Carlota’s Way: Sage vCISO Advice

Carlota Sage, vCISO

Carlota Sage, vCISO

Once upon a time, I wanted to be a CIO.

At that point, I had spent my 15+ years in tech bouncing between IT Operations and Support Operations, and I found that the leaders I appreciated most – the ones I most wanted to emulate – were the CIOs. The best CIOs were tech savvy, business savvy, and had a high level of empathy, and I wanted to grow up to be like them. So you might say I have a soft spot for CIOs.

I also have a soft spot for small to mid-sized companies. When I give talks at conferences, I usually point out that we always hear about the Fortune 500 crowd. And while that’s incredibly valuable, it’s important to remember that there are only five hundred Fortune 500 companies. We need to hear more from the 5.5+ MILLION businesses with less than 500 employees, nearly 90% of which have less than 100 employees.

So, yes, I wanted to be a CIO for a sub-500 person company…until I found cybersecurity. That was more than a soft spot, it was a calling, and it has led me down a very different path. Now I’m the virtual CISO for eight sub-500 person organizations. Sometimes I’m lucky enough to work with a talented CIO.

What’s a Virtual CISO? You may be familiar with the Chief Information Security Officer (CISO) role – a strategist dedicated to cybersecurity and risk management within an organization. A virtual or fractional CISO is the same, but for companies that recognize the need for a security and risk management strategy long before they have the need for, and perhaps long before they can afford, a full-time CISO.

What does all this mean to you? If you’re reading this, I’m hoping you’re the CIO of a small to mid-sized organization. For the next few months, I’ll be writing about all the things you as a CIO can do to secure your organization before you engage a security professional. I want you to be the security-forward CIOs of middle America. I feel it’s critical that every leader in the C-suite understands the basics of information security, and I’m hoping by sharing my knowledge with you, you’ll help educate your peers.

Over the next few months, we’ll look at security basics for small to mid-sized companies. I’ll describe things you can do to choose new or secure existing tools, such as Google Workplace, Microsoft O365, Amazon Web Services, Google Cloud Platform and other common platforms. I’ll also describe the things you can do to build a solid cybersecurity foundation for your organization even before you engage a security professional. Finally, I’ll tell you how to choose an internal or external security professional to help you grow your cybersecurity program.

— Carlota Sage

Connect with Carlota and other technology leaders on our IT Slack channel for more cybersecurity peer knowledge sharing, and networking.