Frequently Asked Questions
How would you describe your ideal Client?
The ideal client:
- Runs a small federal government contracting business (1-500 employees), a privately held firm that sells personal or professional services.
- Is facing a challenge or bottleneck with their technology or cybersecurity that is significant to them. These can be issues that keep them up at night or cause persistent frustration and slow down of delivery. The tech isn’t serving you; you are a slave to the tech you have.
- Is hiring me because of my expertise and is not afraid of any hard truths that may emerge.
- Willing to le me (1) determine what issues are relevant (2) diagnose the root causes to the problem accurately and transparently (3) suggest the best possible solutions that can lead to the desired outcomes and real change but minimize disruptions.
- Teams that are ready to be engaged from the start, forthcoming and honest with the current situation, and excited to jump into remediation steps with a little mix of fear and excitement but confident that the result is significantly better than the current situation.
- Teams that are open to different perspectives. Acknowledging that self-diagnosis is extremely hard and usually viewed through rose-tinted glasses.
- There is no hesitation about the fee against the possible (& probable) long-term positive impact on their business, without reminder or prompting. They understand that trying to go it alone, or even without, is more expensive and burns more time than not hiring me.
What size are the companies that you work with?
Most of my paid services have been for companies between 1-500 people. My entire consulting practice is built on understanding the differences in scale. The more formalized your company needs to become the larger it grows. Cyber frameworks are built on scale.
How do I know if a vCIO is right for me?
If you have a current IT team that are just “fixers” a vCIO can provide additional expertise and support to look for enhancements in your business.
The complexity of your business needs, typically the more complex your business functions that greater probablity a vCIO can use technology to increase value.
Of course budget plays a part. Having a key senior team member that can execute and maintain oversight can ensure a greater chance of success of a project and efficient use of budgets.
What are typical payment terms?
All services are fully prepaid and non-refundable, for any reason.
This is two-fold: (1) It allows me to be completely transparent with you, that you may get upset and potentially withhold payment. Sometimes the truth hurts (2) It is your responsibilty to bring oversight to your team during implementation. A failure to implement is not a reflection of the industry accepted strategies that will I provide based on your uniquest circumstances.
Do you certify the Cybersecurity Practices?
Short answer, no. My practice is built on aligning the federal government contractors busines to NIST 800-171 framework. The goal is to create a business that can maintain a cybersecure culture and not just check boxes. Passing a one time audit does not in any shape or form me you are secure. Its good for about 2 seconds if you revert to old habits until the next audit.
The standard that is coming is called CMMC. It has went through ups and downs and is currently in rule making.
I am waiting to see how this shakes out.
But by working with clients to incorporate cybersecurity best practices, aligned to NIST 800-171 you will be better prepared come an audit.
What Guarantees come with your service?
Like many other professional services, what you put in and commit to is what your get out. The information you recieve is factual, industry best practice, and cutting edge.
The service is not a “make you feel good” consultation. It is strictly implemented to accomplish the agreed up on goals. There can be some hard truths that come out.
Your team are the implementors.
I thought my MSP did the same thing?
A vCIO plays a strategic role not bound by an existing technology but identifies gaps and other weaknesses. A vCIO looks at building systems to scale.
A great vCIO will help define guidance to business owners on how an MSP will function within their company.
Can we get together and meet first?
Feel free to sign up for a virtual coffee section. Links are all over this website.
I will be happy to spend some time understanding your situation and how we can work together.
What are the typical deliverables?
The main deliverable is objective, insightful analysis and transformative advice. The focus is not on long reports that no one will ever read. The recommendations will be short, consise, sometimes in only outline form. Or markups on your existing documentation that has been reviewed. Then we will expand where necessary or unclear.
Everyone must be on the same page, me and you. Don’t assume. Ask for clarity.
What is a significant interaction during implementation?
After the main engagements are complete, each is followed by an execution period. This is for a set number of significant phone calls or emails, whichever occurs first. This can be initiated on your end or our end. This period and interaction are defined on each service page.
A significant interaction is one where an agenda is developed, and preparation must occur. You have gathered a list of questions, or a more substantial issue arises that needs to be resolved. We initiate if we feel we are being avoided or momentum is being lost.
“John has always been an exceptional industry partner with a clear command of information technology, running the spectrum from policy to implementation. He brings both complementary and force-multiplying skills to every initiative we’ve undertaken. A true asset and go-to teammate.”
Michael Ferritto – Aquila Technology
Cara Parker – CParker Consulting
Sterling Edwards – Sterling Edwards Home Improvement
Rialand Jones – Lammar Marie Gourmet Popcorn
Justin Holroyd – USMC Veteran, Sales and Project Manager
Jeff Say – Culpeper Chamber of Commerce
Amy Roberts — Piedmont Management Group