Some excellent points by Christophe H.
As I wrote in CISO vs vCISO vs fractional CISO, I see a difference between fractional and virtual:
- a Fractional CISO is accountable, just like a CISO, but is working part-time.
- a vCISO can only be made responsible; the accountability stays with the CxO they "augment".
As for the fractional vs full-time aspect, both are perfectly fine, so long as the context and expectations are aligned. There is a time and a place for both.