“There are several options,” Penderick said. “There are entrepreneurs who offer VCISO consulting services to a small group of clients. They keep the burden on their clients to pay the burden they need to pay the bill. For people who consult with organizations, some people or worse, they are more like utility players. They are more like utility players. Then some people try to grow their brand and grow an organization and grow an organization.”
As customer load changes and new opportunities arise, any of these pathways may deform or change. But one of the universal themes in all the VCISOs we talk to put them in rooting this path, an opportunity to do diverse and fun work that constantly develops their skills.
“What happens when you work for an organization is that once a program is built, you start to stagnate,” Petraglia said. “For me, the job as a VCISO is much more exciting because there are always some new jobs. You have a new industry, you have a new company, you have a new culture, you have new and different challenges.”
What’s more, as a VCISO that controls your own destiny, you have more control over the working conditions and the working conditions and environment you work every day. Demoranville said that as a male-dominated security world, it could be particularly refreshing, explaining that as a VCISO outside of the organizational chart, she gets a political buffer and that if she does have toxic cultural problems, it’s easy to explain herself. “Working internally is much harder than working externally because as a consultant, you can leave,” she said. “When you work internally, it’s hard to leave.”
