"We are going to be offering even more down the road — all volunteer leadership — incrementally," he said. And given that the services and the program are entirely demand driven, it doesn't appear that HOCO CISO will be slowing down any time soon.
"We'll stop delivering services when companies stop having these problems," said Taule, who added that as the program gained more volunteer CISOs to provide counsel, they could start getting rotated in and out to bring new members into the fold.
In terms of the type of consultations that organizations will receive from the virtual CISOs, the advice is intended to help stroke that perfect balance between strong protection and optimizing security spending. The advice is the key here, not specific security services; if a company is looking to have some pen testing done, for example, the virtual CISO's role would be to put them in touch with the companies that provide that type of service.
"We're offering a service where we say, 'Whether you can afford it or not, we're going to point you to them," said Wynn.
"A lot people are talking about how some of the old school defense products are no longer able to withstand a challenge," said Taule. "So what do we do now? Is the timing right [to invest in new services]? Is this necessary? Those are the types of questions that we're going to be helping out with."
The services provided by the HOCO CISO program are especially ideal for smaller companies that have to thoroughly consider every expense, down to the penny.
"We can help them save money they're not yet wasting," said Taule. And therein lies the appeal of the program.
"We look at all of these young entrepreneurs who are focusing on building partnerships and gathering clients, etc.," said Wynn, "but what they're not doing is putting processes in to protect the crown jewels. We're not just being a response mechanism, but a platform for education to help folks understand these issues."
But the appeal extends across all companies, small and large, with or without CISOs, simply because of the opportunity to optimize.
"We were helping those who didn't have a CSO in place," said Taule. "But regardless of what a person's title is, their biggest challenge is convincing boards that they need to maximize and conserve precious funds. So even companies with CSOs would still rather use this program to save money."
Additionally, the program and its virtual CISOs serve as a second opinion, and an objective one, at that. "It's validation," said Taule. "How do I get the best bang for my buck? I've convinced my board to give me money for security, how can I best spend it."
Sign up for MIS Asia eNewsletters.