Virtual CISO services

  • Home
  • »
  • Virtual CISO services

Flexible service models tailored to your needs


Many of our mid-tier clients find that the traditional consulting model doesn’t work for them and is not delivering the sustainable capability improvement they require. To help you rapidly build and maintain your cyber capability, we provide the option of different service models which are flexible and tailored to your needs.  Every organisation is unique and has its own cybersecurity risk profile and requirements.  Our service model can be tailored to your specific needs, based on an initial maturity assessment and threat and risk assessment. 

Project based (traditional consulting model)

Professional consulting services on a project by project basis

vCISO-on-demand

A part time CISO providing coaching, advice and support

vCISO-as-a-Service

A dedicated part time CISO who becomes part of your management team

Co-sourced or outsourced 

Outsource part or all of the management of your security program and function

Indicative services in each vCISO service


Specialist cyber services packaged into a cost-effective and sustainable service model

The table below  provides an example of the types of services provided under each service model. The services are indicative and will be tailored to meet your needs.

Service 

model

vCISO-on-demand

vCISO-as-a-Service

Outsourced 

vCISO

Description

A part time CISO providing coaching, advice and support

A dedicated part time CISO who becomes part of your management team

Outsource the full management of your security program and function

Assess your  cyber risk and capability

Current state maturity assessment

Cyber threat and risk assessment

Regulatory compliance

Technical security assessments

Optional

Optional

Optional

Define your cyber strategy

Cyber security strategy and roadmap

Capability development plan

Optional

Business case and budget

Optional

Build your cyber resilience capability

Cyber governance, risk and compliance framework

Develop

Manage

Manage

Cyber program management

Optional

Optional

Sourcing of cyber services

Optional

Optional

Optional

Sourcing of cyber security people and skills

Optional

Optional

Optional

Manage your cyber risk posture

Executive and board reporting

Regular

Regular

Regular

Strategic advice and coaching, participation in management meetings

Online

Regular

Regular

Oversight of security program

On request

Risk assessment and remediation plans

Information security policy framework

Develop

Manage

Manage

Security culture and awareness

On request

Oversight

Manage

Vulnerability assessment & penetration testing

On request

Regular

Ongoing program

Third party risk management

On request

Regular

Ongoing program

Incident response planning

On request

Regular

Ongoing program

Executive support for incident management

On request

Defined role

Lead role

Coaching and mentoring of security staff

If required

What are the benefits of a virtual CISO service model? 


  • Flexibility – vCISO services can be tailored to complement your in-house capabilities with specialist skills in specific areas where you may not have the skills or capabilities available full time.
  • Scalability – the service can be scaled up or down with your workload and demand, for example you may want to ramp up the service when you are kicking off a new program, and then scale down again when returning to business-as-usual operations.
  • Responsiveness – having a vCISO on demand means you can get access to specialist skills or assistance at short notice when you need it.
  • Cost effective – the cost of a vCISO service is typically a fraction of what it would cost to have a full time CISO.
  • Objectivity balanced with inside knowledge – a long term relationship with a vCISO often provides the right balance between the knowledge of an insider with the objective perspective of an external adviser. 
  • Continuity – on average CISO roles turn over every 2 years. A vCISO service from an organisation with a number of experienced specialists as backup for each other means no staff turnover or periods when you have no CISO capability on board. 
  • Access to a range of expertise – every CISO comes with their own unique background and experience. A vCISO service can provide you access to multiple different skillsets for less than the cost of an individual CISO.
  • Proven methodology – a leading vCISO service is typically based on proven methodologies and approaches to ensure the effectiveness and efficiency of the service, not just “body shopping” of experienced people.

CONTACT US TODAY TO SCHEDULE YOUR FREE CYBER SECURITY STRATEGY WORKSHOP