The Virtual CISO provides strategic Executive Information Security guidance resulting in increasing the security maturity of your organization.

We offer three levels of involvement. They are monthly retainer services that give you unlimited access to my expertise in specific areas, each building on the other. They are open ended, meaning that you can keep me on as long as you like – in fact, a number of my retainer clients have kept me on for multiple years.

Areas of coverage include, but are not limited to:

  • Data Handling, Encryption, and Protection
  • Access Controls
  • Processes, Policies, and Procedures
  • Hardening Practices
  • Secure Development Lifecycle
  • Configuration Management
  • Vendor Relationships
  • Physical Security
  • Security Awareness Training and Education

Virtual CISO – Basic

I will function as a remote resource to just one Company individual. I will provide references to best practices and guidance on re-prioritization of initiatives as requested. I will be available during client business hours by email, text, or chat and will respond to on-demand questions within 24 hours, typically much faster.

With this option, I will:

  • Respond to general security questions via Slack, Email, Text
  • Schedule a weekly call (45-60 minutes) for synchronization
  • Provide input on progressing an information security program based on a recent security gap analysis
  • Quarterly executive reporting and check in meeting

Benefits:

  • Current security guidance from an industry expert in the areas of Cloud Security, Security Organization, and Leadership

$3500/mo

Virtual CISO – Involved

In addition to the above, I will function as a backend remote security resource to Company providing guidance on the build out, establishment, and/or maintenance of an information security program. Interaction would be limited to one group and its management chain. I will provide references to best practices and guidance on re-prioritization of initiatives as needed. I will be available 24/7 by email, phone, or chat and will respond to questions within 12 hours, typically faster. Will also be available for a 30 minute meeting daily to maintain synchrony, replacing the one hour weekly call.

With this option, I will:

  • Provide Company on-demand guidance on
    • Executive Information Security Prioritization
    • Best practices on security specific to Company environment
    • Designing future state security team and program
  • Provide input on Information Security priorities
  • Provide updated and related security information related to your specific environment and tools
  • Provide guidance on information security strategy and roadmap
  • Provide guidance on information security policies and framework
  • Answer technical security questions and provide guidance on specific security controls throughout the organization and applications
  • Monthly executive reporting and check in meeting.

Benefits:

  • Increase the security maturity of your organization, lowering your overall security risk and exposure
  • Access to security thought leadership, for real-time prioritization
  • Proactive security response for your organization

An initial Enterprise Security Gap Analysis is required to seed data and priorities for this service to be successful.

$7500/mo

Virtual CISO – Complete (Limited Availability)

For organizations looking for a proactive approach for Information Security.

In addition to the above, I will function as Company’s Virtual CISO ultimately responsible for driving, establishing, and maintaining an information security program. This position is most successful when reporting to the CFO, CEO, GC or at least the peer of the CTO/CIO. I will build, establish, and maintain your information security program. I will work with all departments to ensure adequate security controls and processes are in place. I will provide management with updates on status and the security maturity of the company. I will re-prioritize initiatives as needed in alignment with business objectives. I will come onsite at least once every quarter, monthly if local, to ensure proper alignment of goals.

This option does require a 6 month commitment minimum to ensure proper program implementation, with a 30-60 day lead time based on scheduling and availability.

With this option, I will:

  • Establish an Information Security Program
  • Establish a One and Three Year Information Security Strategy aligned with the Business
  • Analyze Information Security priorities continuously
  • Provide oversight and mentorship for Information Security Engineers
  • Establish an Information Security Awareness Program; Promote information security internally
  • Represent Information Security externally to customers/vendors/investors as needed
  • Lead hiring and technical interviews, and growth of the security team

Additional Benefits:

  • Accelerated increase in security maturity of the organization
  • Increase in available time to work on core engineering initiatives, increasing productivity
  • Authoritative security reporting to management and board
  • Realtime understanding of security matters in relation to the business

An initial Enterprise Security Gap Analysis is required to seed data and priorities for this service to be successful.

Starting at $20000/mo

Note: This option has limited availability.