Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
A common difference between CISOs and vCISOs is vCISOs’ need to context switch. Part of the job requires the ability to juggle multiple clients, their tasks and security roadmaps. This constant juggling, which is also known as “context switching” is a silent productivity killer. It can even cost a provider business sustainability and stunt future growth.
There are tools and technologies that can be used to provide vCISOs the solutions they need in order to avoid context switching and mitigate the challenges involved with managing multiple clients’ security. These tools can drive efficiency, help provide better security and compliance services and even create opportunities for scaling.
A context switch is when a computer’s operating system changes from executing one task to another. In order to accomplish this, the computer saves the state of the current task and loads the new one, so that the CPU can execute it. While this is a key feature of modern operating systems, it also has a negative impact on system performance.
Similarly, when humans go through the mental process of shifting focus from one task, topic, or activity to another quickly, it also negatively affects performance. We have to reorient our attention, recall details about the new task and re-engage with it. This could result in reduced productivity, increased errors, as well as stress and fatigue. This whole process is draining because our brains must drop the current task and pick up where we left off on the new one, creating a cognitive load. Some of our focus may remain tied to the previous task, slowing down performance on the new one, not to mention that it takes time to re-familiarize ourselves with the new task or context.
According to Gloria Mark, Professor in the Department of Informatics at the University of California, Irvine, it can take 23 minutes to refocus after a task switch. If you’re juggling multiple priorities, this adds up, resulting in fewer deliverables within the same time frame.
The diverse, dynamic and technological nature of security and compliance responsibilities makes context switching particularly challenging for vCISOs. For each client, vCISOs have to deal with unique tech stacks and product roadmaps, security technologies, tools and frameworks, risk tolerances, security maturity levels, threats and vulnerabilities, compliance regulations (if you’re working in different industries), security plans, stakeholders: IT, executives, auditors, strategic business priorities and culture.
Like any other external consultant, vCISOs work with multiple organizations, requiring the ability to hop between different clients, tasks and details.
This means that vCISOs need to be able to manage multiple concurrent security and compliance priorities. For example, incident response planning for one client, compliance reporting for another and strategic discussions with C-level executives for a third. All while adapting them to each organization’s risk appetite, business strategy, regulatory requirements, IT architecture and culture. They also need the ability to govern the use of multiple tools across different environments.
vCISOs need to uphold each client’s security posture and planning. This includes knowing the details of existing gaps, creating and managing the plan to overcome them and overseeing the progress. Just as importantly, vCISOs need to be able to adapt their communication, tone and technical depth style for each stakeholder in each company. This might mean interacting with dozens of people in a professional context on a weekly basis.
The cybersecurity field is evolving quickly, with new threats and vulnerabilities emerging daily. vCISOs need to be able to translate the impact of these risks to each client’s ecosystem, as well as the new tools and technologies evolving to address them. While these are all complexities in-house CISOs face as well, their focus is on one company. This means one CEO, one risk assessment to address, one architecture, one business culture and one security posture to improve. They hold the complete company picture and are immersed in it. vCISOs, on the other hand, deal with multiple such perspectives, and sometimes only have a limited view into the inner workings of the company.
How Context Switching Affects Your Business
Context switching is more than just an inconvenience. It carries significant impacts. First, there’s the security impact. Frequent context switching increases the likelihood of inconsistencies and errors, such as applying incorrect policies or overlooking specific client requirements. These can result in misconfigurations, not patching on time, leaving vulnerabilities and more. On a more strategic level, mental fatigue can reduce the ability to make the right security decisions that will bolster clients’ security posture. Long term effects of content switching can also lead to burnout, diminished job satisfaction and lowered client outcomes.
The business impact of context switching also impedes your ability as a vCISO to maintain and grow your business. If clients perceive that your attention is divided and that communication is inconsistent, or they sense recurring errors, they may feel their security is not a priority. This can damage relationships and confidence in your ability to protect their organization. This could result in the loss of a client, as well as the potential referrals that client could bring by recommending you to others.
Reducing context switching is crucial if you want to maintain productivity, ensure strong security outcomes and grow your business. Here are some useful and impactful tips to follow:
Prioritize Tasks Based on Risk and Impact
Start with the tasks that bring the most value and impact. Evaluate tasks and incidents based on their security implications and urgency. You can also use a risk register to help prioritize them and support your decision-making. Address high-risk tasks and active threats before routine activities. Answer C-level queries before tactical questions. Create reports to show posture and ongoing progress before moving on to the next security pillar unless it’s an active threat.
Put Similar Activities Together
One of the biggest challenges of mental shifting is refocusing on different types of tasks. Deep work like learning about a new compliance framework requires different cognitive skills than answering emails. Perform similar tasks in dedicated blocks of time to reduce mental shifts. For example, review all client security dashboards during a morning session, then focus on client communications in the afternoon. This will have a noticeable impact on productivity.
Choose Effective Communication Practices
When you are in the zone of crafting a new client strategy and are interrupted by an alert for a client meeting right in the middle of your work can actually kill the whole creative process. Encourage clients to provide updates or requests in writing, allowing you to respond during planned intervals. Meetings are still important, so schedule regular check-ins either weekly or bi-weekly, to check in and address their needs, while reducing ad hoc meetings and interruptions.
Put It All in Writing
Replicability and standardization in your everyday work can reduce friction. Keep detailed playbooks and set processes for common scenarios like incident response, compliance audits, or vendor assessments, as well as detailed notes for each client. These can help streamline processes while also enabling you to share them with other team members, so they can perform them instead of you, which will then reduce your cognitive load.
Build Effective Teams and Delegate
You can accomplish this by building small, specialized teams for each client and assign the team members routine security tasks. By delegating operational tasks such as scheduling or documentation to team members or external vendors, you can then focus on more strategic priorities. Utilize automation tools for routine reporting or vulnerability monitoring.
Use a vCISO Platform
A vCISO platform is an automated platform that provides and generates everything required to provide vCISO services at scale. This includes risk and compliance assessments, security gap analysis, tailored policies, strategic remediation plans with prioritized tasks, tools for ongoing task management and risk management, security progress tracking and customer-facing reports.
A vCISO platform acts as the central cybersecurity and compliance management hub and is the one source of truth for the vCISO, for each client individually and for all clients together. A vCISO platform allows vCISOs to easily create and manage multiple clients. They can track security and risk postures, monitor compliance and security framework complacency, prioritize and manage tasks, allocate resources and generate reports that quickly show the value of their vCISO services. All of these things can be done from a single dashboard for all clients.
These capabilities take away most of the challenges of vCISO context switching:
• Priorities and current security and compliance statuses for each client are clearly presented and managed. vCISOs are always updated on the latest mapping, gap, task status or progress, without the delay that accompanies retrieving the information.
• This also makes it easy for vCISOs and teams to understand what to work on next. Rather than having to remind yourself about important gaps to address or what was the next task discussed with the client, the information is readily available.
• Switching between clients also becomes easier. Comprehensive visibility into all clients from a single dashboard eliminates the need to switch between tools used to manage each client separately.
• A single dashboard of all clients and their current gaps and task management status makes it easy to prioritize clients and see which one to address next.
• Communication with stakeholders is also simple and streamlined, since reports are easily generated and any question can be answered in just a few clicks.
• Unlike a spreadsheet or emails, automations and standardizations eliminate the need to manually update client accounts or employees, alleviating one more task to (context) switch to.
• Finally, a high quality of work is ensured through the security and compliance tasks the platform takes care of, like generating policies.
Anyone on the team can quickly use the platform, enabling easy delegation of tasks and the workload. Productivity will increase due to automations and standardizations when performing security and compliance tasks increases productivity and grows revenue. And the bonus? Seeing the full picture of clients’ security gaps helps vCISOs upsell their services that can address those gaps, which will help to grow the business and increase revenue.
Context switching drains productivity and focus, especially for vCISOs juggling multiple clients, frameworks and stakeholders. It is possible to permanently put an end to context switching and increase focus on what is important and will have the most impact. When you do this, you will see a dramatic increase in performance and skyrocketing business growth. Emerging tools built for vCISOs can automate status updates, map controls to frameworks, and track tasks across clients. AI-powered assistants can also help summarize alerts, extract insights, and prioritize based on severity.
To be truly effective, a vCISO needs to go beyond putting out fires. Minimizing context switching is critical for strategic thinking, maintaining security quality across clients, and staying mentally sharp. By adopting smarter workflows and leveraging the right tools, vCISOs can reclaim their focus, and deliver even more value.
