IT Services | October 23, 2020

Expert Q&A: The Ins and Outs of Working with a Virtual CIO

Bob Pennisi is a Strategic Account Manager at EMPIST, and he is taking over the blog to discuss some of the most commonly asked questions on working with a virtual CIO (vCIO)

Expert Q&A: The Ins and Outs of Working with a Virtual CIO

One of the main services that you push to help clients is virtual CIO, also known as vCIO. Tell us a little about what a vCIO is?

Virtual CIO services are essentially an outsourced CIO role or strategic advisement services that provide clients help to align strategy, create a cohesive plan around security, compliance, infrastructure management, hardware & software lifecycles, and help provide a budget. As a vCIO, you need to know the ins-and-outs of the business pretty well to have a strong technical understanding of the environments we support.

I can only imagine there are probably certain scenarios where it does make sense and certain situations where it’s best to have a traditional in-house CIO. How do you distinguish between those scenarios?

Typically most organizations that have an in-house CIO tend to be in the mid-size to enterprise-size business space. By and large, our clientele tends to be smaller to mid-sized businesses that don’t necessarily have the budget or even the know-how to take on the role of a CIO.

How often does a vCIO have a touchpoint with the clients? Are they speaking every day? Once a week? 

What it looks like depends on the client. At the very least, a quarterly cycle meeting is scheduled with our clients where we’re delivering full strategy and discussions. However, clients can have a primary point of contact for more frequent communication bi-weekly.

Would you say a small to mid-sized business is going to be a good fit for working with a vCIO?

A lot of companies don’t really have anybody advising on strategy. They may have somebody in-house who knows about the software that they use but isn’t so much versed in security or infrastructure, or, they might have somebody in kind of a help desk role/user support role, but they don’t know enough to guide that ongoing strategy. It fits for any business, even if they do have that CIO role filled.

I’ve engaged with a couple of companies who have a CIO. They still need help verifying those solutions or exploring solutions. They might come to us with an objective and we might be able to provide some extra insight or help.

How does using a virtual CIO save a business money?

That’s a little bit of an intangible because a vCIO is making sure clients maintain a day-to-day compliant and secure environment, which requires investment into the infrastructure. However, we are always advising on best practices around security, redundancy, and compliance, so that saves you the time and cost of more emerging issues.

We are staying ahead of end-of-life dates, so you’re not scrambling to refresh infrastructure at a time when everybody else is. That could be driving prices up or making sure there is a redundancy and Disaster Recovery plan, etc. There is no definite way to measure ROI, but it’s a lot more intangible upfront regulatory kinds of things that are very important.


  • Compliance Requirements 
  • Data Loss Prevention 
  • Disaster Recovery 
  • Business Continuity
  • Security Controls 

What makes working with a virtual CIO at EMPIST so different? 

I think the biggest advantage to qualify us is just being transparent in the MSP world. We do support a pretty wide array of different industries. We’re not pigeonholed into certain verticals, so we’re applying practical knowledge across multiple different types of organizations. I think also a team-based approach is key. We’re not doing this in a bubble; we have a lot of support and resource training that we do.

Finally, I think part of what we do that not all MSPs are doing is the way we approach analyzing client environments. We do a thorough analysis of the technical landscape. From looking for security vulnerabilities to best practices, and we provide comprehensive reporting when we do these strategies. It is worth noting that we are putting this together into a live strategic roadmap with associated budget numbers, execution, and plans. It’s not just a list of things that have to get done. There’s an actual timeline and budget associated with it.

For more IT news, blogs, and industry insights throughout the week, follow us on Facebook, TwitterLinkedInand Instagram.