Our role is to guide your infosc projects with our “been there, done that” CISO expertise from professionals that have worked for years in your specific industry or sector. If a vCISO Bundle is not your preferred method for working on your infosec roadmap we also offer the vCISO retainer. Our vCISO services can be secured for as little as one hour per month with a vCISO retainer subscription.

​

Why start with a retainer?

For many organizations, there is a regulatory requirement to have a named individual that is responsible for the overall strategic planning of the security roadmap. In other non-regulated industries and organizations, the requirement is being driven by cyber insurance providers. The retainer arrangement ensures that you have someone ready to go and already "papered" with your organization to step in when needed. This way the meter does not start running until you decide that you need to address a risk or incident.

​

Your TSA vCISO Retainer can be used for:

 

• Presentation at an all-hands meeting on current trends and discussion of recent attacks to identify lessons learned for your industry in general and your company in particular

• Join your leadership at a board of directors meeting to discuss your infosec roadmap, supporting the projects that you wish to be prioritized and funded for the next few quarters.

• Adhoc incident review and guidance on identifying the root cause and lessons learned on how to avoid a similar incident recurring in the near future.

• Mentoring of your infosec team and/or IT team to find ways to elevate the current security practice with a focus on tickets and automation of monitoring and incident response.

• Third-party risk portfolio analysis (a CHR for your primary service providers) and recommendations.

​​

If you have not engaged your retainer hours after 10 months, we can deliver a standards-based risk assessment (CIS Top Controls, NIST 800-171 or NIST CSF v2.0) to meet the needs for your cyber insurance policy or vendor/partner due diligence questionnaires and third-party risk.