Big News: FounderDating is joining OneVest to build the largest community for entrepreneurs. Details here
Latest Notifications
You have no recent recommendations.
Name
Title
 
MiniBio
FOLLOW
Title
 Followers
FOLLOW TOPIC

Question goes here

1,300 Followers

  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur
  • Name
    Entrepreneur

How to find a Chief Security Officer to do some part time consulting?

We are an enterprise software company delivering SaaS and On Premise solutions. Everyday we are selling into larger and larger accounts and we are seeing more and more Fortune 100 and HIPAA customers. Now I am looking to provide my IT Manager with a Chief Security Officer as an outside consultant/advisor to begin reviewing and working with our team on all of our security policies and procedures, preparing better to speak to HIPAA requirements, etc. Any ideas on where I can find this sort of consultant? Has anyone done anything similar as a step prior to hiring an inside CSO role?

14 Replies

Lucas Jaz
0
0
Lucas Jaz Entrepreneur
Cofounder at Westeros
Hate to sound obvious, but have you looked at FD:Advisors? Obviously wouldn't be a consultant, but great for advisors and you can look by those expert areas...
Hovhannes Tumanyan
0
0
Hovhannes Tumanyan Entrepreneur • Advisor
CTO at Kiwi Crate
You may want to search on LinkedIn for security companies/startups - Shape Security, CyPhorge, Nok Nok Labs are just a few examples. Feel free to shoot me an message if you'd like introductions or advise (I used to be in security space for many years and even carried CISSP for a while).

Cheers,
Hovhannes
David Ward
1
0
David Ward Entrepreneur
Founder & CEO, Telegraph Hill Software
Hiring a consultant as a predecessor to a CSIO is pretty common for growing companies. I may have some options for you, particularly if you don't need someone on site, but can advise you remotely re HIPAA, PCI and other such related security requirements. Contact me directly if any interest.
Eleanor Carman
0
0
Eleanor Carman Entrepreneur • Advisor
Incoming BLP Sales Associate at LinkedIn
If advisors is what you're looking for, you should check out all the great advisors we have on FD. For those specific qualifications (CSO, SaaS, security policies, etc.) you can go into edit profile here, make sure "Find Advisors" is check marked in the I'm Looking To section, and then scroll down a little till you see the yellow box that asks what kind of skill sets you want potential advisors to have. Then you'll be matched with people that are actual experts in the topics you care about!
Barry Greene
1
0
Barry Greene Entrepreneur
Expert Advisor & Working Group Member at CyberGreen
I can see why you need some security help. I would look at a several of options:

1. Hire a security consultant that would be a mentor to your CxO team vs a CISO. Getting an extra person on the team has not been fixing the security issues networks are facing. Whole team mind shifts are needed to get people to rethink how everyone approaches their job.

2. Look for a security consultant who breaks down the problem and respects the knowledge within the team. For example, one day workshops that have one topic area and leads the workshop team through a discovery exersie. The objective is an action plan. Security "consulting" with no action plan is counter productive. Check out this as one example:http://www.getit.org/about/consulting-services/security-workshops/

3. Explore putting someone who deep security experience to be part of your adisory board. This is trading equity for experience that is high demand and cannot be cloned. The contracted advirory role would be to mentor the team.

And then there is the traditional model of hiring security consulting companies and trying to find experience CISOs. The security consulting companies would have people who have 3 years of security experience and call themselves "experts." Trying to find CISOs who have 10 years of security operations experience is close to impossible. Trusting vendors with their special "security widget tools" would be costly distractions. Hence, the recommendation to find someone who helps the organization "rethink," have all the CxOs ask about security, and invest in the team.
Oleksandr Andriyanov
0
0
American Programming Company at CEO
Barry is right, CISO is more than just a security expert - this is the person which can build a culture of security in the company.

For the very beginning it is enough to use just a IS expert or consultant.

PCI DSS certification or any other official compliances are normally made by certified companies or experts.

So, if you want - it's better to hire expert, perhaps part-time and afterwards step-by-step train him to be your CISO.

From another prospective, CISO is a normally very concerned executive, due to professional transformation, so it's not recommended to hire him while the business is growing - he can really block the existing processes in your company.

Indeed, part-time expert is highly recommended :)

Anyway, feel free to contact me directly if you would like to have more details.
Gaurav Garg
0
0
Gaurav Garg Entrepreneur
Vice President
I am strategy consultant focussed on Healthcare providers. HIPAA compliance is not a checklist.It requires a broader assessment of Depending on what you are looking for, I can make some introductions.I will caution against using digital security as a proxy (Identify and Access Management) as a proxy for HIPAA compliance.

In general, HIPAA compliance requires a broader perspective that will include infrastructure assessment, business processes review and people training. I published a framework for building HIPAA compliant Hybrid Cloud solution recently. The presentation is available on my LinkedIn profile (I am not sure if we are allowed to share outside links here or not).

I can introduce you other people as well who can be independent auditors.
Cheers!
Gaurav
Lee Grecs
0
0
Lee Grecs Entrepreneur
Senior Cyber Security Analyst
I'm in the cyber security field. Based on the networking that I do, security conferences are a great place to start (e.g., Blackhat and Defcon coming up and also RSA early next year). Other than that most security people network on Twitter. Also look in your local area for security organizations that have monthly meetups. Some possibilities are ISSA, ISCACA, OWASP, HTCIA, and InfraGard. Good luck.
My-Ngoc
0
0
Executive Vice President at Link Technologies
Brian, I would love to help you with this my firm, Secured IT Solutions, and I provide part-time, as-needed, and/or interim CISO consulting. My cell is [removed to protect privacy] if you would like to talk. I hope to be able to help you with your need. Sent from my iPhone
Brian Milnes
0
0
Brian Milnes Entrepreneur
CIO and VP Business Dev at XBRLCloud
My company validates 10K/10Q filings for a large section of the US SEC filers, so I have very solid experience with very high security applications. HIPPA on the other hand is more complicated, poorly understood and fairly randomly applied. I'd split the roles if I were you, into security and HIPPA compliance.

Please feel free to have your IT manager and CTO contact me and I'll give the standard advice. They're really very divergent processes.

Join FounderDating to participate in the discussion
Nothing gets posted to LinkedIn and your information will not be shared.

Just a few more details please.

DO: Start a discussion, share a resource, or ask a question related to entrepreneurship.
DON'T: Post about prohibited topics such as recruiting, cofounder wanted, check out my product
or feedback on the FD site (you can send this to us directly info@founderdating.com).
See the Community Code of Conduct for more details.

Title

Give your question or discussion topic a great title, make it catchy and succinct.

Details

Make sure what you're about to say is specific and relevant - you'll get better responses.

Topics

Tag your discussion so you get more relevant responses.

Question goes here

1,300 Followers

  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
  • Name
    Details
Know someone who should answer this question? Enter their email below
Stay current and follow these discussion topics?