Sitemap

Do We Need a Virtual CISO?

To a harried CTO who is tasked with dealing with security issues at the expense of his cloud migration efforts, a vCISO to make some of that work/pain go away sounds like the answer to a prayer. But is the vCISO an expensive luxury that is likely not cost justifiable?...

Need to Sway Your CFO on a Big Project? Leave Jargon at the Door.

With the rise of compliance mandates like the Cybersecurity Maturity Model Certification (CMMC) or the California Privacy Rights Act (CPRA), many IT leaders find themselves needing to influence organizational decisions around major new cyber initiatives. Do you up...

IT Leaders: Here’s How Your CFO Thinks

When IT and cybersecurity executives sit across the table from business executives, the two groups think about organizational issues differently. This frequently leads to problems and disconnects when business-critical expenditures or initiatives are under...

IT Leaders: Here’s the #1 Way to Influence Your CFO

All too often there’s a disconnect between technology leaders and business leaders. We tend to talk different languages—bits, bytes and acronyms on one side, ROI and balance sheets on the other. What frequently happens is that technologists collectively create a plan...

MSPs – Here’s How to Choose Good Customers and Avoid the “Wildcards”

It’s hard enough for outsourcers to choose the right Managed Service Provider (MSP). But how do MSPs go about finding the right customers? To inform the MSP industry on everything from customers to trends to standards, a recent episode of The Virtual CISO Podcast...

What is MSP Verify and Why Do I (as an MSP or Outsourcer) Care?

If you’re shopping for an MSP, what do you have to go on besides promotional copy, seat-of-the-pants research and maybe some peer recommendations? Is there an objective way to evaluate an MSP’s technical capabilities, business operations, security posture and overall...

13 Million Reasons Why You Need to Scope before You Do a Gap Assessment

Over the last 20+ years, one of the most frequent questions I’ve answered for clients that need to move to a (more) “provably secure” state (e.g., ISO 27001 certification, CMMC compliance, SOC 2 attestation) is “Why don’t you just start with a gap assessment like...

MSPs and MSSPs: What’s the Difference?

Managed Service Provider (MSP) business models have evolved from onsite, break-fix services to your-IT-department-as-a-service. Many MSPs now fulfill CIO/CTO type roles for their SMB clients, as well as covering all tactical IT positions—including security. So are...

How Will Cloud Computing Impact MSPs?

The stampede to cloud brings with it a new lexicon, new technology options and new ways for SMBs to mix and match vendors and service providers. How does today’s managed service provider (MSP) role fit into the evolving cloud picture? What will the impact of cloud...

CMMC and MSPs – Opportunity or Threat?

There’s no question that the DoD’s Cybersecurity Maturity Model Certification (CMMC) is impacting more organizations than any information security framework in history. For MSPs that want to do business with the US federal government or its supply chain partners in...