Exclusive: RFA to Offer Virtual CISO Services

Exclusive: RFA to Offer Virtual CISO Services

By Chris Matthews, HFM Technology

Technology advisory and security firm Richard Fleischman & Associates (RFA) is set to roll-out a new ‘virtual CISO’ service for hedge funds and financial services firms in North America and Europe, HFMTechnology has learned. {private}

The new offering will be available as an on-going engagement whereby a firm can utilise a chief information security officer internally, and on a ‘consultancy-on-demand’ basis.

Michael Asher, chief information officer at the New York-headquartered firm told HFMTechnology it was “logical” given the difficulty for many firms in hiring a permanent security officer.

“Most firms are not large enough to make an investment and hire a full-time CISO to manage security processes for them,” he said.

“We will be offering two virtual CISO services; one will be as a reoccurring engagement where a client will get services on say a quarterly basis direct from a CISO, and the other will be consultancy-on-demand where it is an explanation of the security landscape and how the firm shapes up alongside everyone else in the industry.”

RFA, who work with over 520 clients globally, have partnered with an external security company to offer the service in order to leverage the experience of CISOs operating in different industries.

Currently providing numerous advisory, managed services, cloud and disaster recovery services, Asher said the new service will be made available to firm – including non-RFA clients – later this month.

The new service will also offer assessments of the vendors and external security products being used by hedge funds.

He said: “It is a natural evolution. As this drive for added security, intrusion detection systems, constant threat monitoring, and protection started to become standard practice last year, people immediately realised there should be a process of checks and balances.

“Sometimes firms hire third party consultants and they provide scans, reports and assessments but at the end of the day you need a high level security person to come in and explain what that means to the firm, not just from the technical aspect but on a level for the financial personnel.”

However, Asher said that he believed the virtual CISO function would be complimentary to existing security companies in the industry.

“It is almost unethical for a network security vendor to provide assessments of those very services and so we are complimentary to the security providers already in the industry,” he added.

The news comes just months after RFA announced the opening of its London office which is set to be officially launched on 25 February. [/private]

Published in HFM Technology, February 12, 2015