“There are a couple of alternatives,” says Pendrick. “There’re the solopreneurs that provide vCISO consulting services to a small group of clients. They keep their client load just what they need to cover the bills. Theres’s folks that work for a consulting organization — for better or for worse — and they are more like the utility players. And then there are those that are trying to grow a brand of their own and grow an organization.”
Any one of those paths may morph or change for a vCISO as their client loads shift and new opportunities crop up. But one of the prevailing themes among all of the vCISOs we spoke with that keeps them rooted in this path is the opportunity for varied and interesting work that constantly flexes their skills.
“When you work for one organization what happens is you start to get stagnant once you build out a program,” says Petraglia. “To me, working as a vCISO is a lot more exciting because there’s always something new to work on. You have a new industry, you have new company, you have new culture, you have new and different challenges to face.”
What’s more, as a vCISO you control your own destiny, and you have much more control over the working conditions and the environment you work in on a day-in and day-out basis. As a woman in the male-dominated world of security this can be especially refreshing, says Demoranville, who explains that as a vCISO outside of the organization chart she’s buffered from politics and if she does run into toxic culture issues, it is easy enough to extricate herself. “Working internally is more difficult than externally because as a consultant you can leave if you want,” she says. “When you work internally it’s a lot harder to leave.”
