The Role of a vCISO in Managing Cyber Risk: Q&A with Trava’s Mike Brooks: Part 1

“How do we deal with areas of risk?”

“Do we know for sure who has access to our data?”

“What do we do if we experience a cyber event?”

If you as a business leader are struggling to answer these questions, then a vCISO (virtual Chief InformationSecurity Officer) might be able to help.

Jon McLachlan, host of the SecurityPodcast of Silicon Valley, sat down with Trava’s Director of Cyber Risk Services, Mike Brooks, to talk about what inspired him to pursue a career in cybersecurity, explain the role of a vCISO, and create a sense of urgency about why cyber risk management and cyber insurance are more important than ever to small businesses.

Jon: What was your inspiration for pursuing your impressive career in the field of cybersecurity?

Mike: My father was a police officer, so I have had a respect and appreciation for law enforcement from a very young age. When I was serving in the military, I realized how much data military personnel have access to. And much of it is the “Top Secret” kind that you think about or see in movies! I learned what various levels of security clearance were and what that meant for accessing data. And I realized how important it was to protect that data.

Protecting data has become a theme throughout my career, and you’ll hear me mention it often.

From there, I had an opportunity to join the NSA (National Security Agency |Central Security Service). Now at Trava I’m helping businesses with comprehensive cyber risk management practices.

Jon: What is a vCISO and how do you see this role as filling a need in small businesses?

Mike: Many businesses know that they need a cyber risk management strategy but few have the resources to hire a full time Chief Information Security Officer—those are typically employed by enterprise level companies. Nor do they require it as a full-time role. A vCISO can serve as a virtual and fractional CISO that fills a specific need or needs for a small to medium-sized business. Some examples of what we do include:

§ Assessing the most critical areas of risk and then prioritizing action steps to address the issues.

§ Solutioning with a comprehensive cyber risk management approach.

§ Helping business leaders answer questions such as, “Are we doing everything we can to protect our data?” Even if you are, a cyber event is likely to happen anyway, and we make sure you are prepared with a plan.

Jon: Speaking of what to do if a cyber event happens, talk to us about cyber insurance. It’s becoming harder to get, right?

Mike: Yes, it is, and it’s driving proactive due diligence. That’s why it’s so important to do your part to prove that you have a comprehensive cyber risk management program in place. I see a future where, by using a predictive data modeling tool, like the one we have in development at Trava, we will be able to assign a cyber risk score. Like a FICO® score for insurance risk, so to speak.

In Part 2 of the interview between Jon McLachlan, host of the Security Podcast of Silicon Valley, and Trava’s Mike Brooks,Mike reveals how everything starts with protecting your data and why having a comprehensive cyber risk management program in place can give you a competitive edge.

Listen to the podcast for more insights about the role of the vCISO in a comprehensive risk management strategy. And contact us to learn about Trava's vCISO services.