- How was your last experience as an outsourced CISO?
The experience was very enriching. The mission, by its very nature, calls for a lot of knowledge and a lot of exchanges. It requires a certain period of acclimatization; but afterwards, it's very gratifying to be able to see the results of one's actions, both technically and in terms of the teams.
- What were your main assignments?
My service was based around 2 main missions, namely security incident management / IS monitoring using the SIEM tool, and security in public procurement. The latter involves validating the SSI level of service providers, and often dialoguing with them to find compromises, solutions and commitments on their part. I've also had to manage a few crises, mainly targeted phishing campaigns.
- What are the benefits of this service?
In human terms, an outsourced CISO assignment is halfway between a fixed-price assignment and a project-based assignment. It's an assignment with the same customer. As a result, you get to build relationships with the customer's teams, who become almost like colleagues. We get to work on long-term projects, getting to the heart of the matter.
For the customer, using an outsourced CISO means benefiting from an external view and our cyber expertise, as well as flexibility.
An outsourced CISO has previously worked on several assignments, in different contexts and with a variety of customers, enriching his or her experience. Beyond the person's skills, cela permet aussi de bénéficier des compétences d’AlgoSecure. I regularly exchange views with my colleagues on highly technical subjects.
It can also support in-house teams on clearly identified projects or provide day-to-day support.
In some cases, an outsourced CISO can provide greater objectivity. For example, the political aspect of the function can be avoided thanks to the detachment that outsourcing allows. What's more, as I've seen, certain messages conveyed by an external CISO can be better heard and accepted by teams and top management.
- What were the main difficulties you faced?
I wouldn't call them difficulties, but rather challenges. The challenge here is to reconcile and find a balance between the two worlds to which you simultaneously belong. But with a little organization, you can manage.
- Who would you recommend this type of mission to?
I'd recommend this type of assignment to any company or organization that has already launched a cybersecurity policy. To be effective, it seems to me that certain foundations need to be laid before calling in an outsourced CISO.
À propos : Le blog d'AlgoSecure est un espace sur lequel notre équipe toute entière peut s'exprimer. Notre personnel marketing et commercial vous donne des informations sur la vie et l'évolution de notre société spécialisée en sécurité sur Lyon. Nos consultants techniques, entre deux tests d'intrusion ou analyses de risque, vous donnent leur avis ainsi que des détails techniques sur l'exploitation d'une faille de sécurité informatique. Ils vous expliqueront également comment sécuriser votre système d'informations ou vos usages informatiques particuliers, avec autant de méthodologie et de pédagogie que possible. Vous souhaitez retrouver sur ce blog des informations spécifiques sur certains sujets techniques ? N'hésitez pas à nous en faire part via notre formulaire de contact, nous lirons vos idées avec attention. Laissez-vous guider par nos rédacteurs : Alessio, Alexandre, Amine, Anas, Arnaud, Benjamin, Damien, Enzo, Eugénie, Fabien, Françoise, Gilles, Henri, Hicham, Jean-Charles, Jean-Philippe, Jonathan, Joël, Joëlie, Julien, Jéromine, Lucas, Ludovic, Lyse, Matt, Nancy, Natacha, Nicolas, Pierre, PierreG, Quentin, QuentinR, Sébastien, Tristan, Yann, Yannick, et bonne visite !