Can’t Hire a CIO or CISO? Go Virtual

Pay rates for C-level execs in IT have skyrocketed amidst an acute shortage of IT talent, the rush towards digitalization, and an unprecedented wave of cyberattacks. 

Because CIOs and CISOs play such a critical role in leading and supporting the business, these positions are in high demand and come with a hefty salary expectation—nearly $170,000 USD, according to Payscale.com. Businesses looking to hire one or both of these roles may not be able to afford a full-time hire, especially when compounded by the hiring crisis.

Thankfully, help has arrived. Organizations that can’t find a suitable CIO—or can’t afford one—may find an alternative solution in virtual CIO (vCIO) and vCISO services. 

Challenges with traditional C-suite hiring

The virtual CISO market is perhaps the most popular area of the virtual executive market. As some studies point to a 500 percent increase in cybercrime over the last two years, it’s become clear that the role of a CISO is essential to the long-term viability of the company. However, not every company can find the right CISO for the right price.

Rising salary expectations

The cybersecurity hiring market has turned into a bidding war. Even entry-level positions for fresh graduates trained in cybersecurity can earn a six-figure sum. The higher up the organizational chart you go, the greater the experience and qualifications of candidates. Thus, the salaries keep rising. 

The problem is even more acute in some states. New York and others, for example, have mandated that every firm operating within certain regulated markets MUST have the CISO position filled. This is fine if you are JP Morgan but not so fine if you are a small startup trying to gain a toehold in the potentially lucrative financial services sector. 

Conditions such as this have pushed the average salary of a CISO in the greater New York City area up to $273,030. Only a small percentage of the firms impacted by such rules can afford this salary range. In any case, there aren’t enough CISOs to go around. 

Read more: Hiring Crunch Hits IT

Personnel shortages

In addition to high salary expectations, personnel shortages have contributed to the widespread hiring crisis facing IT. The Skillsoft IT Skills and Salary Report noted that 76 percent of IT organizations are facing critical skills gaps, and the InfoSec IT and Security Pipeline survey found that 92 percent of respondents found it very difficult to fill open cyber security positions. 

Many companies are lowering their requirements for top positions due to hiring stress. For example, most would prefer candidates holding coveted certificates such as: 

  • Google Certified Data Engineer
  • Google Certified Professional Cloud Architect
  • Amazon Web Services (AWS) Certified Solutions Architect – Associate
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Security Professional (CISSP)

All of these are on the list of Top Paying IT Certifications from Global Knowledge. Each is worth $150,000 or more a year, with the last three being specific to security and risk management. 

Anyone holding one of these security certs is going to be on every headhunter’s shortlist, so many organizations have begun re-evaluating their hiring goals to look for alternative solutions that will still meet their needs.

Read more: IT Security Certifications You Need Today

The role of the virtual executive

To address these issues, several companies offer services that fall under the general banner of “technical leadership as a service.” They provide access to seasoned experts who provide C-suite expertise and guidance virtually for as many hours a week as the organization requires. Terms are flexible and it works on a subscription or retainer basis. 

Businesses offering CIO positions include Fortium Partners, Ntiva, and IT Support Guys, among many others. Some will just provide strategic input or advice. Others will negotiate contracts with other vendors and help in the product selection process. More than a few will function as part-time CIOs. 

vCISO providers include H2Cyber, Thrive, VARS, and Cynomi. They offer C-level assistance in devising and implementing strategies to prevent breaches, reduce risk, and mitigate the consequences of attacks. 

“A vCISO allows organizations to navigate through the increasing number of cybersecurity regulations by building a comprehensive cybersecurity program accounting for compliance and security,” said Paul Horn, Founder & CEO of H2Cyber. 

“Regulators will be looking to make sure you have basic cybersecurity measures in place to reduce the risk of a cyberattack as well as having required safeguards in place to protect client and customer information.”

In the long term, this solution is often much cheaper than hiring full-time employees. The trick is ensuring the vCIO is familiar with the business, the market it operates in, and the actual scene on the ground. Otherwise, the solutions offered may be too cookie-cutter for the organization at hand. 

Read next: Meeting Tech Talent Where They Are: An Interview with Clay Kellogg at Terminal

Drew Robb
Drew Robb
Drew Robb has been writing about IT and engineering for more than 25 years. Originally from Scotland, he now lives in Florida.

Latest Articles