expertise with their offerings in a vCISO bundle of sorts that adds an elevated, personalized experience to their customers above and beyond the basic provisioning of products. Others are building security operations offerings from scratch to customize their vCISO programs to each client’s business needs and goals.

Some firms also turn to platforms created by a growing number of vendors in the channel who build what they promise to be a scalable, efficient product for partners to utilize with their vCISO clients.

Vendor platforms enter the equation for advisor ease of use

One of these vendors is Cynomi, which recently entered a strategic partnership with technology vendor Cavelo and claims “hundreds” of channel partners. The company’s platform promises increased efficiency through AI-powered automation capabilities.

“We provide a vCISO platform that empowers MSPs, MSSPs and consultancies to provide CISO-level cybersecurity services to any organization,” said David Primor, CEO of Cynomi. “We’re 100% channel focused and sell only through partners. The platform is partner-oriented and helps service providers improve efficiency, reduce costs, increase their sales, and maintain high-quality service.”

Cynomi’s commitment to the IT channel and the various types of consultants and providers within it is based on the team’s belief that service providers who can build and scale vCISO offerings will stay ahead of business trends while keeping businesses more secure.

“More SMEs are seeing the benefits of bringing in a vCISO to tackle their security needs, which turns vCISO into an amazing opportunity for MSPs and MSSPs to grow their businesses in the cybersecurity direction,” said Primor.

POPP3R is one of the hundreds of companies using Cynomi. To Popper, the vendor is much more than just a cost-saving piece of technology.

“I spent 18 months researching solutions and platforms before I committed to using one, and Cynomi is helpful for way more than just saving time,” said Popper. “The community I have found is so helpful. Before I was so isolated, but I realized I could really learn from others through Cynomi.”

Popper also highlighted the capability of a platform like the one offered by Cynomi to provide the necessary documentation to achieve varying compliance and certification needs for businesses, such as CMMC 2.0, NIST 800-171, and requirements from various government and third-party agencies.

Demand continues to grow for vCISO offering

Popper, Desko, and Primor all have different clients in different locations, and Cynomi is a technology vendor, not an advisor, but all agree vCISO and similar programs will only continue to gain popularity in the future.

“One of the biggest challenges businesses face in the security market is that there is so much product saturation,” said Desko. “A lot of things promise to be perfect and keep a business secure, but then a business might not actually be as secure as it thinks it is, because a perfect security product doesn’t exist.”

Enterprises of all sizes can benefit from an increased scrutiny of their security programs and practices. For many, vCISOs provide that scrutiny; and coupled with the technology services offered by an MSP or MSSP, they can provide end-to-end security resourcing at a time when incidents, breaches, and outages seem to happen every week.

MSPs and MSSPs considering additions or changes to their offerings can compare important features with our guide to security software.

Subscribe for updates!

You must input a valid work email address.
You must agree to our terms.