InfoSec Strategies

What’s a vCIO? Wait… What’s a CIO?

Reading Time: 2 minutes

Last Updated on July 22, 2020

Virtual CIO (vCIO)
There’s growing buzz around the virtual CIO (vCIO) concept, especially now as SMBs struggle to wrap their IT capabilities around increased teleworking and other changes resulting from the COVID-19 pandemic.
Is a vCIO relationship right for your business in these turbulent times? And what is a vCIO in the first place? What skills and focus should that person/role have?
Look online for definitions and most of what you’ll find is circular reasoning: “A vCIO is a part-time or outsourced CIO.” OK—so what should a CIO be?
To get that answer, we invited Darek Hahn to join host John Verry, Pivot Point Security’s CISO and Managing Partner, on our “Virtual CISO Podcast.” Darek is CEO of VelocIT, a managed service provider and IT support firm that focuses on IT leadership, strategy and planning—“Making sure IT is aligned with the business versus just IT for IT’s sake,” Darek explains.
Most people think of a CIO as a technology person, but Darek strongly disagrees: “To me, a CIO is a business person, not a technical person. We have too many technical people acting as CIOs who drive things because it’s technical, not because it’s a business solution. The best CIOs I’ve met are ones with MBAs that really understand the finance behind it, understand the business need, and can really drive things from a business perspective.”
In Darek’s compelling view, the CIO should serve as a liaison between IT and the business. He or she should be focused on how technology decisions will help the business either from an efficiency standpoint or by generating revenue. These drivers “…should be the most important things you talk about when you talk about new IT solutions,” Darek emphasizes.
With the CIO translating the business need and vision into an actionable technology plan and roadmap, the CTO becomes the technology implementer, who determines how best to accomplish and support that roadmap with technology solutions. Business use cases come first and technology decisions second.

So how does a good vCIO differ from a typical MSP consultant?

The latter might be asking business questions, but generally has more of a solution/sales focus. As Darek says, “A lot of MSPs are selling account management. I want to have the business conversation with the client. … If somebody wants to be that trusted advisor with a CIO kind of mindset, they need to be talking about the business; what they’re trying to accomplish.”
As an example, Darek cites an SMB manufacturer that said they wanted to move to Office 365 “because everybody is.” But their business goal was to invest as little as possible in technology. So Darek recommended Google because it was cheaper, yet met their business needs. “This is the part of the conversation that nobody has with them, because they want to sell them Microsoft.”
If you’re considering engaging a vCIO, this podcast on “The Virtual CIO: What It Is and What It Isn’t” is the ideal starting point. Click here to view this and any of the growing number of episodes in Pivot Point Security’s “Virtual CISO Podcast” series.

ISO 27001 Roadmap ThumbnailISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know –
and things you may already be doing.

Get your ISO 27001 Roadmap – Downloaded over 4,000 times

Back to list

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *