What is a Virtual CISO, vCISO or

Fractional CISO?

vCISO (Virtual CISO) is a service designed to make top-tier security experts available to organizations who need security expertise and guidance. Our team of experts have decades of experience; building information security programs that work with business objectives and show measurable improvement to security posture.

Most small and middle-sized organizations don’t have the money to hire a CISO or enough work to keep one busy. vCISO service is a great way to apply verifiable industry experience to clarifying your needs and apply scalable bandwidth and flexible costs.

The market for security talent is tough. No turnover is a vCISO advantage as is the application of a proven methodology. Whether you decide to hire another full-time security professional or not, a vCISO can bridge the gap and make sure that expertise isn’t lost in the transition.

CISOs are expensive. Most of them cost between $250k and $350k when you factor in salaries and benefits. That’s not always easy for small- and medium-sized businesses to cover.

Whatever your security challenge, it never hurts to talk to an expert. If we can’t address your need directly, we’ll get you pointed in the right direction.

  • Information security leadership and guidance

  • Steering committee leadership or participation

  • Security compliance management

  • Security policy, process, and procedure development

  • Incident response planning

  • Security training and awareness

  • Board and executive leadership presentations

  • Security assessment

  • Internal audit

  • Penetration testing

  • Social engineering

  • Vulnerability assessments

  • Risk assessment

Gartner's recent review of the need for the virtual CISO

“The good news for such organizations is that Gartner has seen an uptick in what we are calling ‘virtual CISO’ offerings,” says Jeffrey Wheatman. “For organizations that need to fill the need for leadership but are not in a position to bring in a full-time and often very costly qualified CISO, the virtual CISO — a combination of staff augmentation, consultant, advisor and strategist — might be an option.”

At the most basic level, virtual CISO offerings are a hybrid of:

  • Traditional staff augmentation, involving an on-site or virtual presence in meetings, events, operations and strategy planning

  • Consultative engagement and management to drive creation and implementation of security and risk program artifacts, such as strategic and tactical roadmaps, architecture and policy, and to run risk management and risk assessment processes

  • Project management of architecting and deploying security and risk solutions

  • Coaching or advisory services to train full-time staff on how to leverage created artifacts, develop communicating plans and train the next generation of security and risk leaders