Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


February 18, 2024 |

The vCISO Opportunity: How Your MSP Can Take Advantage

Security officer services are hot right now. Are you selling them?

It appears that 2024 will be the year of the virtual CISO.

A vCISO is a part-time or on-call chief information security officer. They typically are a good fit for SMBs that need security guidance and a way to deal with changing requirements, but don’t have the budget to hire a permanent CISO.

Many SMBs are turning to MSPs to satisfy their vCISO requirements. A staggering 86% of MSPs and MSSPs plan to offer vCISO solutions in 2024, up from only 5% in 2021, according to a recent survey by Cynomi.

Rick Norberg

Well-Positioned Opportunity

MSPs are in a unique position to provide comprehensive vCISO services. Since they have had to become security experts to keep customers safe, they know the lay of the land. They also know their customers well.  

Cost is another factor in MSPs’ favor. They know the customers’ businesses and already have good working relationships, so the administrative overhead is lower than for a consultancy. MSPs can even leverage efficiencies and economies of scale by bundling vCISO services with other services, explained Rick Norberg, CEO of Vertikal6, a managed IT services provider. 

“If we are already providing security services on top of our primary MSP offering, we already have a baseline for CISO services. It’s not like you’re starting from scratch with an initial assessment.” 

MSPs can sweeten the pot with combination discounts and incentives, in addition to giving clients the chance to amortize improvements over months.  

“Everything is negotiable,” said Ian Thornton-Trump, CISO at Octopi Managed Services.

Ian Thornton-Trump

These factors make an MSP’s vCISO opportunity as attractive for them as for their customers. Margins are similar to that of other MSP services, but the potential for extra business makes up for it, Norberg said. 

Even vCISOs outside of the MSP world understand that it makes sense to turn to an existing services provider for vCISO services, said Russell Eubanks, a faculty member at IANS Research, instructor at SANS Institute, and founder and CEO of Security Ever After. 

“If a company has a relationship with an MSP and they trust them, it likely feels safer to extend a relationship versus creating a new relationship.” 

Making the vCISO Play

There are two ways MSPs can prepare to offer vCISO services: Use a pre-built platform or develop a program on their own.

Russell Eubanks

The pre-built approach works through vendors like Cynomi or Vanta, software-based platforms aimed specifically at MSPs that provide everything from client management to billing help. They also help with automated compliance management, risk assessments and remediation workflows, continuous monitoring, and automated security training workflows. 

To advance beyond that, these platforms can help MSPs create their own offerings.  

Norberg is considering combining the platform approach as he reworks Vertikal6’s vCISO offering, which the company first began offering about two years ago after developing it independently, he noted.  

“Customers were asking for these services that were outside of the traditional services we had offered, so we started to engage in more in-depth conversations with them about security.” 

Vertikal6’s vCISO offerings initially were more ad hoc; Norberg wants to productize it in a more managed services way. His goal is to roll out the revamped vCISO offering in early 2024.  

Being a ‘Guide in the Wilderness’ 

Thornton-Smith also has learned quite a bit since Octopi Managed Services began providing vCISO services.  

One of his biggest lessons: Existing customers provide an easier pathway to market vCISO services because the relationship has been built.  

For example, a legal client that Octopi had been working with for a few years wanted to open a second branch and provide more flexibility around remote working. The customer turned to Octopi to ensure that the new set-up would pass compliance and security scrutiny. 

Through that back door, Octopi began providing vCISO services for that company, Thornton-Smith shared.  

“Customers want a guide in the wilderness to ensure security, and they know their MSP will provide a true partnership.”

Image: iStock

Editor’s Choice

Broadcom-VMware Shakeout: How the Channel Has Been Affected By the Big Industry Acquisition

April 11, 2024 |

Industry experts weigh in on the “messy breakup” that MSPs were left with after Broadcom’s acquisition of VMWare.

Selling Cybersecurity: How MSPs Can Become Crucial Partners in Managing Risk

March 27, 2024 | David Powell

MSPs should try to bring an end customer into the cybersecurity fold. Here are some ways to help drive that.

3 Questions with Ingram Micro’s Sanjib Sahoo on Integrating AI into Managed Services

March 25, 2024 |

Ingram Micro’s EVP and chief digital officer shares some insights on how MSPs can effectively integrate artificial intelligence into their business operations.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience