Virtual CISO (vCISO) & Virtual Security Team Services
Expert Security Knowledge Within Your Organization
Pivot Point Security’s Virtual CISO (vCISO) & Virtual Security Team Services Provide Access to a Security Leader and Team of Experts that Build and Execute Your Security Roadmap.
Most small to medium-sized organizations need information security expertise and direction but not enough to justify the high cost of a full-time expert. Pivot Point Security’s (PPS) Virtual Security Team led by a vCISO and supported by a Program Manager gives you and your company on-demand security expertise for a fraction of the cost to hire a full-time expert.
What is a vCISO & a Virtual Security Team (vST)?
vCISO (Virtual Chief Information Security Officer)
A Virtual Chief Information Security Officer (vCISO) maintains the same responsibilities as a conventional CISO, building and maintaining the company’s security vision, strategy, and program to ensure information assets and technologies are adequately protected.
However, a vCISO affords an organization flexibility in terms of:
- Breadth – PPS’s vCISO, with the help of its Virtual Security Team (vST), can address all your information security needs related to your business or PPS can stay focused on a select few areas that may have the most significant impact and importance to your business.
- Depth – PPS’s vCISO can provide high-level guidance across all information security objectives as well as dive deep in areas where there is significant risk. With the support of a highly experienced team of subject matter experts our vCISO is always prepared to guide you and your business at a strategic and tactical level working as an extension of your team.
- Frequency – a vCISO can act as a semi-permanent fixture within an organization or can integrate as appropriate to meet long-term goals
vST (Virtual Security Team)
A Virtual Security Team is the group of subject matter experts and implementers available to support the vCISO at any time to assist in the development and maintenance of your information security management system. A vST may include experts in the following areas:
Here’s how vCISO and vST services work
- Scope – The Pivot Point Security team will conduct a scoping exercise to understand critical information, processes that act on them, assets that support the processes (systems/personnel/vendors), and laws/regulations/contractual obligations. In addition, we discover other internal/external issues that impact risk and risk treatment decisions. The result is a clear understanding of current business and technology initiatives impacting risk.
- Risk – PPS conducts rapid risk assessment to understand inherent risk.
- Gap – PPS conducts a rapid gap assessment to understand maturity of key information security controls and leverage the assessment to quantify residual risk.
- Vision – PPS establishes an over-arching vision for information security and a strategic roadmap to achieve it.
- Priorities – PPS engineers priorities/objectives for the first 90 days
- Treatment – Develop risk & gap treatment plans that will feed into a strategic roadmap.
- Manage – PPS will meet regularly (often bi-weekly) to track progress against the plan, address any existing issues impacting the plan, discuss new issues, and tune the plan as necessary.
- Improve – PPS will meet quarterly to assess our performance and establish our next 90- day plan.
Learn More About VCISO:
Meet Some of Our Team
John Verry – Managing Partner
John has over 21 years of information security experience. He has a wealth of experience in information systems consulting and auditing, ISMS implementation, and security risk assessments. John has developed 20+ certifiable ISO 27001 Information Security Management Systems for major U.S. Law Firms. In addition, John has worked with a major U.S. city, a state-owned Public Transportation System, and many other local government entities on topics such as Third Party Risk Management, IT audits, Risk Assessments, and security policy and procedure assessment and development.
Pivot Point Security Areas of Expertise
- PPS helps clients get certified to trusted information security frameworks like ISO 27001, NCSF, SOC 2, ISO 22301, HITRUST and achieve compliance with important laws and regulations like PCI, HIPAA, & NY DFS 500, NIST 800-171, and GDPR with our GRC consulting and auditing
- PPS helps clients validate that their key networks, applications, and systems are secure by performing vulnerability assessments, penetration tests and gap assessments
- PPS ensures clients manage vendor risk by helping them build and operate Third Party Risk Management programs
- PPS turns employees from our client’s greatest security threat to their greatest threat detection mechanism through our security awareness education & social engineering assessments