June 20, 2023

ClearOPS Software for vCISOs

Exploring what software for vCISOs is and what kind of tools it should provide to a vCISO. A good software platform will help a vCISO grow beyond just hourly fees, like ClearOPS does.

ClearOPS Software for vCISOs

Sleek v2.0 public release is here

Lorem ipsum dolor sit amet, consectetur adipiscing elit lobortis arcu enim urna adipiscing praesent velit viverra sit semper lorem eu cursus vel hendrerit elementum morbi curabitur etiam nibh justo, lorem aliquet donec sed sit mi at ante massa mattis.

  1. Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
  2. Adipiscing elit ut aliquam purus sit amet viverra suspendisse potent i
  3. Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
  4. Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti

What has changed in our latest release?

Lorem ipsum dolor sit amet, consectetur adipiscing elit ut aliquam, purus sit amet luctus venenatis, lectus magna fringilla urna, porttitor rhoncus dolor purus non enim praesent elementum facilisis leo, vel fringilla est ullamcorper eget nulla facilisi etiam dignissim diam quis enim lobortis scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis eu volutpat odio facilisis mauris sit amet massa vitae tortor condimentum lacinia quis vel eros donec ac odio tempor orci dapibus ultrices in iaculis nunc sed augue lacus

All new features available for all public channel users

At risus viverra adipiscing at in tellus integer feugiat nisl pretium fusce id velit ut tortor sagittis orci a scelerisque purus semper eget at lectus urna duis convallis. porta nibh venenatis cras sed felis eget neque laoreet libero id faucibus nisl donec pretium vulputate sapien nec sagittis aliquam nunc lobortis mattis aliquam faucibus purus in.

  • Neque sodales ut etiam sit amet nisl purus non tellus orci ac auctor
  • Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti
  • Mauris commodo quis imperdiet massa tincidunt nunc pulvinar
  • Adipiscing elit ut aliquam purus sit amet viverra suspendisse potenti
Coding collaboration with over 200 users at once

Nisi quis eleifend quam adipiscing vitae aliquet bibendum enim facilisis gravida neque. Velit euismod in pellentesque massa placerat volutpat lacus laoreet non curabitur gravida odio aenean sed adipiscing diam donec adipiscing tristique risus. amet est placerat in egestas erat imperdiet sed euismod nisi.

“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum”
Real-time code save every 0.1 seconds

Eget lorem dolor sed viverra ipsum nunc aliquet bibendum felis donec et odio pellentesque diam volutpat commodo sed egestas aliquam sem fringilla ut morbi tincidunt augue interdum velit euismod eu tincidunt tortor aliquam nulla facilisi aenean sed adipiscing diam donec adipiscing ut lectus arcu bibendum at varius vel pharetra nibh venenatis cras sed felis eget dolor cosnectur drolo.

I met my first security questionnaire in 2012. I thought it was a lawyer’s problem. Oh how wrong I was.

When George and I started pitching ClearOPS in 2019, we were met with blank stares or skeptical faces. I tried everything, even a scrolling security questionnaire in the pitch. No one really got it.

Except for those who did. You know the ones. The people who when you say the word “security questionnaire” shudder and start to get angry. Those were the people who kept us going.

Turns out, a lot of those people are called virtual Chief Information Security Officers, or vCISOs for short. One vCISO in particular, Cosant read our blog post called “The Cost of Security Theater” and reached out to me. Based on that conversation, I started to reach out to more and more vCISOs. All of them were being asked to fill out security questionnaires by their clients and seeing little to no ROI on them. That got us thinking.

However, most of the vCISOs we met were not ready to convert into customers. It wasn’t until we recently re-launched that I found out why. Security questionnaires are not consistent work. It is hard to justify spending money on a platform when you don’t know if you are going to use it. Plus, a bunch of “SOC2 in two weeks” companies were pushing the idea that a SOC2 would somehow, miraculously, eliminate the flow of security questionnaires to their customers. It does not.

Based on some advice I received, we formed the Security Expert Marketplace and inadvertently pivoted our business model into a marketplace. As part of the marketing strategy, we featured vCISOs in webinars where they could talk about hot topics. It was so much fun.

Because it was successful and, yet, we did not want to be in the marketplace business, we tried to figure out how to combine the Security Expert Marketplace with our existing software. Based on the feedback we had received up til that point, we knew our software needed tailoring. But, as you can imagine, vCISOs are busy. They did not have time to give us feedback on our software, let alone bring us into their day to day. So, we decided to take on a couple of clients ourselves. What better way to know what your customers need than to experience it yourself?

While I would never call myself a vCISO, one lawyer and another former CISO make a pretty good team for this work.

Here is what we discovered:

  1. We decided to use the UpWork platform. Wow, is the competition fierce and the pay is peanuts. Most companies want to pay $30-$50 an hour for vCISO work. That is so below market it is laughable. Even at the top end of the range, that is $96k per year for full-time. The average CISO makes $463,000 per year. If you are starting out, you can find your break through clients, but I don’t recommend it long term.
  2. Security questionnaires are everywhere and the impetus behind everything, but are also abused. One company wanted us to guarantee that all the answers we helped them draft would give them a 100% score. Yikes (we declined that work). Plus, no one wanted to build their answer database with a past questionnaire because they wanted it to have the good answers we were going to implement for them.
  3. Most vCISOs start with a gap assessment which sounds logical, but more often than not, they are not the starting point. Every single job we took, we were supposed to do a gap assessment first. And yet, for every single job, the first task was policies. Even if you are helping a company with Drata, Vanta, Secureframe, Tugboat Logic, etc. they need you to customize policies. Clearly, the starting point is policies because clients need policies to respond to customer security questionnaires.
  4. Doing a gap assessment is very, very hard because of the coordination amongst the internal stakeholders. The first hard problem is finding the person who can tell you what the current security posture is. It’s an extremely large hurdle!
  5. Implementing a plan to improve security is as hard, if not harder, than the gap assessment. If you struggled to find someone internally to help you measure the gaps, it is equally as hard to find someone to implement the changes.
  6. SOC2 is all the latest craze. Seriously, everyone wants a SOC2 and no one has any idea how to get there. They don’t realize it is as complex and time consuming as a financial audit.

Implementing security is still a people and processes problem. Cybersecurity Ventures predicts that there will be 3.5 million cybersecurity jobs unfilled by 2025. In order for vCISOs to meet this demand by taking on more than one client, they need software that helps them scale.

Not software that replaces them.

That’s where ClearOPS comes in. We adjusted our software to address that repeatable, manual vCISO work that can be automated, like security questionnaires, collaborating on gap assessments, tracking implementation plans, automating security posture with sophisticated scanning and generating reports on vendors. Ideally, an all-in-one tool that supports a vCISO with multiple clients, keeping the client’s data segregated, but enabling the vCISO to access each client’s data without a separate email address for each.

That’s what we did and that is what we will continue to do. ClearOPS is laser focused on solving the scaling problem for vCISOs. Because if they can scale, then we have a fighting chance against the bad guys, which is a win - win situation.

You’re the best,


About the author

I really enjoy helping people. I am terrible at receiving help.

Subscribe to our newsletter

Thanks for subscribing to our newsletter
Oops! Something went wrong while submitting the form.
Subscribe To Our Newsletter - Sleek X Webflow Template