Fractional CISO and vCISO advisory.
Senior security leadership without a full-time hire. Two engagement levels depending on how much coverage you need. Recurring monthly, scoped to your stage.
You need a CISO. You don't need one full-time.
Most startups and growth-stage companies hit a point where security decisions need to be made by someone with real experience: a board meeting, an enterprise customer's security review, a fundraising diligence process. A junior IT person can't handle it. A full-time CISO costs $300K or more. Neither option fits.
A fractional CISO gives you someone in that seat at a fraction of the cost. The work is real. The guidance is senior. The engagement scales as you grow.
Two tiers. Pick the one that fits your current stage.
Practical ongoing guidance.
Roughly six to eight hours per month. Good for early-stage companies that need a senior voice without heavy program ownership.
- Two strategy calls per month
- Risk prioritization and roadmap updates
- Policy and process guidance
- Security questionnaire and vendor review support
- Email access during business hours
- Monthly executive summary
Deeper program ownership.
Twelve to sixteen hours per month. For companies with active compliance obligations, board reporting, or incident exposure.
- Everything in Fractional CISO Lite
- Weekly or biweekly meetings
- Incident guidance and response support
- Board and leadership reporting support
- Security documentation review
- Coordination with IT, MSP, engineering, and compliance teams
Good fit for these situations.
- Startups scaling into enterprise sales who need someone in the CISO seat
- VC-backed companies facing investor scrutiny on security posture
- Growth-stage teams managing compliance obligations without a security hire
- Companies preparing for SOC 2, ISO 27001, or similar audits
- Founding teams that want security built in from the start, not bolted on later
Getting started is straightforward.
Intro call
Thirty minutes to talk through where you are, what you need, and which tier makes sense.
Initial posture review
First engagement is a short review of your current security state. Sets the baseline for the ongoing work.
Engagement kickoff
Agree on the cadence, communication norms, and priority areas. You know what to expect, and when.
Ongoing monthly work
Strategy calls, risk roadmap, documentation, questionnaire support, and whatever the month brings.
Ready to put someone in the CISO seat?
Book an intro call and we will figure out which tier fits where you are right now.