Different CvCISOs can do different things for their clients in different situations. In the initial iteration of the CvCISO® certification, there are four certification levels and one specialty certification: Level 1, Level 2, Level 3, and Expert. The Mentor designation is the certification specialty.
Certification means that the CvCISO® has demonstrated they can fulfill the requirements necessary to perform the role well. Certification does not offer a guarantee that the CvCISO® will perform the role well (a benefit that comes from the CvCISO® community).
Requirements – All Levels
All CvCISO® certifications have the following minimum requirements:
- Attend the SecurityStudio Certified virtual Chief Information Security Officer Course (CvCISO-1), including all classes.
- Complete all assignments from CvCISO-1
- Complete all quizzes in CvCISO-1
- Pass the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) exam.
- Maintain good standing within the CvCISO Community
Additional requirements for each CvCISO® Level are summarized in the table (below).
Level 1 is where the CvCISO journey starts. There are no additional experience requirements for CvCISO® Level 1; however, there are some restrictions on the work that should be permitted to perform. A CvCISO® Level 1 should NOT be permitted to lead vCISO work for any client, they should always work alongside or under the tutelage of a CvCISO® Mentor.
A CvCISO® Level 1 can progress to CvCISO® Level 2 once they have met the additional requirements for CvCISO® Level 2.
No Experience Requirements
Limited Engagement – Must Work with Mentor
The additional experience requirements for CvCISO® Level 2 ensure that they can serve small organizations (up to 100 employees) without the need for a Mentor.
CvCISO® Level 2 is a mid-level vCISO® who should be able to manage information security in less complex environments and with customers who have minimally mature information security programs.
The experiential requirements for CvCISO® Level 2 are:
- 1 year information security experience.
- 3 previous vCISO engagements.
- 6 months (.5 years) vCISO/CISO experience (w/Mentor is acceptable).
The primary purpose for CvCISO® Level 1 and Level 2 is to introduce new people into the information security industry and help them progress in their vCISO work.
Minimum Experience Requirements
Limited Engagement – Small Organizations
Level 3 CvCISOs can work as a vCISO in all organizations; however, there are some additional training and experience requirements.
The experiential requirements for CvCISO® Level 3 are in line with those of a Certified Information Systems Security Professional (CISSP®); however, the CvCISO® Level 3 certification holder must also have previous vCISO experience.
Additional Required Training:
- Information Security in Complex Environments Course (CvCISO-E)
- Information Security Communications Course (CvCISO-C)
- Information Security Budget Justification Course (CvCISO-B)
The experiential requirements for CvCISO® Level 3 are:
- 5 years information security experience;
- 2 years managing infosec projects;
- 5 previous vCISO engagements and/or;
- 2 years vCISO/CISO experience.
NOTE: A person who successfully completes the CvCISO-1 Course, passes the CvCISO-1 exam, and possesses the necessary experience for Level 3 or Level 4
A person certified at Level 3 should be fully capable and qualified to serve as a vCISO in complex environments across industry verticals.
Additional Training Required
Mid-Level Experience Requirements
Unlimited Engagement
Qualifies to become CvCISO® Mentor
The most prestigious CvCISO® certification level, a CvCISO® Expert is truly an expert and has achieved a great accomplishment. CvCISO® Experts are fully capable of helping the largest and most complex organizations, but they are also an extremely important part of our CvCISO® community. A CvCISO® Expert is esteemed and gives back to the community by being an active participant in the CvCISO® program.
To become a CvCISO® Expert, all the requirements for CvCISO® Level 3 must be met, and the certification holder must complete the CvCISO® Expert Interview. The CvCISO® Expert Interview is a structured interview with other CvCISO® Experts.
The experiential requirements for CvCISO® Expert are:
- 10 years information security experience.
- 5 years management experience.
- 10 previous vCISO engagements.
- 3 years vCISO/CISO experience.
CvCISO® Experts ultimately become the people who run the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO® ) Program.
Additional Training Required
CvCISO Expert Interview Required
Expert Experience Requirements
Unlimited Engagement
Lead Direction of CvCISO Program
CvCISO® Mentors are extremely capable vCISOs, but also possess the skills and desire necessary to mentor other vCISOs. CvCISO® Mentors often work for organizations who are building and maintaining their own group of vCISOs.
Anyone can mentor a CvCISO® , but the CvCISO® Mentor designation demonstrates that the certification holder is committed and credible to this important task.
To earn the CvCISO® Mentor designation, a person must be CvCISO® Level 3 (or higher) and successfully complete the Information Security Mentorship Course (CvCISO-M).
Additional Training Required
Mid-Level Experience Requirements
Unlimited Engagement
Mentors for CvCISO® Level 1 and 2