Virtual CISO Services for SMBs

The virtual CISO market has exploded over the past several years, and for good reason - it helps to solve a problem. Small and midsized businesses need the risk management experience of information security executives, but not necessarily full time. However, with this growth has come dilution.

Many Managed Security Service Providers (MSSPs) and other organizations offer virtual CISO services devoid of actual CISO and/or risk management experience. Instead, they provide an IT Security Director-type resource and/or attempt to automate much of the process. The client gets technical expertise but not true risk management experience to build a sustainable, effective information security risk management program.

All our engagements are lead by a virtual CISO with years of actual information security executive risk management experience. All of our client resources (virtual CISOs and risk analysts) participate in many information security professional group such as ISC2, ISSA, and Infragard. Several, including the founder, are military veterans.

Our approach is to assign a team to all client engagements. This provides bench depth as well as additional experience. Team members are not rotated; the client establishes and maintains a relationship with the same resources.

Finally, and most importantly, unlike MSSPs which offer a variety of services, we focus only on providing quality virtual CISO services. In terms of a defense model, we operate solely in the second line of defense (risk management). We limit our offerings to focus on our core competency while maintaining true independence.

The bottom line- we exist to make a difference. Our greatest success is when we lose a client because we have helped build their security program to a point where they can continue with in-house resources.