Chief Information Security Officers are widely viewed as a critical, but they come at a high cost and are difficult to recruit and retain. With a limited budget, we can often offer limited functionality to your team in the realm of risk management and strategic planning. Depending on budgets and need, short site visits may be needed to initiate the service. 

A vCISO  is an organizational risk advisor tasked with helping a company identify their critical assets (data included), creating a strategy to continuously monitor, measure, and improve security capabilities, but who is working on a less than full time (consultative) level. 

How this benefits you…

We have tailored a specific set of regular tasks to make the best use of time and efforts while providing the maximum impact to the overall security posture of the organization.

• Reporting - threat modeling; security reporting suitable for board/executive level readers; and technical (meant to affect actionable changes)

• Consulting - strategic planning; program management 

• Incident Response - tabletop exercises; planning; emergency response (as needed).

• All with no hiring, retention, or excessive costs

Verified and Validated Skills

We take our professional learning very seriously, as we know that to understand your environment, we often need to master the tools and methods you use.

• Certified Information System Security Professional (ISC2)

• Certified Information Security Manager (ISACA)

• CMMC Certified Professional (CyberAB)

• ITIL Foundations Practitioner (Exin)

• Microsoft Certified Educator 

• Certified Google Administrator (L1)

• Apple Certified Maintenance Technician (ACMT + Helpdesk)

• Numerous platform/vendor specific certifications…

Core Competencies Include:  

Physical security 

Risk Management 

• BCDR – Business Continuity and Disaster Recovery Planning

Ongoing Training and Awareness 

Project Management 

Strategic Planning

• Program Management 

• Budgeting and Forecasting

Governance and Regulatory Compliance

• COBIT5, ITIL, ISO17799/27001/27002, SANS

• Policy, Standards, Guidelines, SOPs 

• Auditing for evidence 

Network assessments

• Remote evaluation against industry best practice, critical controls, and security hardening

• Firewall, wireless, switching, and routing reviews.

• With 20+ years of experience designing, implementing, and auditing school WAN/LAN/WLAN and systems, you can rest assured your needs will be met.

Types

• Remote or Onsite

• White, Cystal or Black Box

Scope

• Policy, Standards, Guidelines, Procedures

• Security, Cyber Security, Access Controls

• IT, HR, Finance

Scope

• SOC2

• ISO

• GDPR

• NIST

• CIS

• PCI-DSS

• Many more...

Assumptions

• Time and Materials based (T&M), fully transparent, billing

Scope

• Firewalls

• Switching

• Routing

• Wireless 

• Access Controls

Scope

• ISO17799, ISO 27001, ISO 27002

• ITIL

• COBIT5

• NIST and/or CMMC

Assumptions

• Remote, no travel time

• Time and Materials based (T&M), fully transparent, billing

Scope

• Policy, Standards, Guidelines, Procedures

• Security, Cyber Security, Access Controls

• IT, HR, Finance