July 24, 2020

Last Updated on March 16, 2023

The virtual CIO (vCIO) role has been rapidly gaining momentum—and the IT turmoil brought about by the COVID-19 pandemic has only heightened the interest.
If your company is ready to engage a vCIO, what skills and traits should you look for?
Most people would probably put technical competence at the top of the list.
But according to Darek Hahn, a recent guest on our “Virtual CISO Podcast,” that view is dead wrong. Darek is CEO of VelocIT, a leading managed service provider and IT support firm that focuses on IT leadership, strategy and planning. With help from host John Verry, Pivot Point Security’s CISO and Managing Partner, Darek outlined exactly what makes a great CIO/vCIO, and what makes a poor one.
Darek starts out by explaining why a CIO/vCIO must have a business orientation rather than a technical orientation. “Do they love business?,” Darek asks. “Are they fascinated by how business operates? Are you interested in the whole business, not just the technology piece of the business?”
Darek further notes that a CIO/vCIO needs to be data-driven. “They should trust numbers. Too many people in the IT world want to do by their brain and their opinion.”
What’s the single most important CIO/vCIO competence? Darek asserts: “Can they manage up? … They have to communicate with the board of directors, with the C-levels. Can they communicate at a level that those people will understand versus at the jargon level? … Are they a really good educator/communicator? … It’s a weakness in IT in general, the whole communication area.”
“To me, a really good-quality CIO has a financial background, communicates well, and loves the business; loves understanding the business,” Darek sums up.
John recognizes just how thought-provoking Darek’s view is: “If I asked that question to a hundred people… I would venture to say 95% of them would not have mentioned three-quarters of what you mentioned. … I don’t think at any point in there you mentioned technical competency.”
Darek then clarifies exactly where technical competence comes into the CIO/vCIO role: “I would argue that if you’re hiring a CIO to be technically competent, they’re going to end up being in the weeds all day, because they’re going to love that technology…”
He then notes the difference between being able to dig in and fix something versus understanding at a higher level how something works. “So the understanding of technology in a general sense and how it works and how things interact with each other, I think is extremely important,” Darek qualifies.
John draws the direct analogy between those same attributes being equally important in the vCISO services that Pivot Point Security provides.
If your company is looking to onboard a vCIO, don’t miss this podcast on “The Virtual CIO: What It Is and What It Isn’t.” To view this or any of the episodes in Pivot Point Security’s “Virtual CISO Podcast” series, click here.

ISO 27001

ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times