What We Do ...
The Rise of the Fractional (Virtual) CISO
New cybersecurity threats from around the world are introduced daily, and could significantly and negatively impact any and every business. Evolving compliance and privacy requirements (i.e. PCI, HIPAA, GDPR, etc.) further complicate those challenges. All businesses are just as susceptible to these threats and requirements, however not every business has the same level of resources to adequately deal with them.
While the Chief Information Security Officer (CISO) has been a fixture in many business sectors for more than a decade, the title has only recently begun to share the spotlight with CIO’s, CFO’s, and CEO’s. It is now more clear than ever that protecting information and information systems, as well as customer and employee privacy and confidentiality, is a critical and fundamental component of any organization’s operation. Fortunately, the rise of the fractional (or virtual) CISO (vCISO) presents a cost-effective solution for companies looking for an alternative to a full-time employee.
So, if like many small to mid-sized organizations and municipalities, you are challenged with limited resources and options to address these threats and compliance/privacy requirements, then you’ll want to understand more about our services … because CISO ToGo is here to help!
What is a vCISO?
A vCISO is just like a full-time, permanent Chief Information Security Officer. They help an organization strategize, plan, and execute a sound, robust and viable information security program. They combine the vision of executive leadership with the needs of securing the organization into a cohesive, actionable plan. There is no difference between a traditional full-time, permanent CISO and the vCISO, except that using a vCISO offers an organization the flexibility to customize the number of retained hours to fit your specific needs. The use of technology today affords us the opportunity to interact with various teams equally as seamlessly, whether on-site or remote.
Some of the tasks that may be expected of a CISO, which a vCISO can be equally effective with, include:
- Provide guidance and direction to the information security team
- Interacting with executive management
- Providing updates on the state of security in the organization to the Board
- Plan, write, and present policies, procedures, standards, and guidelines
- Incident response and event management
- Plan awareness training to share the information with the organization
- Design security infrastructure in alignment with direction from ‘the Board’
- Provide organization-wide guidance regarding industry specific compliance and privacy requirements (i.e. PCI, HIPAA, GDPR, etc.)
With CISO ToGo's vCISO program, your organization will be able to leverage the executive leadership skills of an experienced CISO ToGo security and compliance expert, who has practical real-world CISO experience … and at a fraction of the cost of hiring a full-time CISO! We will help to ensure your organization’s cybersecurity vigilance and readiness both now and in the future.
What does this mean for YOUR organization?
Cybersecurity risk has long been the ‘elephant in the room’. Everyone knows it. Everyone sees it. You think you can’t avoid it, so we pretend it isn’t happening, until it does! What is “it”? “It” is a cybersecurity event … an INCIDENT!
A CISO plans for these kinds of events. A vCISO makes the same plans, anticipates issues and problems, and gets the backing of executive management to execute those plans ... the primary difference being that they may not maintain a constant physical presence ‘at the office’ ... but they ARE always on guard!
Small to mid-sized businesses, and municipalities, have long relied on outsourcing to close gaps in business capabilities. From HR, to payroll, to creative/marketing, to IT … organizations have learned to leverage the expertise of outsourcing providers to supply these critical services, when hiring someone full time might prove to be cost prohibitive, and even counterproductive.
The same can now be said for hiring a vCISO. In the past, hiring senior leadership (CEO, CFO, CIO, CISO, etc.) required an exhaustive search, but every day without senior security leadership in place is a day closer to a potential catastrophic event.
Why not let CISO ToGo fill that void for you ... affordably and effectively!
Services ...
Advisory Services
Consultative Services
Consultative Services
Provides a trusted senior security adviser to help guide your organization through the construction of an information security program.
This service introduces the tenets of cybersecurity to the organization, and includes an assessment of both current capabilities and gaps. This assessment can be structured to include repeatable annual
Provides a trusted senior security adviser to help guide your organization through the construction of an information security program.
This service introduces the tenets of cybersecurity to the organization, and includes an assessment of both current capabilities and gaps. This assessment can be structured to include repeatable annual reviews, to ensure that consistent progress is made in establishing and maintaining an effective cybersecurity program.
This tier is intended for the organization that would like advice on what they need to do with a watchful eye being kept to stay on task.
Consultative Services
Consultative Services
Consultative Services
Includes everything identified in the Advisory Services, plus ...
We begin to assist you with the construction and management of your information security program with a more hands on approach.
This service begins the process of having our skilled information security team not only advising you on the building and maintenance of the secu
Includes everything identified in the Advisory Services, plus ...
We begin to assist you with the construction and management of your information security program with a more hands on approach.
This service begins the process of having our skilled information security team not only advising you on the building and maintenance of the security program but providing more hands-on support in the process.
This tier is for the organization that wants more assistance than the Advisory Service, as this service provides more hands-on support: assisting with the drafting of the security policy (for example) rather than providing critical advice on the policy.
Mentoring Services
Consultative Services
Mentoring Services
Can be combined with either/both the Advisory Services or Consultative Services above … or can be provided on a stand-alone basis.
This service is intended to work with, and mentor, a specifically identified member of your staff, who is intended to assume (at some point) all CISO responsibilities for your organization.
This tier is for
Can be combined with either/both the Advisory Services or Consultative Services above … or can be provided on a stand-alone basis.
This service is intended to work with, and mentor, a specifically identified member of your staff, who is intended to assume (at some point) all CISO responsibilities for your organization.
This tier is for the organization that realizes they need contracted vCISO services now, but have a longer range goal of bringing those services back ‘in-house’ to a full-time resource and/or staff.
Our Leadership ...
Founder & CEO
Wade Richmond is the founder and CEO of CISO ToGo, a company that is the result of a long-held understanding that the growing level of global cybersecurity threats are no less impactful and critical for small to mid-sized organizations, than to large enterprises. The difference, however, is that small to mid-sized organizations are generally less capable of addressing these threats due to the resourcing available to fund and enable a comprehensive cybersecurity program.
Hence, the germination of the foundational ideas behind CISO ToGo … enabling small to mid-sized organizations the ability to have an experienced, motivated, and committed cybersecurity leader as part of their team, without the limiting burden of funding full-time resources to secure their data, systems, employees, customers and investors.
Prior to founding CISO ToGo, Wade had most recently worked as the full-time Chief Information Security Officer for such large enterprises as BJ’s Wholesale Clubs, Ahold USA, Sensata Technologies, GTECH Corporation, Citizens Financial Group and CVS Pharmacies. In these roles, he has been responsible for providing leadership and direction to all cybersecurity and IT risk efforts associated with information technology applications, communications and computing services. As such, Wade functioned as the “Face of Security” to senior management teams, business unit stakeholders, audit committees, and Boards of Directors.
He has been responsible for the development and management of corporate-wide cybersecurity programs, as well as the planning and execution of enterprise wide IT Risk Management strategies. In addition to Wade’s experience in cybersecurity, his over-33 years of experience in the IT field, also includes application development, complex field implementations, data center operations, infrastructure, technology risk management, and various aspects of technical support.
What People Are Saying ...
ADAM ANDERSON - Entrepreneur, Author, Speaker, Coach, and Founder & CEO @ Element Security Group
ROBIN SHAWVER - SVP of IT Global Supply Chain & Cust. Service Solutions @ Houghton Mifflin Harcourt
ROBIN SHAWVER - SVP of IT Global Supply Chain & Cust. Service Solutions @ Houghton Mifflin Harcourt
"Wade is a gifted Cyber Security Executive. He has the ability to see the big picture that drives business value and align Cyber Security Policy with the business in a way that enables, rather than hinders. While Wade is incredibly capable acting solo, he truly shines when working with other executives or a team. His ability to talk about complex Cyber Security Issues in clear, business terms, reduces the friction in the IT Alignment and Governance processes. He is also well equipped to advise Boards of Directors on their fiduciary responsibilities when it comes to cyber crime and the company's assets and customers. We have worked together on a number of projects and he is on my short list of people to call when I am facing complex issues that need creative, yet actionable, thinking."
ROBIN SHAWVER - SVP of IT Global Supply Chain & Cust. Service Solutions @ Houghton Mifflin Harcourt
ROBIN SHAWVER - SVP of IT Global Supply Chain & Cust. Service Solutions @ Houghton Mifflin Harcourt
ROBIN SHAWVER - SVP of IT Global Supply Chain & Cust. Service Solutions @ Houghton Mifflin Harcourt
"I had the pleasure of working with Wade for 3 years at BJ’s Wholesale Club. Wade was a great partner focused on improving risk and compliance processes that helped the business application and delivery teams proactively address security requirements. I consider Wade an expert CISO who is always looking for ways to apply advanced technology and processes for scalable risk mitigation. Wade built a high performing team at BJ’s and had strong peer relationships based on trust, mutual respect, and a willingness to seek win-win outcomes. I feel fortunate to have worked with Wade and hope our professional paths cross again in the future!"
SCOTT JOHNSON - VP of Infrastructure & Technology Solutions (former) @ BJ's Wholesale Club
ROBIN SHAWVER - SVP of IT Global Supply Chain & Cust. Service Solutions @ Houghton Mifflin Harcourt
SCOTT JOHNSON - VP of Infrastructure & Technology Solutions (former) @ BJ's Wholesale Club
"Wade is an outstanding CISO, colleague, business partner, and innovative leader. Wade has a unique ability to take some of the most complicated business and technology challenges bringing them to life through clear communications, smart planning, and strong leadership. His ability secure organizations while not stifling business growth and collaboration is fantastic! He is a true partner with the business helping blend security practices into initiatives from inception through steady state. Wade continues to analyze key innovations in the security field leveraging them in a very pragmatic successful manner. Wade is very gifted security leader who can drive success from any situation from cloud transformations to retail revitalization."
KATHY PHILLIPS - VP, Infrastructure @ Retail Business Services, an Ahold Delhaize company
KATHY PHILLIPS - VP, Infrastructure @ Retail Business Services, an Ahold Delhaize company
SCOTT JOHNSON - VP of Infrastructure & Technology Solutions (former) @ BJ's Wholesale Club
"Wade is a seasoned IT professional. Wade builds strong teams and fosters a culture of collaboration. He is vested in protecting the company's data and ensuring the environment is in compliance. He takes an approach that enables other domains to meet their goals. As a CISO - he had an attitude of "what can my team do" to make it work? Security and protection of an overall IT environment is a tough assignment, but Wade's knowledge and inclusive management style makes him a pleasure to work with under sometimes difficult circumstances."
MARTIN ALHIJANIAN - Director of Contracts & Legal @ SmashFly Technologies
KATHY PHILLIPS - VP, Infrastructure @ Retail Business Services, an Ahold Delhaize company
MARTIN ALHIJANIAN - Director of Contracts & Legal @ SmashFly Technologies
"Wade is a phenomenal IT and Security Manager who would add immediate, measurable value to any organization bright enough to hire him. He has the people skills to handle any internal or external customer meeting, and the technical skills to address any I.T. matter or strategy. His team had no retention issues at all; any I.T. group working for or with Wade will be motivated, happy, and knowledgeable in the latest issues. I am pleased to provide the highest possible recommendation."
KELLY REAGER - Vice President of Operations @ Modo Labs, Inc.
KATHY PHILLIPS - VP, Infrastructure @ Retail Business Services, an Ahold Delhaize company
MARTIN ALHIJANIAN - Director of Contracts & Legal @ SmashFly Technologies
"Wade was awesome to work with. He is a hard-worker that focuses on working intelligently while managing dates and resources. His team all liked him and respected his subject-matter knowledge. He understands well his impact on the financials, is a solid program/project manager and very practical in managing 3rd parties. I also appreciate his ability to separate work and life, and his desire to serve people outside the office. I would love to work with Wade again and consider him a friend and colleague that I would go to for help in any number of personal and professional areas."