Become a Certified virtual Chief Information Security Officer (CvCISO®)
The certified standard for CISOs and vCISOs alike.
Certified virtual Chief Information Security Officer (CvCISO®) Program
Created by renowned information security veteran and expert Evan Francen. Read about him here.
Virtual Chief Information Security Officers (vCISOs) play an essential role in the protection of their customers, service to their peers, and contribution to the information security industry. The importance of the vCISO role has grown significantly in recent years and will continue to grow into the future.
- Cybersecurity risks are increasing at an alarming rate, both in terms of frequency and impact to victimized organizations. The frequency of cyber-attacks is estimated to double between 2021-2025 resulting in global damages (impact) of $10.5 trillion USD annually. To put damages in perspective, this is 12.4% of the current world economy, and if “cybercrime” were a country, it would have the third largest economy in the world behind the United States ($20.9 trillion) and China ($14.7 trillion).
-
Information security leadership talent is expensive. According to Salary.com, CISOs are paid an average annual salary of $227,009, and this cost is only expected to increase significantly with talent supply issues that are estimated to last through the foreseeable future. One study estimates a current global information security workforce shortage of 4.2 million people.
Cybersecurity risk is not going away, and neither will the ever-increasing need for information security leadership within organizations.
While we need more CISOs in our industry, the need for CISOs pales in comparison to the need for vCISOs when we consider that most organizations don’t have full time CISO needs and cannot afford the full time CISO price tag.
We need more vCISOs.
Purpose of the CvCISO® Program
SecurityStudio built the Certified virtual Chief Information Security Officer (CvCISO® ) Program to establish the industry standard for vCISO quality and qualifications, ultimately to best serve the community’s need for more vCISOs in the best manner possible.
Two more important purposes for the CvCISO® Program:
- Improve the quality of life for CvCISOs® through more opportunity, better benefits (productivity, accomplishment, pay, etc.), and more confidence in their abilities.
- Improve the quality of life for the people who hire CvCISOs® through more opportunity, better returns on cybersecurity investments, and greater confidence in their cybersecurity protection.
Developing more vCISOs is not the goal of the CvCISO® Program.
A vCISO who's poorly equipped to perform the role will likely cause more damage to the organization than had the organization not employed a vCISO in the first place.
The CvCISO® Program offers prestige to certification holders and assurance to those employ them.
We need more vCISOs who are qualified.
How the CvCISO® Program Works
The CvCISO® Program is more than certification, it’s a holistic program for vCISO development. There are four levels in the SecurityStudio CvCISO® Program, CvCISO® Level 1 through CvCISO® Expert.
There are no specific experiential pre-requisites for the CvCISO® Level 1, and there are extensive experiential requirements for a CvCISO® Expert.
The CvCISO® Program is for everyone who wishes to become a vCISO, regardless of what point they are at in their career.
Progressing through the four CvCISO levels is dependent upon training, experience, and collaboration with others in the CvCISO community. Training, experience, and community are each essential in certifying and maintaining the best vCISOs in the industry.
Training
All CvCISO® training starts with the official SecurityStudio Certified virtual Chief Information Security Officer Course (CvCISO-1). Additional courses will be required for CvCISOs® who wish to serve more complex organizations or in slightly different capacities.
Experience
There are experiential requirements for CvCISOs. Each CvCISO® level requires a different amount and type of experience as noted under each level.
Community
The value of community cannot be undersold. The CvCISO community is exclusive to CvCISOs and offers the opportunity for mentorship, validation, friendship, and career advancement.
CvCISO® Certification Levels
Different CvCISOs can do different things for their clients in different situations. In the initial iteration of the CvCISO® certification, there are four certification levels and one specialty certification: Level 1, Level 2, Level 3, and Expert. The Mentor designation is the certification specialty.
Certification means that the CvCISO® has demonstrated they can fulfill the requirements necessary to perform the role well. Certification does not offer a guarantee that the CvCISO® will perform the role well (a benefit that comes from the CvCISO® community).
Requirements – All Levels
All CvCISO® certifications have the following minimum requirements:
- Attend the SecurityStudio Certified virtual Chief Information Security Officer Course (CvCISO-1), including all classes.
- Complete all assignments from CvCISO-1
- Complete all quizzes in CvCISO-1
- Pass the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) exam.
- Maintain good standing within the CvCISO Community
Additional requirements for each CvCISO® Level are summarized in the table (below).
Level 1 is where the CvCISO journey starts. There are no additional experience requirements for CvCISO® Level 1; however, there are some restrictions on the work that should be permitted to perform. A CvCISO® Level 1 should NOT be permitted to lead vCISO work for any client, they should always work alongside or under the tutelage of a CvCISO® Mentor.
A CvCISO® Level 1 can progress to CvCISO® Level 2 once they have met the additional requirements for CvCISO® Level 2.
No Experience Requirements
Limited Engagement – Must Work with Mentor
The additional experience requirements for CvCISO® Level 2 ensure that they can serve small organizations (up to 100 employees) without the need for a Mentor.
CvCISO® Level 2 is a mid-level vCISO® who should be able to manage information security in less complex environments and with customers who have minimally mature information security programs.
The experiential requirements for CvCISO® Level 2 are:
- 1 year information security experience.
- 3 previous vCISO engagements.
- 6 months (.5 years) vCISO/CISO experience (w/Mentor is acceptable).
The primary purpose for CvCISO® Level 1 and Level 2 is to introduce new people into the information security industry and help them progress in their vCISO work.
Minimum Experience Requirements
Limited Engagement – Small Organizations
Level 3 CvCISOs can work as a vCISO in all organizations; however, there are some additional training and experience requirements.
The experiential requirements for CvCISO® Level 3 are in line with those of a Certified Information Systems Security Professional (CISSP®); however, the CvCISO® Level 3 certification holder must also have previous vCISO experience.
Additional Required Training:
- Information Security in Complex Environments Course (CvCISO-E)
- Information Security Communications Course (CvCISO-C)
- Information Security Budget Justification Course (CvCISO-B)
The experiential requirements for CvCISO® Level 3 are:
- 5 years information security experience;
- 2 years managing infosec projects;
- 5 previous vCISO engagements and/or;
- 2 years vCISO/CISO experience.
NOTE: A person who successfully completes the CvCISO-1 Course, passes the CvCISO-1 exam, and possesses the necessary experience for Level 3 or Level 4
A person certified at Level 3 should be fully capable and qualified to serve as a vCISO in complex environments across industry verticals.
Additional Training Required
Mid-Level Experience Requirements
Unlimited Engagement
Qualifies to become CvCISO® Mentor
The most prestigious CvCISO® certification level, a CvCISO® Expert is truly an expert and has achieved a great accomplishment. CvCISO® Experts are fully capable of helping the largest and most complex organizations, but they are also an extremely important part of our CvCISO® community. A CvCISO® Expert is esteemed and gives back to the community by being an active participant in the CvCISO® program.
To become a CvCISO® Expert, all the requirements for CvCISO® Level 3 must be met, and the certification holder must complete the CvCISO® Expert Interview. The CvCISO® Expert Interview is a structured interview with other CvCISO® Experts.
The experiential requirements for CvCISO® Expert are:
- 10 years information security experience.
- 5 years management experience.
- 10 previous vCISO engagements.
- 3 years vCISO/CISO experience.
CvCISO® Experts ultimately become the people who run the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO® ) Program.
Additional Training Required
CvCISO Expert Interview Required
Expert Experience Requirements
Unlimited Engagement
Lead Direction of CvCISO Program
CvCISO® Mentors are extremely capable vCISOs, but also possess the skills and desire necessary to mentor other vCISOs. CvCISO® Mentors often work for organizations who are building and maintaining their own group of vCISOs.
Anyone can mentor a CvCISO® , but the CvCISO® Mentor designation demonstrates that the certification holder is committed and credible to this important task.
To earn the CvCISO® Mentor designation, a person must be CvCISO® Level 3 (or higher) and successfully complete the Information Security Mentorship Course (CvCISO-M).
Additional Training Required
Mid-Level Experience Requirements
Unlimited Engagement
Mentors for CvCISO® Level 1 and 2
Training
The CvCISO Program was developed by Evan Francen, the founder and CEO of FRSecure and SecurityStudio. Over the 30+ years in the information security industry, Evan has served as a vCISO for more than 100 clients. For more information about Evan, check out his BIO.
All CvCISO training is provided by instructors with dozens of years of practical and real-world vCISO experience.
There are four training courses mentioned in the CvCISO Program training requirements:
- SecurityStudio Certified virtual Chief Information Security Officer Course (CvCISO-1)
- CvCISO Information Security in Complex Environments Course (CvCISO-E)
- CvCISO Information Security Communications Course (CvCISO-C)
- CvCISO Information Security Budget Justification Course (CvCISO-B)
- CvCISO Information Security Mentorship Course (CvCISO-M) - COMING SOON
The CvCISO-1 course is REQUIRED for all CvCISO certification Levels.
Stay with us!
Sign up for our newsletter to stay informed!
Upcoming Courses
-
$500.00*Managing Information Security in Complex Environments (CvCISO-E)
The official curriculum for Managing Information Security in Complex Environments (CvCISO-E) Level 3 Certification for the CvCISO Program.
-
$3,000.00CvCISO-1 Foundation Course - APRIL 2024
The official curriculum for all levels of the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) certification. SecurityStudio's CvCISO certification sets the first universal standard for vCISO excellence.
-
$3,000.00
CvCISO-1 Foundation Course - JULY 2024
The official curriculum for all levels of the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) certification. SecurityStudio's CvCISO certification sets the first universal standard for vCISO excellence.
-
$3,000.00
CvCISO-1 Foundation Course - OCTOBER 2024
The official curriculum for all levels of the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) certification. SecurityStudio's CvCISO certification sets the first universal standard for vCISO excellence.