Levels

Different CvCISOs can do different things for their clients in different situations. In the initial iteration of the CvCISO®  certification, there are four certification levels and one specialty certification: Level 1, Level 2, Level 3, and Expert. The Mentor designation is the certification specialty.

Certification means that the CvCISO®  has demonstrated they can fulfill the requirements necessary to perform the role well. Certification does not offer a guarantee that the CvCISO®  will perform the role well (a benefit that comes from the CvCISO®  community).

All CvCISO®  certifications have the following minimum requirements:

• Attend the SecurityStudio Certified virtual Chief Information Security Officer Course (CvCISO-1), including all classes.
• Complete all assignments from CvCISO-1
• Complete all quizzes in CvCISO-1
• Pass the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) exam.
• Maintain good standing within the CvCISO Community

Additional requirements for each CvCISO®  Level are summarized in the table below:

Level 1 is where the CvCISO journey starts. There are no additional experience requirements for CvCISO®  Level 1; however, there are some restrictions on the work that should be permitted to perform. A CvCISO®  Level 1 should NOT be permitted to lead vCISO work for any client, they should always work alongside or under the tutelage of a CvCISO®  Mentor.

A CvCISO®  Level 1 can progress to CvCISO®  Level 2 once they have met the additional requirements for CvCISO®  Level 2.

• No Experience Requirements
• Limited Engagement – Must Work with Mentor
  

The additional experience requirements for CvCISO®  Level 2 ensure that they can serve small organizations (up to 100 employees) without the need for a Mentor.

CvCISO®  Level 2 is a mid-level vCISO®  who should be able to manage information security in less complex environments and with customers who have minimally mature information security programs.

The experiential requirements for CvCISO®  Level 2 are:

• 1 year information security experience.
• 3 previous vCISO engagements.
• 6 months (.5 years) vCISO/CISO experience (w/Mentor is acceptable)

The primary purpose for CvCISO®  Level 1 and Level 2 is to introduce new people into the information security industry and help them progress in their vCISO work.

• Minimum Experience Requirements
• Limited Engagement – Small Organizations

Level 3 CvCISOs can work as a vCISO in all organizations; however, there are some additional training and experience requirements.

The experiential requirements for CvCISO®  Level 3 are in line with those of a Certified Information Systems Security Professional (CISSP®); however, the CvCISO®  Level 3 certification holder must also have previous vCISO experience.

Additional required training:

• Information Security in Complex Environments Course (CvCISO-E)
• Information Security Communications Course (CvCISO-C)
• Information Security Budget Justification Course (CvCISO-B)

The experiential requirements for CvCISO® Level 3 are:

• 5 years information security experience;
• 2 years managing infosec projects;
• 5 previous vCISO engagements and/or;
• 2 years vCISO/CISO experience

Note: A person who successfully completes the CvCISO-1 Course, passes the CvCISO-1 exam, and possesses the necessary experience for Level 3 or Level 4

A person certified at Level 3 should be fully capable and qualified to serve as a vCISO in complex environments across industry verticals.

• Additional Training Required
• Mid-Level Experience Requirements
• Unlimited Engagement
• Qualifies to become CvCISO®  Mentor

The most prestigious CvCISO®  certification level, a CvCISO®  Expert is truly an expert and has achieved a great accomplishment. CvCISO®  Experts are fully capable of helping the largest and most complex organizations, but they are also an extremely important part of our CvCISO®  community. A CvCISO®  Expert is esteemed and gives back to the community by being an active participant in the CvCISO®  program.

To become a CvCISO®  Expert, all the requirements for CvCISO®  Level 3 must be met, and the certification holder must complete the CvCISO®  Expert Interview. The CvCISO®  Expert Interview is a structured interview with other CvCISO®  Experts.

The experiential requirements for CvCISO®  Expert are:

• 10 years information security experience.
• 5 years management experience.
• 10 previous vCISO engagements.
• 3 years vCISO/CISO experience.

CvCISO®  Experts ultimately become the people who run the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO® ) Program.

• Additional Training Required
• CvCISO Expert Interview Required
• Expert Experience Requirements
• Unlimited Engagement
• Lead Direction of CvCISO Program

CvCISO®  Mentors are extremely capable vCISOs, but also possess the skills and desire necessary to mentor other vCISOs. CvCISO®  Mentors often work for organizations who are building and maintaining their own group of vCISOs.

Anyone can mentor a CvCISO® , but the CvCISO®  Mentor designation demonstrates that the certification holder is committed and credible to this important task.

To earn the CvCISO®  Mentor designation, a person must be CvCISO®  Level 3 (or higher) and successfully complete the Information Security Mentorship Course (CvCISO-M).

• Additional Training Required
• Mid-Level Experience Requirements
• Unlimited Engagement
• Mentors for CvCISO®  Level 1 and 2