Thrive Overview

September 30, 2022

The September 27th, 2022, Telarus Tuesday call welcomed Rick Ribas, Channel Chief, and Derek Collins, VP of Channel Sales at Thrive. Rick and Derek discussed the latest industry trends showcasing how partners leverage vCISO services as a scalable and economical approach to providing information security program development for small to mid-sized businesses. This value-driven model offers more traditional, full-service vCISO capabilities for mature organizations with stringent security regulatory or compliance obligations. Thrive vCISO experts design, develop, and maintain a customized Information Security Program that complements your customer’s business strategy and risk tolerance. With Thrive vCISO services, you will have peace of mind as we assist you in meeting your regulatory, audit, and compliance obligations to focus more on your core business. The entire recording can be viewed here.

About Thrive

Today’s shifting tides of technology innovation create challenges and opportunities. As more and more workloads shift to the Cloud, IT management is now about doing technology work outside the corporate walls more than within. Thrive is here to help. They have teams of expert engineers and support groups dedicated to Cloud, security, network management, disaster recovery, business continuity, and more.

We still roll up their sleeves with internal IT teams to manage help desk and traditional LAN environments. Still, leveraging Thrive’s NextGen technology expertise will ensure your organization is ahead of the curve and leveraging technology to its fullest. 

Thrive Overview

The Thrive Team

Founded in 2000, the Thrive team comprises industry and technical experts dedicated to ensuring that customers optimize their business performance through the strategic implementation of theirThe current state of IT in mid-sized business statistics

The talent gap is increasing. In 2022, 75 percent of organizations will experience visible business disruptions due to the IT skills gap. The cybersecurity industry needs a 62% talent increase to meet today’s business demands.

IT cannot keep up. 67% of cybersecurity professionals bemoan a lack of time and resources to mitigate all of their digital vulnerabilities. 72% of IT leaders say project backlogs prevent them from embarking on strategic projects like focusing on strategic initiatives.

IT problems are outgrowing budgets.  IT Budgets are growing in 2022 at 1/3 of the rate they did in 2021. Lack of IT budget is the top issue keeping CIOs up at night.

The security problem is getting worse. Cybersecurity is the number one priority for CIOs in 2022. Studies have shown that the total cost of cybercrime is increasing 12% year over year. 

Consulting Services 

Virtual CISO (vCISO)

A virtual Chief Information Security Officer (vCISO) is an Executive-Level cybersecurity practitioner who applies extensive business and InfoSec experience to help companies develop and manage an effective Information Security Program. 

Virtual CISO Foundation

Thrive’s vCISO Offering is built around two foundational concepts: 

  1. Center for Internet Security (CIS) Framework
    1. CIS Mission: “Our mission is to make the connected world a safer place by developing, validating, and promoting timely best practice solutions that help people, businesses, and governments protect themselves against pervasive cyber threats.”
    2. CIS Controls is not just another list of good things to do. Still, a prioritized, highly focused set of actions with a community support network to make them implementable, usable, scalable, and compliant with all industry or government security requirements.
  2. ISACA Certified Information Security Manager (CISM) Domains
    1. Information Security Governance
    2. Information Risk Management
    3. Information Security Program Development and Management
    4. Information Security Incident Response

The Four Pillars of Virtual CISO  

  • Information Security Program Management
    • Develop and maintain an Information Security Program that complements their business strategy and risk tolerance.
  • Trusted Advisor – Coaching and Counsel
    • It helps reach balanced conclusions that drive reasonable Information Security decisions and measures.
    • Providing clarity and focus to see through the complexities and contradictions of today’s Information Security and threat landscape.
  • Governance and Compliance Oversight
    • Ensuring Information Security Programs will meet their regulatory, audit, and compliance obligations.
  • A Flexible Approach
    • “What keeps you up at night?” Customized solutions and recommendations for particular Information Security challenges and concerns.

Cybersecurity Risk Assessment 

Thrive’s Cybersecurity Risk Assessments evaluate cybersecurity posture and risk mitigation tools against the Center for Internet Security’s (CIS) 18 control areas to provide a comprehensive picture of the client’s current risk profile while developing a strategic roadmap for the future.

  • Thrive’s vCISO is an (ISC)² certified trusted advisor
  • Review of existing policies, controls, and compliance oversight
  • Center for Internet Security (CIS) framework implementation
  • Information security governance and compliance oversight
  • Third-party partner due diligence initiatives
  • Ongoing cybersecurity program validation

Assessment: Scope and Approach


COMPANY has selected Thrive to assess their security current security program and determine the state of organizational security posture. The deliverable is a document reviewing current risk areas while outlining tactical and strategic recommendations to address gaps and identify improvement opportunities in the following areas as they comply with the CIS framework.


Thrive Consultants review technology infrastructure and security systems using automated and manual data collection methods.  Thrive also utilizes existing technology and security management systems to assist with discovery and evaluation. This assessment has been made using automated tools, screenshots, and stakeholder interviews conducted during the assessment period.

  • Review the provided documentation
  • Review the results of automated data collection tools
  • Manual review of systems, infrastructure, and critical devices
  • Conduct staff interviews
  • Compare findings to industry-accepted best practices.
  • Conduct a Thrive peer review to recommend solutions

For more detailed information discussed in the call, please watch the recording on YouTube! The entire recording is available here.

To learn more about Thrive, visit