Many companies are freezing their hiring because of the pandemic. Unfortunately, now is a risky, uncertain time to add FTE employees.
A solution could be Virtual Cybersecurity Professionals (VCP). VCPs are the latest trend in cybersecurity hiring, bringing additional cybersecurity talent at a fraction of the cost, without requiring office-space, benefits, or training. VCP don’t require onboarding, and they can hit the ground running.
VCP are not traditional employees that require significant investment, nor are they consultants who are foreign and not part of your team. They are somewhere in between.
A VCP can be procured by days – you can hire a VCP for Monday and Tuesday each week, for example – or for a certain number of hours each week. VCPs typically work remotely, but schedule time on-site at least quarterly, or more often, as your budget and needs require.
There are downsides to VCPs. Like all cybersecurity talent, VCPs are still in high demand, as their time is still limited. Although they are easier to find than top-quality employees, it still can be difficult to find a quality VCP.
When you find a good VCP, it’s important to retain them before their schedules are full and like an employee, personality and team chemistry are important. Although they are remote, it is important that your VCPs fit your organization’s culture and get along well with the team.
VCPs are not an entirely new concept. Companies for some time have been hiring vCISOs because quality CISOs are difficult to find and expensive. Virtual CISOs have proven cheaper and with a quick time-to-value. They don’t require office space, benefits, training, or a long onboarding process. They are ready to go immediately. However, the concept is ready to expand.
The pandemic seems to be expanding this need to a wider range of security tasks. Staff are separated, budgets are tight, but viruses don’t respect deadlines. Projects still need to be completed despite today’s difficult environment.
Whereas previously, the VCP concept was reserved mostly for vCISOs, times have changed and the concept is ready to be deployed for various types of roles. This might be a Cybersecurity Compliance Director who ensures the company is aligned with NIST 800-53, FedRAMP, or HITRUST, or prepared for the 2020 CMMC audits. It might be a Privacy Officer who ensures the company is abiding by GDPR, CCPA, or new the privacy laws of Texas or Nevada, ensuring that the company can keep doing business in those states. It could be setting up an incident response program, a SOC or a SIEM, or a disaster plan. Or maybe a pentester, AI/ML expert, or cryptographer.
The possibilities are numerous. During these difficult times, freelancers and consultants would be wise to offer VCP service plans, and companies would be wise to utilize VCPs.