How to Choose Virtual CISO (vCISO) Services: In-depth Guide

By Margaret Concannon | April 26, 2023
Margaret is the Content Marketing Manager at Ntiva, and has been a marketer for managed services providers since 2013.

Virtual CISO services (also called fractional CISO services) are a cost-effective way for small to midsize businesses to get the benefit of strategic IT guidance and cybersecurity expertise. 

In just a few hours per week, vCISOs can help you: 

  • Achieve and maintain compliance (e.g., HIPAA, CMMC, NIST)
  • Conduct a security risk assessment and prioritize solutions
  • Build a roadmap for achieving your security goals (including getting you in touch with the right services)
  • Set a budget and forecast future expenses
  • Communicate with your company’s executives about IT needs and your IT budget
  • Increase the security IQ of your entire organization (including passing on knowledge to your security team, training employees on security, and more)
  • Build a response plan in the event of a disaster

But not all virtual CISO consulting services are created equal. 

For example, some companies assign one of their security team members the role of vCISO because they want to provide the service and the individual has some experience with cybersecurity. Other vCISOs are certified by trusted third-party security organizations, e.g., (ISC)², EC-Council. These vCISOs are much more qualified to truly help you achieve compliance and secure your organization. 

In this guide, we discuss how to identify the right, qualified vCISO for your needs. Then, we’ll share a list of 11 companies who advertise vCISO services, starting with an in-depth look into our vCISO and IT support services at Ntiva. 

Table of Contents

Whether you’re looking for guidance for a specific project (e.g., CMMC compliance support) or for ongoing IT consulting, Ntiva can help. To learn more, book a consultation

How to Choose a vCISO Who’s Qualified to Help Your Organization

A woman working on her computer

It can be very difficult to vet CISO candidates by just reading information online. The best way to find the right match is to narrow your search down to IT companies with good reputations that also offer vCISO services and then interview their CISO team. 

(Learn more about how to choose the right remote IT support services here.)

Here’s a list of questions that will help you find a vCISO qualified to achieve your goals: 

  • Can they give examples of projects with similar goals and parameters (e.g., meeting compliance requirements in six months)?

  • Can they give examples of other jobs they’ve done that match the breadth and scale that you’re looking for (e.g., enterprise or small business)?

  • Can they give examples of times they’ve worked with companies in your industry?

  • How many years of experience does the vCISO have? How about the company as a whole?

  • What third-party certifications do they hold? (Anyone can give themselves the label of CISO, but you’ll want to work with third-party certified experts. Other qualifications to consider include CISSP for cybersecurity, CSSP for cloud solutions, PMP for project management, ITIL, and others.)

Beyond vetting the vCISO you’ll be working with, you also need to look at how well the company can enact the projects you have in mind. Some IT companies, like Ntiva, will be able to offer many of the solutions in-house. Others will be able to advise you on what you need and help you find providers who offer those services, but you’ll have to manage these services separately. 

Not only does this mean you’ll have to juggle more than one service provider, but costs are more likely to add up quickly. That’s why we recommend that you find an IT service provider that lets you manage general IT needs and cybersecurity needs from one place. 

Next, we’ll provide an overview of Ntiva’s services, but we encourage you to reach out to us to talk about your specific needs. We understand that no two companies are the same, which is why we provide custom solutions. 

Ntiva: Third-Party Certified vCISO and IT Support Services

Decorative image

Some managed service providers (MSPs) have only worked with a dozen companies for each use case and industry. With Ntiva, you get the benefit of working with our team who has supported hundreds of companies in several different industries with many different needs. 

Our vCISO staff has over 20 years of experience and is qualified by EC-Council, a leading expert in cybersecurity and CISO training and certifications. Our vCISO staff also holds many additional third-party certifications, including: 

Our cybersecurity experts will help you build the right information security program to protect your company and meet security regulations (e.g., GDPR, CMMC, PCI, HIPAA). 

Case Studies

An Architecture Firm Takes Advantage of vCIO Services

Streetsense, a fast growing firm, was struggling to integrate multiple, wide-spread teams. Although they had a small IT department, they needed an IT partner who could help them build a roadmap for growth while keeping the entire company on the same page and meeting industry regulations. In addition to taking advantage of Ntiva’s vCIO services for strategic planning, they also outsourced many of their IT needs to Ntiva including network monitoring, help desk, and more. 

“Every single company today is completely reliant on technology for growth and success. Companies who are technology enabled have a distinct competitive advantage."

— Ira Starr, Chief Administrative Officer, Streetsense

Click here to read the full case study.

A Small Financial Firm Migrates to a Hosted Cloud Solution While Maintaining SEC and FINRA Regulations

Two days before moving to a new office building, the team at Destra Capital realized there wouldn’t be room for their servers in the new space. Plus, although they had an in-house IT director, they felt it was time to bring in outside help in order to grow.  Ntiva helped them quickly migrate to the cloud so that they would fit into the new space and provided ongoing support while helping them maintain SEC and FINRA requirements. 

“We wanted to move to a managed service provider (MSP) that could handle all our services from an IT standpoint. Being a small company and having a bigger company like Ntiva, who provides us with our outsourced IT, was a great find. Their help desk is very responsive … We are not going to look for a different solution — this is a permanent solution for us.”

— James Yount, President and Senior Managing Director, Destra Capital

Click here to read the full case study. 

A Government Contractor Meets NIST and CMMC Regulations to Close DoD Contracts 

Paradyme only had one internal IT engineer but wanted to meet NIST and CMMC requirements in order to close deals with larger government agencies including the DoD. They lacked the expertise and did a cost analysis of what it would take to meet these requirements on their own and decided outsourcing was the right option. Ntiva stepped in and helped them become NIST and CMMC certified and continued to offer ongoing support. 

"One of the biggest advantages of working with Ntiva is they have a whole program for on-going cybersecurity education and training. Working with Ntiva and improving our compliance has opened up a lot of opportunities. Ntiva will help keep us ahead of new standards as they arise, so we'll always be protected.”

— Jocelyn Hsu, Paradyme Chief Administrative Officer

Click here to read the full case study. 

Healthcare Clinic Migrates to Cloud While Maintaining HIPAA Compliance

The Jackson Clinics were quickly acquiring new practices to keep up with demand. However, they weren’t sure which practices were meeting HIPAA requirements and each office had its own system for IT. They decided to call in IT experts at Ntiva to help them sort out and unite all their offices from an IT perspective.

Click here to read the full case study.

Private School Gains Strategic IT Planning After Server Outage 

An independent school in Maryland experienced a core network failure which left them without access to both internal servers and cloud-hosted applications. Ntiva quickly arrived onsite and helped them get back up and running. Then, we formed a long-term engagement with the school to protect against similar failures in the future. 

Click here to read the full case study. 

A Nonprofit Organization Updates Their IT Systems to Cut Costs

A nonprofit organization was spending too much on maintaining outdated IT systems and infrastructure. Ntiva helped them evaluate their current IT environment and helped them build a roadmap for updating their systems and streamlining processes, which resulted in an overall reduction of IT costs. 

Click here to read the full case study. 

Read more of our customer success stories here.

Security Services

Someone working on their computer with a secure badge displayed prominently across the screen.

Ntiva’s vCISO services are backed by an extensive team of security experts. Not only can we help advise you on options for improving your cybersecurity program, meeting security regulations, and more, but we can also implement and maintain the solutions we suggest. 

Here’s an overview of a few of our most common security services and features: 

  • Risk assessments. We recommend starting with a detailed audit of your current systems. This helps you know where your IT network is most vulnerable, what systems are working, and where there are opportunities to cut costs. Then, we help you build a roadmap to meet regulatory requirements and business objectives.

  • Security operations center (SOC) and vulnerability scanning. Ntiva’s team of security professionals evaluate and respond to any signs of suspicious activity. They also monitor your network 24/7 for signs of weaknesses and undetected attacks. Endpoint detection and response (listed below) and intrusion detection response are included when you sign up for our SOC services. 
  • Endpoint detection and response (EDR). EDR replaces the need for most antivirus software. Typical antivirus software relies on known definitions of malware, ransomware, and cyber attacks to block suspicious activity, and anything that doesn’t match one of those descriptions is let through. However, EDR uses AI and machine learning to detect signs of suspicious activity which allows it to identify new forms of attacks. If anything suspicious is found, our security operations team is notified.

  • Vulnerability scanning. Our team will search for vulnerabilities in your IT network on an ongoing basis and immediately take actions to remedy those vulnerabilities — before attackers can take advantage of them.

  • Penetration testing. Our team will simulate cyber attacks to determine if your IT network can be compromised by outside threats.

  • Phishing prevention training. Many cyberattacks are directed at employees. These attacks are made to look like legitimate sources so that your employees get tricked into sharing sensitive information or clicking on harmful links. Ntiva handles all aspects of phishing prevention training for your employees to increase security awareness. We create the training material, send out tests, follow up with failing students, and document the entire process for insurance purposes.

  • Data backup and disaster recovery. If a data breach or natural disaster occurs, it’s essential that vital data has been backed up recently and that you have a plan for recovery. Ntiva can help you decide what data needs to be backed up and how often. We can also help you design (and implement) a recovery plan, so that you can get up and running quickly after any disaster. 

Further reading: 6 Top Managed Security Service Providers (MSSP) Guide

Additional IT Services

An IT Service Technician at work

Ntiva can also provide IT support beyond security services. While some companies have different IT providers for cybersecurity and day-to-day IT needs (e.g., help desk), it’s more cost-effective and efficient to manage all aspects of your IT with one provider. Plus, working with just one IT provider ensures that nothing gets missed or responsibilities don’t get pushed off to the other provider.  

Here’s an overview of a few of our more popular general IT services. We offer many more so we encourage you to reach out to see how Ntiva can help you get the IT support you need. 

  • 24/7 technician help desk. Many help desk managed services are run by non-technical representatives who simply create a ticket for you and assure you a technician will call you back soon. At Ntiva, we have experienced technicians available on-demand so that you can start troubleshooting your issue immediately. Calls are answered in less than one minute, on average, and 75% of issues get resolved on the first call.

  • Onsite support. Ntiva has offices in many large cities across the United States, but we also partner with smaller MSPs to provide fast, local support no matter where you’re located. Our technicians can typically arrive onsite within the same day, and, in some cities, within the hour.

  • Microsoft support. Ntiva has a large department of experienced IT professionals dedicated to servicing Microsoft products from Azure to Teams. Whatever Microsoft solutions you’re currently using or want to start using, we can help. Ntiva was a Microsoft Gold Partner until Microsoft revised their partner certification process. We’re in the process of re-certifying under the new standards.

  • Apple support. Many MSPs try to use Microsoft tools on Apple products. While this can work for some features, eventually the solution will break or there will be a problem that can’t be fixed with Microsoft tools. That’s why Ntiva technicians use Apple-native tools on Apple devices. This lets us provide long-lasting, user-friendly solutions for any Apple product.

  • Cloud solutions. Many companies end up juggling multiple cloud service providers in order to get the cloud solutions they need (e.g., data backup, desktop-as-a-service). With Ntiva, you can manage all your cloud needs with one provider. Plus, we offer our cloud solutions for a flat-rate fee rather than by bandwidth. 

Visit our pricing page for more details.

With over 20 years of experience working with companies of all sizes in all industries, Ntiva can help you with all your IT needs. Book a consultation to learn more.

11 IT Companies with vCISO Services

For many IT support companies, the details of their vCISO services (i.e., credentials, industry experience) are not readily available on their website. So, you’ll need to contact any companies that you’re interested in working with and ask them questions about the areas we mentioned above.   

  1. Ntiva: A managed IT services company that was designed to meet all your IT needs from vCISO services to a responsive help desk.

  2. Kroll: A risk and financial advisory company that focuses on GRC, valuation, and security consulting. 

  3. Dataprise: A managed IT service provider that offers a wide range of IT services including vCISO services.

  4. Systech: A cybersecurity company solely focused on security consulting and cyber threat management.

  5. vCISO Services, LLC: A small IT firm that provides virtual Chief Information Security Officer services exclusively and only serves small and medium-sized businesses.

  6. Guidepoint Security: A IT security company that offers a range of fully managed security services for cloud solutions, physical infrastructure, security breach remediation, and more.

  7. Fractional CISO: A company focused entirely on providing part-time vCISOs that replace the need for full-time CISOs so you can prepare for SOC 2 and ISO 27001 audits, conduct risk assessments, and create a detailed IT security program.

  8. Accenture: A digital transformation company that also offers IT security consulting and support.

  9. HCL Technologies: An IT support company that provides many fully managed IT services and security consulting.

  10. StratusPointIT: An end-to-end IT service provider with a full suite of advisory services from evaluating your security posture to incident response planning. 

  11. FRSecure: An information security company with a wide range of cyber risk assessment, risk management, and security consulting services.  

To learn how Ntiva can help you stay competitive in your industry and grow your business with technology, book a consultation.

Tags: Cybersecurity