Government contractors are like teenagers. Nearly overnight, their jeans are too short and their shoes are too small. Growth comes in spurts that can catch leaders by surprise.
You might be able to self-manage many areas of operations when you first land a contract or a juicy sub-contract opportunity, but information technology and cybersecurity demand experience and expertise—often long before you can justify hiring a Chief Information Officer (CIO) to join your leadership team. A new fractional solution might provide the perfect answer.
In small and medium-sized businesses (SMB), cybersecurity has become an essential part of daily operations. What once could be handled with a laptop, password, and a monthly backup has morphed into a business driver that impacts everything from storing data to remote connections. Contractors need a CIO, at least some of the time; introducing the fractional CIO.
Fractional role, personal service
A fractional CIO provides the same expertise and capability as a full-time CIO without the associated level of salary, benefits, and overhead expense associated with adding a senior executive.
This leadership-as-a-service approach is often offered by firms with deep cybersecurity and network management experience. A senior leader serves several clients by managing day-to-day IT operations, resources, and staff as well as the alignment between the business and technology. Clients pay a monthly or quarterly fee for a service-level agreement that typically includes ad hoc guidance for:
- IT leadership and management
- Knowledge of the current technology landscape
- Alignment between technology use, security, and business initiatives
- Key performance metrics definition
- Performance status reports
- ROI evaluation and budgeting
- Resource management
- Service provider partnerships management
- IT and business risk management
- Business processes design and optimization
- IT standards and policies
- IT governance
- IT security and compliance management
- Contract review and negotiate
- Board advisor
A quality fractional CIO takes the time to understand your current situation and growth objectives and truly become part of your “team.” Their advice helps determine and implement a broad technology agenda, allowing your SMB to benefit from leading-edge technologies and establish strong security policies that are sustainable.
Changing needs, changing scope?
Cybersecurity and IT management aren’t new challenges, but increasingly complex technical standards and evolving compliance policies require greater expertise than many small contractors have. You could try to get your IT staff to cover your needs, but you might miss out on the strategic leadership of a CIO or misinterpret the nuances of compliance. You could also try to hire a full-time CIO; however, the talent market is quite competitive and the executive-level salary could be a burden, especially with a new contract to staff.
Fractional CIOs, by comparison, are flexible enough to handle the changing needs and scope of contractors. One month your needs might be licensing. The next might be budgeting. As an on-call resource, your fraction CIO can help you make informed decisions and use technology to its greatest advantage, without the commitment of a hire. The value of a fractional CIO is realized through:
- Independence, providing specific pros and cons for products, solutions, and vendors
- Strategic guidance and tactical implementation
- Experience, guiding common business situations with confidence
- Business-focus specific to your industry
- Coordination of resources and staff, leadership, and implementation
- Increased agility
- Reduced risk
Is a fractional CIO right for you?
There are several factors to consider around hiring a fractional CIO. To help you clarify your needs, consider these common SMB use cases.
Growing businesses, by necessity, often require an all-hands-on-deck mindset among employees. Many fractional CIOs can handle both technical tasks and weigh in on business decisions about technology and cybersecurity, with enough flexibility to adjust to different needs and asks each month, allowing others in your company to stay focused on core business activities.
Your staff size:
Contractors with 50-100 users have a significant level of personnel management and information management within the network. Keeping things organized with a fractional CIO is important to efficient operations, requiring both experience and focus.
Number of devices:
Managing company-owned devices, workstations, and on-site government contract laptops becomes a more significant technical chore at 50 devices. You’ll want a fractional CIO to ensure you’ve got the right products and systems in place and to handle monitoring configurations.
Your growth trajectory:
If you’re looking at a major opportunity for growth, or you’ve already grown in headcount or revenue, the time for fractional CIO expertise is sooner than later. That’s because it’s easier to implement policies when a company is small. Every new employee, device, and system can be brought online with solid, secure policies in place rather than trying to wrangle change in a larger organization.
Your specific industry determines which IT or cybersecurity standards you need to follow—and all contractors will soon need cybersecurity certification. A fractional CIO can lead remediation actions or manage compliance requirements. Some guidelines, like NIST 800-171, involve monitoring and validation activities by a third party. Virtual CIOs can often fulfill those roles.
Does your company hold valuable or sensitive client data? If so, you have data assets and network connections worth protecting. A virtual CIO can help implement the cybersecurity measures necessary to defend against a breach and the reporting and response plan if you experience a phishing or ransom attack.
You may have highly technical staff but still find yourself lacking specific expertise around certain topics, or not enough time to keep on top of news and updates. A fractional CIO can assess and confirm your cyber stance and manage IT configurations, helping to fill in knowledge gaps and providing an executive-level perspective for growth or buying decisions.
SMB contractors juggle many management tasks and therefore are often the first to recognize when they need help. They describe their network as becoming unmanageable or their DropBox growing out of control or disorganized. Trust your instincts—these are red flags, in addition to the use cases mentioned above, that additional IT leadership and expertise would be beneficial.
If your SMB government contracting business is growing like a hungry teenager, feed it! Investing in fraction C-suite guidance provides the foundation for solid, sustainable, and secure growth.
About the Author:
Derek Kernus is the director of cybersecurity operations at DTS and holds CISSP, CCSP and CMMC RP certifications. DTS provides tailored, scalable cyber solutions for small- and medium-sized organizations leveraging top resources and the expertise of talented individuals with a passion for excellence to help protect our clients’ people and data.
The opinions expressed in this article are those of the author. They do not necessarily reflect the opinions or views of Executive Mosaic or its publications.