Levels
Overview
Different CvCISOs can do different things for their clients in different situations. In the initial iteration of the CvCISO® certification, there are four certification levels and one specialty certification: Level 1, Level 2, Level 3, and Expert. The Mentor designation is the certification specialty.
Certification means that the CvCISO® has demonstrated they can fulfill the requirements necessary to perform the role well. Certification does not offer a guarantee that the CvCISO® will perform the role well (a benefit that comes from the CvCISO® community).
Requirements (All levels)
All CvCISO® certifications have the following minimum requirements:
- Attend the SecurityStudio Certified virtual Chief Information Security Officer Course (CvCISO-1), including all classes.
- Complete all assignments from CvCISO-1
- Complete all quizzes in CvCISO-1
- Pass the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO) exam.
- Maintain good standing within the CvCISO Community
Additional requirements for each CvCISO® Level are summarized in the table below:
CvCISO Level 1
Level 1 is where the CvCISO journey starts. There are no additional experience requirements for CvCISO® Level 1; however, there are some restrictions on the work that should be permitted to perform. A CvCISO® Level 1 should NOT be permitted to lead vCISO work for any client, they should always work alongside or under the tutelage of a CvCISO® Mentor.
A CvCISO® Level 1 can progress to CvCISO® Level 2 once they have met the additional requirements for CvCISO® Level 2.
- No Experience Requirements
- Limited Engagement – Must Work with Mentor
CvCISO Level 2
The additional experience requirements for CvCISO® Level 2 ensure that they can serve small organizations (up to 100 employees) without the need for a Mentor.
CvCISO® Level 2 is a mid-level vCISO® who should be able to manage information security in less complex environments and with customers who have minimally mature information security programs.
The experiential requirements for CvCISO® Level 2 are:
- 1 year information security experience.
- 3 previous vCISO engagements.
- 6 months (.5 years) vCISO/CISO experience (w/Mentor is acceptable)
The primary purpose for CvCISO® Level 1 and Level 2 is to introduce new people into the information security industry and help them progress in their vCISO work.
- Minimum Experience Requirements
- Limited Engagement – Small Organizations
CvCISO Level 3
Level 3 CvCISOs can work as a vCISO in all organizations; however, there are some additional training and experience requirements.
The experiential requirements for CvCISO® Level 3 are in line with those of a Certified Information Systems Security Professional (CISSP®); however, the CvCISO® Level 3 certification holder must also have previous vCISO experience.
Additional required training:
- Information Security in Complex Environments Course (CvCISO-E)
- Information Security Communications Course (CvCISO-C)
- Information Security Budget Justification Course (CvCISO-B)
The experiential requirements for CvCISO® Level 3 are:
- 5 years information security experience;
- 2 years managing infosec projects;
- 5 previous vCISO engagements and/or;
- 2 years vCISO/CISO experience
Note: A person who successfully completes the CvCISO-1 Course, passes the CvCISO-1 exam, and possesses the necessary experience for Level 3 or Level 4
A person certified at Level 3 should be fully capable and qualified to serve as a vCISO in complex environments across industry verticals.
- Additional Training Required
- Mid-Level Experience Requirements
- Unlimited Engagement
- Qualifies to become CvCISO® Mentor
CvCISO Level Expert
The most prestigious CvCISO® certification level, a CvCISO® Expert is truly an expert and has achieved a great accomplishment. CvCISO® Experts are fully capable of helping the largest and most complex organizations, but they are also an extremely important part of our CvCISO® community. A CvCISO® Expert is esteemed and gives back to the community by being an active participant in the CvCISO® program.
To become a CvCISO® Expert, all the requirements for CvCISO® Level 3 must be met, and the certification holder must complete the CvCISO® Expert Interview. The CvCISO® Expert Interview is a structured interview with other CvCISO® Experts.
The experiential requirements for CvCISO® Expert are:
- 10 years information security experience.
- 5 years management experience.
- 10 previous vCISO engagements.
- 3 years vCISO/CISO experience.
CvCISO® Experts ultimately become the people who run the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO® ) Program.
- Additional Training Required
- CvCISO Expert Interview Required
- Expert Experience Requirements
- Unlimited Engagement
- Lead Direction of CvCISO Program
CvCISO Level Mentor
CvCISO® Mentors are extremely capable vCISOs, but also possess the skills and desire necessary to mentor other vCISOs. CvCISO® Mentors often work for organizations who are building and maintaining their own group of vCISOs.
Anyone can mentor a CvCISO® , but the CvCISO® Mentor designation demonstrates that the certification holder is committed and credible to this important task.
To earn the CvCISO® Mentor designation, a person must be CvCISO® Level 3 (or higher) and successfully complete the Information Security Mentorship Course (CvCISO-M).
- Additional Training Required
- Mid-Level Experience Requirements
- Unlimited Engagement
- Mentors for CvCISO® Level 1 and 2
Other courses
View all.png)
CSSRA® (Certified SecurityStudio Risk Assessor)
–
The Certified SecurityStudio Risk Assessor (CSSRA) course is a practical, hands‑on certification that teaches learners how to confidently conduct objective, defensible risk assessments using the SecurityStudio S2 platform. Through guided instruction, real‑world examples, and platform‑based practice, participants gain a clear understanding of how to evaluate organizational risk with consistency and accuracy. This course is ideal for IT professionals, security leaders, consultants, vCISOs, and anyone responsible for assessing cybersecurity risk. By the end of the program, learners will be fully prepared (and authorized) to perform SecurityStudio risk assessments, interpret results, and deliver meaningful, actionable insights to stakeholders. This includes 15 months (3 month cohort + 12 month annual subscription) of access to course materials, mentorship opportunities, exclusive content, and valuable networking opportunities to help students deepen their expertise, stay current, and further support their professional risk assessment capabilities.
CvCISO® Complete Program Course Bundle (Foundations, All Level 3, Student Subscription)
–
This bundle includes everything academically needed to complete the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO®) Program. Courses include the CvCISO® Foundations Course, and all Level 3 courses: Budgeting, Communications, and Complex Environments. Completion of the programs curriculum takes 1 year (if no breaks in study are taken). To accommodate for scheduling, this bundle includes 2 years access to all course materials, LIVE classes, mentorship opportunities, the CvCISO® Community, exclusive content, and valuable networking opportunities to help deepen your expertise, stay current, and further support your professional virtual information security leadership development.
CvCISO® Level 3 Course Bundle (All Level 3, Student Subscription)
–
This bundle is designed for the individual interested in taking all the Level 3 courses and remaining an active member of the CvCISO® Community to further support their education and professional development. It includes access to the CvCISO®-B (Budgeting), CvCISO®-C (Communications), and CvCISO®-E (Complex Environments) courses, plus 15 months of access to course materials, mentorship opportunities, exclusive content, and valuable networking opportunities.
Information Security in Complex Environments Course (CvCISO®-E)
Mar 2, 2026
–
Mar 18, 2026
Complexity is often the biggest enemy of effective security. Traditional approaches frequently fail in large, multifaceted organizations. CvCISO®-E provides a structured methodology to overcome these challenges. The CvCISO®-E course is designed to help information security leaders (CISOs, vCISOs, executives, and others) secure complex environments such as state-level or global enterprises.
Information Security Communications Course (CvCISO®-C)
Feb 2, 2026
–
Feb 18, 2026
Effective communication is often cited as the most critical skill for CISOs and vCISOs. Technical expertise alone isn’t enough; leaders must be able to influence decisions, secure budgets, and align cybersecurity with organizational strategy. The CvCISO®-C course directly addresses this gap, focusing on strengthening communication skills for cybersecurity leaders, particularly virtual CISOs (vCISOs). It equips professionals to effectively convey complex security concepts to executives, boards, and non-technical stakeholders.
CvCISO® Foundations Course | April 2026
Apr 6, 2026
–
Jun 17, 2026
This is the official curriculum for the SecurityStudio Certified virtual Chief Information Security Officer (CvCISO®) Foundations course. Upon passing the exam, graduates of this course will attain CvCISO® Level 1 (or Level 2) certification (based on experience). This includes 15 months (3 month cohort + 12 month annual subscription) of access to course materials, mentorship opportunities, exclusive content, and valuable networking opportunities.
TeejLab API Security and Governance Foundations Course
–
The API Security and Governance Foundations course is a self-paced, 12‑hour course developed in collaboration with TeejLab and SecurityStudio Academy. Learners gain hands-on experience with the TeejLab API Discovery platform while exploring the evolution of APIs, security frameworks, legal considerations, and modern governance practices. Upon completion, participants earn a certificate of completion and 12 CPE credits.
Information Security Budget Justification Course (CvCISO®-B)
Apr 6, 2026
–
Apr 22, 2026
The CvCISO®-B course is designed to equip cybersecurity leaders with the skills to build, defend, and communicate effective security budgets. Participants will learn how to align budget requests with business objectives, quantify risk reduction, and present compelling financial justifications to executive stakeholders.
