Governance & Risk Management , Training & Security Leadership
Life as a 'Virtual CISO'Doug Copley Describes Serving as a CISO for Hire
Serving as a "virtual CISO" offers advantages as well as challenges, says Doug Copley, who's a CISO contractor for several healthcare sector entities.
"For me, there's a passion around helping organizations that really need some guidance and expertise for security and privacy," says Copley, who previously has held full-time positions as CIO, CISO and chief privacy officer in the healthcare and financial services industry.
"Some people like a lot of variety and change in terms of what they work on, and some people don't. I happen to be one of those people who enjoys working on a variety of things," he says in an interview with Information Security Media Group.
For instance, being able to work for a small entity and a large organization on different challenges at the same time "keeps my mind fresh," he notes.
Big vs. Small Entities
With different size organizations come different challenges, Copley says.
"It's easier for the smaller companies to implement newer technology, but they tend to lack maturity. They'll put [a technology] into place but haven't really spent the time to build processes around it to understand that maybe multiple people need to be involved," he says.
"From a process standpoint, the larger organizations tend to be more mature, but much, much slower in implementing [newer technologies]."
In the interview, Copley also discusses:
- The most promising but underutilized security technologies;
- Top cybersecurity challenges that healthcare sector organizations face;
- The various types of assignments he tackles as a virtual CISO, such as helping an entity establish an information security program, or playing an interim, supportive role before or after an organization hires a full-time CISO.
Copley provides guidance and coaching to entities who want part-time, expert guidance, mentoring or support for their security programs. He has more than 25 years of IT and security experience, including holding roles as CIO, CISO and chief privacy officer in the healthcare industry. He is the co-founder and past chairman of the Michigan Healthcare Cybersecurity Council.