What it takes to be an interim CISO

Being an interim or virtual CISO (vCISO) comes with many of the same demands of permanent security leadership roles, but also has its own unique challenges and rewards.

A silhouette composed of a series of clocks  >  time / transition / impermanence
Thinkstock / Tomislav Jakupec

Whether interim or virtual, non-permanent CISO roles are becoming more common. They help fill a gap for companies unsure of, or unable to find, what they need on a permanent basis and offer benefits to experienced security professionals who want more variety in their role.

These temporary roles offer many of the same challenges faced by permanent CISOs, but also offer unique challenges for those taking up the position and require additional skills and traits.

The role of the interim CISO

Four percent of UK companies are outsourcing the top security role to a virtual CISO (vCISO), CISO-as-a-service, or another third-party organization, according to CIO UK's 2019 CIO 100 survey, twice as many as the year before. A recent ESG survey suggested non-permanent CISO roles are becoming more appealing to professionals with 21% of those surveyed saying they are considering taking such a position. A further 33% are open to becoming a virtual CISO in the future.

Interim CISOs come in many forms. They may be there to help set up a particular project or initiative such as implementing an ISO 27001 framework, building a dedicated security function for an organization that hasn’t had one before, or dealing with the aftermath of a security incident or audit.

Sometimes interim CISOs are there as a stop-gap between two permanent hires. CISOs are often in high demand, and the recruitment process can take months. An organization’s security operations can’t stand still in the meantime, so interims can keep the security function ticking between permanent appointments and help with the recruitment process. Interim CISOs in “holding the fort” roles, however, can have the least impact on an organization.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.