Our vCISO program is available in multiple levels to suit your needs:

- vCISO Light: For small businesses with low but steady vCISO service requirements, including assistance with customer and partner self-assessments, information security policy design and management, annual security training and risk assessment.

- vCISO Intermediate: For small and midsize businesses requiring more complex vCISO services. Includes all the features of vCISO Light plus an annual audit, compliance with regulations and standards; annual IT security assessment. 

- vCISO Standard: For midsized complex businesses with over 300 employees that require the features of a vCISO Intermediate level but at a greater volume. Includes an annual information security risk assessment.

- vCISO Advanced: For midsized businesses requiring vCISO services beyond the Standard level.

Prices vary depending on industry and engagement goals. We also offer personalized project-based engagements. 

If you don’t see what you are looking for, ask us.

Information Security Program / Policy Creation and Implementation:

A security policy is the core of an organization’s information security program. Your vCISO will design policies and standards to match your organization’s needs and culture.

Compliance With Regulations and Standards:

Whether PCI, DISA STIG, NIST, HIPAA, GDPR, CCPA, or another regulation or standard, our vCISOs can help your organization achieve information security compliance.

Information Security Risk Assessment:

Information security is risk management. Risks must be identified, assessed and prioritized. This will help you efficiently apply resources for mitigation. A Security Risk Assessment is a tool for managing and communicating risks to executive management and the Board of Directors. Without a solid Risk Assessment, executives will not have a clear understanding of the information security risks they are ultimately responsible for, and staff have no direction on the risks to address. A vCISO will create and manage a complete and sustainable risk assessment process.

GDPR/CCPA Readiness Assessment:

If you have customer data of European Union Citizens, then you are probably concerned about how the General Data Protection Regulation could effect you. A vCISO can analyze your information flows and provide an assessment of your organization to comply with the GDPR as well as the new California Customer Protection Act (CCPA).

IT Security Assessments:

Does your firewall ruleset make sense? Are you taking full advantage of the security tools you already have in place? Our experienced vCISOs provide an independent review of software and hardware configurations to verify IT controls or recommend changes, all while not impeding business operations. Why do you need an independent review

Disaster Recovery /Business Continuity:

Sometimes, bad things happen. Systems fail. Operators fail. Your business needs to survive unintended events. Let one of our vCISOs work with you to create meaningful a meaningful DR and conduct effective exercises to ensure continuity of operations, whatever the cause for the interruption.


People will always be the weakest link in security. Our vCISOs provide and manage online training to further your organization's information security awareness, reducing the risk of an information security incident caused by human error. 

Network Vulnerability Assessments and Web Application Scans:

Testing is the first step. Knowing what to prioritize in remediation and what compensating controls may work better than rectifying the primary control gap can save time and cost and add efficiency while increasing security posture. 

Penetration Testing:

A highly skilled penetration tester will attempt to discover and exploit vulnerabilities and a vCISO will work with your team to understand and address gaps.

Data Mapping:

Where is your data? How is it protected? A data mapping exercise led by a vCISO skilled in privacy concerns will answer these questions and reveal gaps in controls - and is required for GDPR.