Here’s Why MSPs Should Explore Adding vCSO Services: Galactic Advisors

In response to the growing risk from commoditization of managed IT services and the shortage of cybersecurity professionals who can fill chief security officer (CSO) roles, MSPs would be smart to explore adding virtual CSO services, according to an executive from cybersecurity assessment and consulting firm Galactic Advisors.

Bruce McCully, CSO at the Nashville, Tenn.-based company, addressed an audience of MSPs Sunday at XChange March 2023, which is hosted by CRN parent The Channel Company and being held this week in Orlando.

[Related: Zero Trust Security’s New Pitfall To Avoid: Over-Investing]

McCully said there’s currently a major risk of MSPs losing clients who opt to switch to lower-priced competitors as managed IT services start to see greater commoditization.

“What you do when all of these different components become commoditized [is] you focus on getting above it,” he said.ADVERTISEMENT

Offering vCSO services is a strong opportunity for MSPs because many already have significant experience in the cybersecurity realm, McCully said. “If you go through the exercise of building out your CSO resume, you’ll be shocked at your credentials.”

He recommended that MSPs who serve the SMB market choose to focus on medium-sized businesses with any vCSO service offering, since that’s where the highest growth is available right now.

McCully acknowledged that there’s a lengthy to-do list in order to be able to offer vCSO services, presenting a slide with more than two dozen requirements, but said that he and his firm have developed a number of resources to help MSPs get started, including a book that was handed out to audience members.

At the top of McCully’s list is to build the vCSO offering itself and profile what type of clients to target. Other key items on the list include completing a risk assessment questionnaire, getting familiar with the sales process for vCSO services and developing an incident response procedure.

Brian Edelman, founder and CEO of FCI Cyber, a managed security service provider (MSSP) based in Bloomfield, N.J., said his firm has been offering similar services since he launched the company in 1995. Edelman said the content that McCully presented about what’s necessary to offer vCSO is “dead on.”

However, it’s not a quick or easy transition to make, Edelman said.

“If you want to go down the path of being a security team, first off, it doesn’t happen overnight,” he said.

Edelman suggested that for an MSP that’s exploring the idea of providing vCSO services to clients, a key initial step is to become proficient at managing their own internal cybersecurity program.

“If you do it [well] for yourself, then make that jump,” he said. “But if you don’t do it well for yourself, then learn to do it well for yourself—and then make an informed decision that allows you to do something that’s good for you and your clients.”LEARN MORE: Cybersecurity  | Managed Security 

 Learn About Kyle Alspach


Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at [email protected].


SMBs Need Tools For Cyber Threat Detection Too: XcitiumHP CISO Joanna Burkey On Securing The Hybrid Workforce And Her Biggest FearOkta CEO: ‘Our Neutral Choice Is Going To Win Out’ Vs. MicrosoftSecure Browser Startup Island Hires Industry Vet As First Channel ChiefSlashNext Unveils Its Own Generative AI To Thwart ChatGPT-Powered Email Attacks TO TOPADVERTISEMENT


  1. Zscaler Discloses Layoffs For 3 Percent Of Employees | CRN
  2. CEO Antonio Neri On HPE’s Supercomputing ChatGPT Advantage, Axis Security And GreenLake Momentum | C
  3. Broadcom CEO ‘Confident’ VMware Deal Will Pass Muster With Global Regulators | CRN
  4. The 10 Highest-Paying Cloud Certifications In 2023 | CRN
  5. Cloud Marketplace Guru On AWS, Microsoft, Google, ISV Trends | CRN

Leave a Reply

Your email address will not be published. Required fields are marked *