Embedded Files
(Remote) Virtual Ciso
(Remote) Virtual Ciso
Chief Information Security Officers are widely viewed as a critical, but they come at a high cost and are difficult to recruit and retain. With a limited budget, we can often offer limited functionality to your team in the realm of risk management and strategic planning. Depending on budgets and need, short site visits may be needed to initiate the service.
A vCISO is an organizational risk advisor tasked with helping a company identify their critical assets (data included), creating a strategy to continuously monitor, measure, and improve security capabilities, but who is working on a less than full time (consultative) level.
How this benefits you…
We have tailored a specific set of regular tasks to make the best use of time and efforts while providing the maximum impact to the overall security posture of the organization.
Reporting - threat modeling; security reporting suitable for board/executive level readers; and technical (meant to affect actionable changes)
Consulting - strategic planning; program management
Incident Response - tabletop exercises; planning; emergency response (as needed).
All with no hiring, retention, or excessive costs
Verified and Validated Skills
We take our professional learning very seriously, as we know that to understand your environment, we often need to master the tools and methods you use.
Certified Information System Security Professional (ISC2)
Certified Information Security Manager (ISACA)
CMMC Certified Professional (CyberAB)
ITIL Foundations Practitioner (Exin)
Microsoft Certified Educator
Certified Google Administrator (L1)
Apple Certified Maintenance Technician (ACMT + Helpdesk)
Numerous platform/vendor specific certifications…
Core Competencies Include:
Physical security
Risk Management
BCDR – Business Continuity and Disaster Recovery Planning
Ongoing Training and Awareness
Project Management
Strategic Planning
Program Management
Budgeting and Forecasting
Governance and Regulatory Compliance
COBIT5, ITIL, ISO17799/27001/27002, SANS
Policy, Standards, Guidelines, SOPs
Auditing for evidence
Network assessments
Remote evaluation against industry best practice, critical controls, and security hardening
Firewall, wireless, switching, and routing reviews.
With 20+ years of experience designing, implementing, and auditing school WAN/LAN/WLAN and systems, you can rest assured your needs will be met.
What a vCISO means to your business:
𝗧𝗵𝗲 𝗦𝗠𝗕 - Small and Medium Business
Low cost option (security pros for this size is highly unlikely)
Limited functions as few have time to coordinate with vCISO
Roadmaps are prescriptive and foundation level
Education and training focused
Program management
Lots of documentation
Define a framework and build toward that goal state
More programatic than technical
T𝗵𝗲 𝗠𝗶𝗱-𝗠𝗮𝗿𝗸𝗲𝘁 - more than a hundred on your team
Greater buy in and more work required, often seen as staff augmentation
Roadmaps are tailored to your needs, your goals, and your strategies
Board and executive support
Must be very technical, as interactions will likely be advising those teams
Enterprise (𝟭𝟬𝟬𝟬 𝗮𝗻𝗱 𝘂𝗽) - Requires a Subject Matter Expert
Targets specific outcomes, projects, or programs
Interfaces with existing security and risk management teams
High level advisor and stratigist with deep technical understanding and industry experience
Page updated
Report abuse