Chief Information Security Officers are widely viewed as a critical, but they come at a high cost and are difficult to recruit and retain. With a limited budget, we can often offer limited functionality to your team in the realm of risk management and strategic planning. Depending on budgets and need, short site visits may be needed to initiate the service.
A vCISO is an organizational risk advisor tasked with helping a company identify their critical assets (data included), creating a strategy to continuously monitor, measure, and improve security capabilities, but who is working on a less than full time (consultative) level.
How this benefits youโฆ
We have tailored a specific set of regular tasks to make the best use of time and efforts while providing the maximum impact to the overall security posture of the organization.
Reporting - threat modeling; security reporting suitable for board/executive level readers; and technical (meant to affect actionable changes)
Consulting - strategic planning; program management
Incident Response - tabletop exercises; planning; emergency response (as needed).
All with no hiring, retention, or excessive costs
Verified and Validated Skills
We take our professional learning very seriously, as we know that to understand your environment, we often need to master the tools and methods you use.
Certified Information System Security Professional (ISC2)
Certified Information Security Manager (ISACA)
CMMC Certified Professional (CyberAB)
ITIL Foundations Practitioner (Exin)
Microsoft Certified Educator
Certified Google Administrator (L1)
Apple Certified Maintenance Technician (ACMT + Helpdesk)
Numerous platform/vendor specific certificationsโฆ
Core Competencies Include:
Physical security
Risk Management
BCDR โ Business Continuity and Disaster Recovery Planning
Ongoing Training and Awareness
Project Management
Strategic Planning
Program Management
Budgeting and Forecasting
Governance and Regulatory Compliance
COBIT5, ITIL, ISO17799/27001/27002, SANS
Policy, Standards, Guidelines, SOPs
Auditing for evidence
Network assessments
Remote evaluation against industry best practice, critical controls, and security hardening
Firewall, wireless, switching, and routing reviews.
With 20+ years of experience designing, implementing, and auditing school WAN/LAN/WLAN and systems, you can rest assured your needs will be met.
What a vCISO means to your business:
๐ง๐ต๐ฒ ๐ฆ๐ ๐ - Small and Medium Business
Low cost option (security pros for this size is highly unlikely)
Limited functions as few have time to coordinate with vCISO
Roadmaps are prescriptive and foundation level
Education and training focused
Program management
Lots of documentation
Define a framework and build toward that goal state
More programatic than technical
T๐ต๐ฒ ๐ ๐ถ๐ฑ-๐ ๐ฎ๐ฟ๐ธ๐ฒ๐ - more than a hundred on your team
Greater buy in and more work required, often seen as staff augmentation
Roadmaps are tailored to your needs, your goals, and your strategies
Board and executive support
Must be very technical, as interactions will likely be advising those teams
Enterprise (๐ญ๐ฌ๐ฌ๐ฌ ๐ฎ๐ป๐ฑ ๐๐ฝ) - Requires a Subject Matter Expert
Targets specific outcomes, projects, or programs
Interfaces with existing security and risk management teams
High level advisor and stratigist with deep technical understanding and industry experience