It may not be a revelation that security isn't a top priority for many organizations, but what about those companies that want to have a full-time CISO and simply cannot afford it? Enter the CISO "in residence" program in Howard County, Maryland.
The program, known as HOCO CISO, is currently providing "virtual" CISOs that offer security guidance to member companies of the Howard Tech Council (HTC) that do not have their own CSO or CPO. All organizations have to do is submit a request for counsel from the program, and one of the virtual CISOs on call will contact them to discuss a strategic security approach.
According to Jason Taule, CSO/CPO of Fei systems and one of the creators of HOCO CISO, the program came into existence as a result of increasing awareness. But with that said, the place and timing had something to do with it, too.
"The world has woken up," said Taule. "People have been saying 'something changed' in the wake of Target, but that's not true. This has been going on forever. People just finally woke up." And Howard County is a perfect place to launch a program like HOCO CISO, given that it's "cyber central," as he called it.
The program, which underwent a soft launch just prior to this year's RSA Conference, is made possible entirely through volunteer work. The Howard Tech Council has an affinity group known as HACKIT (Howard County Affinity for Cyber Knowledge and Intelligence Technologies/Talks), and the leaders of the group serve as the virtual CISOs that provide consultations.
"Every one of our virtual CISOs works on a volunteer basis," said Taule. "The intent here is to provide this guidance at essentially no cost. It's all part of our mission to give back."
Patrick Wynn, executive director of the HTC, also stressed the importance of the program representing an intersection of the public and private sectors. "We've really shaken up how economic development authorities are engaging in the community," he said. "We're leveraging assets within the county that can be of great value within the business community."
The group of volunteers that make up the program's virtual CISO corps features no shortage of talent. With members from organizations such as AT&T, The Allegis Group, and even a former employee from the Department of the Interior, those who contact the HOCO CISO program know they're receiving legitimate counsel.
The program is currently operating on a 6 month roadmap, which has thus far produced features such a website, office hours, and a web document that can be filled out and sent to a CISO with questions. But just because the HOCO CISO program is on a short-term roadmap now doesn't mean its creators don't have their eyes set on the future. Wynn stated that new features would continue to be introduced, though he declined to say what specifically.
Sign up for CIO Asia eNewsletters.