VCISO: How We Help “Fix It” the risk3sixty Way

In the vCISO service line at risk3sixty, we see early on in engagements that many of our clients have found themselves caught in a break/fix cycle, which reminded me of an old SNL skit.

If you’re not familiar with Saturday Night Live, it’s a sketch comedy show that has a segment called “Weekend Update,” which is a satirical take on the nightly news. This particular segment featured the financial expert, Oscar Rogers, who went on to describe how we could erase the nation’s debt and get government spending under control by following these simple steps:


Identify a problem… Fix It! Identify another problem… Fix It! Repeat as necessary until it’s all Fixed!”

– Oscar Rogers

As ridiculous as Mr. Rogers’s advice may sound, I realized that we have all been lured into this trap while implementing and managing systems or building out governing security programs: we identify a problem, fix it, identify another problem, fix it.

But, despite all our efforts, we find that we have not been able to ensure that it’s all fixed, and often we are fixing the same problem over and over again.

So how do we regroup, mobilize, and implement a well-rounded and scalable security program that is built to last? How We Help Fix It – The risk3sixty Way

First, we take a step back and make sure that we have a holistic understanding of exactly what our clients’ business objectives are, and how we can leverage a well-rounded security program to drive these initiatives forward.

In some cases, we find that the appropriate technical solutions are already in place, but the organization hasn’t adopted them as expected, they’re not configured properly, or what’s truly important to the business has not been considered during the implementation process.

With each of our vCISO engagements, we have a playbook we work from to assist in building out an effective and scalable information security program. The playbook involves independent workstreams including but not limited to the following:

  • Information Security Baseline Assessment
  • Information Security Training
  • Logical and Physical Access Reviews
  • Risk Management
  • Incident Management
  • Business Impact Assessment (BIA)
  • Business Continuity Plan (BCP)

The playbook is tried and true, and it helps our clients implement the solid foundation every information security program needs to be successful.

This foundation is the key to streamlining compliance operations, it can shorten sales cycles, and in many cases, it can result in a competitive advantage for the organization.

However, what’s just as important—if not more important – than these structured workstreams, is the business!

Making It Personal

We are intentional about learning and understanding your business, what’s important to it, what it excels at, what it struggles with, what risks it’s faced with, and what its short and long-term goals are.

Once we have all the necessary context, we start to put together a strategic plan that leverages each of these unique workstreams to help drive business objectives. So rather than identifying a problem, fixing it, and repeating the process over and over, we focus on building a program that helps facilitate growth and eliminate roadblocks for good.

What’s Next?

If you are interested in learning more, check out this whitepaper on Single Framework Strategy.

Share to


Share to

Like our content? Subscribe and stay informed.