Virtual CISO Services

Too small to have a full-time CISO (Chief Information Security Officer)?  Most of our clients are not yet at a scale where it makes sense to hire a full-time employee for that role.  But, what do you do when you have a strategy-level infosec matter that arises, where you need much more than an entry-level IT staffer?  We introduced our Virtual CISO Service for precisely this reason.

Examples of Typical Virtual CISO Interactions

  • Managed IT Provider Interactions: assisting with selection and evaluation, transition, or termination.  We’re glad to speak with prospective Managed IT providers to help you evaluate the extent to which their processes and practices are suitable for maintaining a strong cyber perimeter — for example, their practices related to installing agents/RMMs, their password handling processes, the
  • Enterprise Security Questionnaire Intermediation:  when you receive an enterprise security questionnaire that contains verbiage or terminology you are unfamiliar with, we’re pleased to review and help you frame a response.
  • Custom Infosec Policy Reviews:  if you have crafted custom policies that are not based on our recommended templates, we are available to review your drafts and provide feedback regarding the extent to which your proposed policies reflect modern best-practices.
  • Penetration Test Remediation:  If a penetration test that we have completed on your behalf contains results that you are unsure how to remediate, we’re pleased to advise you about the typical resolution strategies for the vulnerabilities cited in our reports.
  • Web Design Liaison Interactions:  Some of our clients outsource the design and development of their website to a 3rd party, but have no internal technical staff to evaluate the security ramifications of the completed site.  Our virtual CISO service is available for evaluating the proposed hosting services, certificate configuration, vulnerability scan results, and more.
  • High-Level Incident Response Opinions:  Should you find that your organization has become the target of a cyberattack, your Virtual CISO is available to discuss a strategic plan to best contain and remediate the incident.

These and many other tailored/customized interactions are a great fit for our Virtual CISO Services.  Interested?  We’re standing by to discuss your particular needs.