Exploring what software for vCISOs is and what kind of tools it should provide to a vCISO. A good software platform will help a vCISO grow beyond just hourly fees, like ClearOPS does.
Lorem ipsum dolor sit amet, consectetur adipiscing elit lobortis arcu enim urna adipiscing praesent velit viverra sit semper lorem eu cursus vel hendrerit elementum morbi curabitur etiam nibh justo, lorem aliquet donec sed sit mi at ante massa mattis.
Lorem ipsum dolor sit amet, consectetur adipiscing elit ut aliquam, purus sit amet luctus venenatis, lectus magna fringilla urna, porttitor rhoncus dolor purus non enim praesent elementum facilisis leo, vel fringilla est ullamcorper eget nulla facilisi etiam dignissim diam quis enim lobortis scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis eu volutpat odio facilisis mauris sit amet massa vitae tortor condimentum lacinia quis vel eros donec ac odio tempor orci dapibus ultrices in iaculis nunc sed augue lacus
At risus viverra adipiscing at in tellus integer feugiat nisl pretium fusce id velit ut tortor sagittis orci a scelerisque purus semper eget at lectus urna duis convallis. porta nibh venenatis cras sed felis eget neque laoreet libero id faucibus nisl donec pretium vulputate sapien nec sagittis aliquam nunc lobortis mattis aliquam faucibus purus in.
Nisi quis eleifend quam adipiscing vitae aliquet bibendum enim facilisis gravida neque. Velit euismod in pellentesque massa placerat volutpat lacus laoreet non curabitur gravida odio aenean sed adipiscing diam donec adipiscing tristique risus. amet est placerat in egestas erat imperdiet sed euismod nisi.
“Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum”
Eget lorem dolor sed viverra ipsum nunc aliquet bibendum felis donec et odio pellentesque diam volutpat commodo sed egestas aliquam sem fringilla ut morbi tincidunt augue interdum velit euismod eu tincidunt tortor aliquam nulla facilisi aenean sed adipiscing diam donec adipiscing ut lectus arcu bibendum at varius vel pharetra nibh venenatis cras sed felis eget dolor cosnectur drolo.
I met my first security questionnaire in 2012. I thought it was a lawyer’s problem. Oh how wrong I was.
When George and I started pitching ClearOPS in 2019, we were met with blank stares or skeptical faces. I tried everything, even a scrolling security questionnaire in the pitch. No one really got it.
Except for those who did. You know the ones. The people who when you say the word “security questionnaire” shudder and start to get angry. Those were the people who kept us going.
Turns out, a lot of those people are called virtual Chief Information Security Officers, or vCISOs for short. One vCISO in particular, Cosant read our blog post called “The Cost of Security Theater” and reached out to me. Based on that conversation, I started to reach out to more and more vCISOs. All of them were being asked to fill out security questionnaires by their clients and seeing little to no ROI on them. That got us thinking.
However, most of the vCISOs we met were not ready to convert into customers. It wasn’t until we recently re-launched that I found out why. Security questionnaires are not consistent work. It is hard to justify spending money on a platform when you don’t know if you are going to use it. Plus, a bunch of “SOC2 in two weeks” companies were pushing the idea that a SOC2 would somehow, miraculously, eliminate the flow of security questionnaires to their customers. It does not.
Based on some advice I received, we formed the Security Expert Marketplace and inadvertently pivoted our business model into a marketplace. As part of the marketing strategy, we featured vCISOs in webinars where they could talk about hot topics. It was so much fun.
Because it was successful and, yet, we did not want to be in the marketplace business, we tried to figure out how to combine the Security Expert Marketplace with our existing software. Based on the feedback we had received up til that point, we knew our software needed tailoring. But, as you can imagine, vCISOs are busy. They did not have time to give us feedback on our software, let alone bring us into their day to day. So, we decided to take on a couple of clients ourselves. What better way to know what your customers need than to experience it yourself?
While I would never call myself a vCISO, one lawyer and another former CISO make a pretty good team for this work.
Here is what we discovered:
Implementing security is still a people and processes problem. Cybersecurity Ventures predicts that there will be 3.5 million cybersecurity jobs unfilled by 2025. In order for vCISOs to meet this demand by taking on more than one client, they need software that helps them scale.
Not software that replaces them.
That’s where ClearOPS comes in. We adjusted our software to address that repeatable, manual vCISO work that can be automated, like security questionnaires, collaborating on gap assessments, tracking implementation plans, automating security posture with sophisticated scanning and generating reports on vendors. Ideally, an all-in-one tool that supports a vCISO with multiple clients, keeping the client’s data segregated, but enabling the vCISO to access each client’s data without a separate email address for each.
That’s what we did and that is what we will continue to do. ClearOPS is laser focused on solving the scaling problem for vCISOs. Because if they can scale, then we have a fighting chance against the bad guys, which is a win - win situation.
You’re the best,
Caroline