vCISO · Fractional CISO
A full-time CISO costs six figures — and most SMBs and mid-market companies don’t need one full-time. They need direction: priorities, policies, incident readiness and someone accountable to leadership. That’s what a vCISO delivers.
The problem
There are tools, an IT provider, good intentions — but nobody with the authority and method to decide what comes first, what gets documented, and what to answer when a customer or auditor asks.
Investment follows the last scare — not the biggest risk.
Security questionnaires, ISO 27001, NIS2 — and nobody with the time to answer properly.
The board owns the risk but has no visibility and no reporting it can understand.
Formats
Every format comes with the same senior, CISSP-led leadership — only the intensity changes. Fixed-scope proposal, no auto-renewals.
For teams that want method and priorities without continuous operation.
The most common format: monthly rhythm, decisions followed through.
Near-internal: regular presence, projects and teams closely guided.
What you get
Frequently asked questions
Your IT provider operates systems. The vCISO sets the risk strategy, policies and priorities — and is accountable to leadership. Complementary roles; we work well alongside your IT.
Yes — it exists precisely for teams that can’t justify a full-time CISO. The Essential format was designed for SMBs.
Senior, certified leadership (CISSP, CISM) with 27 years across enterprise, government and military environments — not a junior consultant with a checklist.
Yes. No auto-renewals, no hidden lock-ins — the scope is fixed in writing and reviewed with you.
Talk to us
A 15-minute call is enough to understand your context and propose the right format.
Talk to us — in 15 minutes you’ll know exactly what a vCISO would change in your company.
Request a proposal