Evaluating the CvCISO Program--Midway Point
Greg Schaffer
Servant - SMB Advisory CISO - vCISO - Author - Podcast Host - SME Contributor - Mentor - Entrepreneur - Owner vCISO Services, LLC and Second Chance Publishing, LLC - CISO Novelist - Veteran
A couple of months ago, I posted I was planning to evaluate SecurityStudio 's CvCISO program. We have reached the halfway point, a good time to provide an update. I must profess up front, though, that because of workload and scheduling conflicts, I have not been able to attend all of the classes. However, I have reviewed the videos (they are recorded) and/or slide decks as well as completed the homework and quizzes, all in the learning portal.
The first half of the course is all about learning. The goal is to level-set everyone so all have the same baseline knowledge. It remined me of prepping for the CISSP nearly 20 years ago, including revisiting cryptography, my nemesis. This aspect of the course is challenging and interesting. This is not simply a "throw facts at you to memorize" strategy. Each topic is covered extensively, and discussion is encouraged. Real-world examples are presented, as are reference items that the student is encouraged not only to review but also consider using in their virtual CISO practice. Some items I would have presented differently, or left out, or added, but all of that is minor and would be nit-picking. Overall, the topics covered and their presentation are solid.
Yet the first half of the 10-week, 60-hour course isn't just about baseline technical and risk management knowledge. We covered items specific to the virtual CISO world, such as customer relations and what exactly a virtual CISO does. The latter is important, perhaps more so today, in an environment where the term "vCISO" has become quite diluted. Understanding the vCISO role is critical to being a vCISO. I've noted before that not all CISOs can be virtual CISOs; the skillsets have much overlap but there are differences.
领英推荐
I think one of my favorite aspects of this experience is the community that is growing from this class. Leveraging Discord also helps to create interactions. This is important in the development of the virtual CISO as none of us operate in a vacuum. The more resources we can ping, the better we are serving our clients. After all, service is the end goal. The whole reason for the CvCISO program is not to add yet another certification to an already saturated field, but rather to solve a problem. That problem is SMB security, which I write and talk about extensively (for example, check out my 2024 BSides Nashville presentation on this topic).
All in all, my view at the halfway point is the CvCISO program hits on all cylinders, exceeding my expectations (and I set the bar high internally). The second half, as I understand, will be more about applying knowledge. Unless the situation warrants otherwise, my next update will be at the end of this phase (and the course) and before taking the CvCISO exam. See you in five weeks!
Do you know where your data is? Retain your sanity and save $$ by improving data security | HITRUST User Group leader | Securi-TEA party maven
10 个月I was just thinking earlier today that I had not seen an update on the course in a while. Great milestone to accomplish and summarize your journey so far. Thanks for keeping us informed along the way and good luck on the second half.
Cyber Imagineer | Problem Solver | Senior Risk Analyst | Navy Veteran | Coach | Humanist
10 个月Really appreciate your insights on this course Greg! I'm keen to take this on to expand my own skillset but wanted to be sure that it was fully fleshed out. From your analysis, it sounds like a good investment in time and money.
Cybersecurity Cowboy | CETL | CvCISO | CCRE | WyTEL President | Consultant | Father | Husband | Servant
10 个月I got more out of the second half. The first part was a great review and accentuated some of my weaknesses, but I definitely liked the second part more. I'm enjoying your reviews.