AWS re:Invent 2019

Virtual CISO Services & Cybersecurity Strategy

Full time or fractional Chief Information Security Officer (CISO) with expertise capable of structuring and leading your most pressing security initiatives.


Addressing best practice security initiatives requires serious time from executives. The list is long; risk and compliance management, threat monitoring, intelligence, incident response and recovery plans, to name but a few. Given the prevalence of threats, none of these are optional.

Our seasoned Virtual CISO Services team can define and lead these initiatives for your organization, resulting in a comprehensive approach to cybersecurity.

Whether you need a complete IT security strategy, improved metrics to drive your security maturity, or a service-based security resource, our Virtual CISO and cybersecurity strategy experts can help.

Our holistic approach to strategy includes on-demand CISO services, governance, prevention, detection, response and program development.

Our full-time or fractional Virtual CISO consulting services can augment your cybersecurity function in the following ways:

  • Assessments to gauge your overall cybersecurity maturity and define priorities
  • Holistic cybersecurity strategy road-mapping, with playbooks designed to keep the likelihood of security incidents well within your business risk appetite
  • CISO advisory, mentoring and personal development planning
  • Timely and tailored guidance on the ever-evolving threat landscape your industry faces
  • Expert addressment of security staffing gaps while you search for a full-time CISO resource.

Understanding the Role of a VCISO

A Virtual Chief Information Security Officer is a cybersecurity professional who provides strategic guidance and oversight to an organization’s leadership and security posture. They operate as an extension of the organization, assessing risks, developing security policies, and implementing best practices.

Our VCISO offers valuable expertise without the need for a full-time, in-house CISO, making this advisory service an economical solution for businesses. With their deep knowledge and experience, our VCISOs provide strategic direction, ensure compliance with regulations, and lead incident response efforts, ultimately safeguarding an organization’s critical assets and minimizing cyber risks.


The Benefits of Engaging VCISO Services

Navigating the ever-evolving cybersecurity landscape can be daunting, especially for organizations facing disruption or lacking dedicated in-house expertise. A Virtual CISO offers a comprehensive solution, providing top-tier security leadership and strategic guidance tailored to your specific needs.

Here are some of the key benefits of leveraging a VCISO:

The expertise and experience brought in by a VCISO on a part to full-time basis

The cost-effectiveness of hiring a VCISO as a strategic adviser and partner

The flexibility and scalability offered by virtual and fractional CISO as a service

The objective perspective that an external VCISO can provide to your company

The ability to focus on core operations and competencies while outsourcing cybersecurity strategy to a Virtual CISO

The expanded access to networks and resources available through VCISO services

Our Virtual CISO Services & Cybersecurity Strategy

Lean on our cybersecurity strategy experts capable of leading all your major security initiatives:

  • Strategy establishment, roadmap, and oversight
  • Cyber Maturity Assessment
  • Security incident response
  • Project, fractional, or full-time security advisory services

Cybersecurity Business Challenges

Cybersecurity is evolving into a distinct functional area of business, transcending its traditional IT roots to become an essential part of the framework for delivering business outcomes.

Our Virtual CISO Services will ensure your organization is prepared. Talk to an expert.

  • Board Responsibilities – Is your cyber function more than just an IT initiative? Are risks conveyed so proper decisions can be made?
  • IAM – Are you giving away the keys to your kingdom due to an immature access management program?
  • Cloud Security – Are you designed and configured securely for the cloud?
  • Industry Mandated Security Compliance – Are you aligned with your industry, peers, and regulatory bodies?
  • Vendor & 3rd Party Security Mandates – Who manages your cyber risk once it is transferred?
  • Business Resilience – Are you able to recover from an attack?
  • Cyber Risk Quantification – Do you have risk maps to quantify your risk profile and track progress?
  • Response Plans – Do you know how to respond to a security breach and is that response bullet proof?
  • Adequate Cyber Liability Insurance – Have you secured coverage, and can you attest that adequate controls are in place if you have a data breach?
  • Ongoing Penetration Testing – Is your approach keeping up with evolving threats and executed with appropriate frequency?

Our Cybersecurity Experience

certified security consultants
satisfied cybersecurity customers
specialized security certifications
cybersecurity projects delivered

How CISO as a Service Enhances Cybersecurity Strategy

Our virtual CISO and strategic advisory services help you put the structures in place to ensure a proper cybersecurity posture. We’ll create a comprehensive cybersecurity operating model that illustrates the capabilities and focus areas for your security function. It will define what your cyber team prioritizes, how they operate, and how the function is staffed and organized.


Virtual CISO Cybersecurity Framework - Centric Consulting


Our fractional CISO will tailor industry best practices to align with your business’ priorities and enact a framework that addresses cyber operating model points such as:

            • Security strategy
            • Vulnerability assessment framework
            • Intrusion analysis for threat modeling
            • Security risk management
            • Business process and data lifecycle security controls
            • External compliance
            • Incident response playbook
            • Disaster recovery planning

Meet The Cybersecurity Team

Our experienced Cybersecurity team is ready to help on your next project​. Let our highly certified senior professionals become your team – we work with you not for you.

David Lefever - Centric Consulting

David Lefever

Cybersecurity Service Offering Lead

Matt Kipp

Director of IT Risk

Shane O’Donnell

Vice President of Cybersecurity

Brandyn Fisher

V-CISO Capability Lead, Senior Penetration Tester

Ready to defend against data breaches and reputational damage? Our experts can help.


VCISO: Increasing Compliance for a Major Religious Organization

A well-known church and publishing society had been searching for an onsite CISO for some time. With no fruit to show for their efforts, we were brought in to help solve for their strict hiring requirements and the considerable costs of hiring full-time talent.

As a fully remote, on-demand CISO, we provide strategic guidance on the church’s information security program. Together, we’ve stood up a Vulnerability Management Program (VMP), implemented Intrusion Detection and Prevention Software (IDPS), developed a Security Awareness Program (SAP), and ensured full regulatory compliance with PCI, HIPAA, and COPPA.

Our client has already seen a 10% reduction in costs due to enhanced vendor scrutiny, while also enjoying the low cost and high flexibility that our Virtual CISO provides.


Contact us to learn how our Virtual CISO Services can help fortify your organization

Understanding and Reducing Risk

Cybersecurity is not about perfection. It’s about managing risk. We can’t eliminate all risk, but we can reduce it to an acceptable level. The key is to understand our risks, prioritize them, and take steps to mitigate them.

Brandyn Fisher, V-CISO Capability Lead, Senior Penetration Testing Technical Lead, Centric Consulting


The Risks of User Access Complacency

As a leader, why should you care about the details of user access reviews?

Because if you can’t answer who has access to what, for every critical system, database, and device throughout your company, then your assets may be vulnerable

Learn how to conduct proper and consistent user access reviews in our whitepaper, The Risks of User Access Complacency: Common Problems with Access Programs and How to Resolve Them”.


Our Virtual CISO FAQs

Get answers to common queries about our Virtual Chief Information Security Officer (VCISO) offerings. Our FAQs cover the benefits of engaging a VCISO, their roles and responsibilities, compliance and governance expertise, engagement models, and how our Virtual CISO services can help mitigate cyber risks cost-effectively for organizations of all sizes.

What is a Virtual CISO?
A Virtual Chief Information Security Officer is a cybersecurity professional who can provide strategic guidance and oversight to your leadership and security posture. Our VCISO operates as an extension of your organization, assessing risks, developing security policies, and implementing best practices.
What does a Virtual CISO do?
A VCISO offers valuable expertise without the need for a full-time, in-house CISO. With their deep knowledge and experience, our Virtual CISOs provide strategic direction, ensure compliance with regulations, and lead incident response efforts, ultimately safeguarding an organization’s critical assets and minimizing cyber risks.
What services can a VCISO provide?
An experienced virtual or on demand CISOs provides comprehensive cybersecurity strategy tailored to your organization. Services include c-suite advisory, governance, risk, and compliance (GRC) strategy, cyber resilience and attack recovery, M&A due diligence, risk management and mitigation, and cyber liability insurance consulting.
What are the benefits of a Virtual CISO Service?
A Virtual CISO provides cost-effective, flexible access to top cybersecurity expertise on a part-time or project basis, enabling organizations to focus on core operations while benefiting from an objective, strategic security partner. As an economical alternative to a full-time hire, a fractional CISO offers scalable advisory services tailored to evolving business needs.
How do I know if using a VCISO service is appropriate for my organization?
A Virtual CISO could be beneficial for your organization if you lack in-house cybersecurity expertise or resources to address critical security areas. An on demand CISO provides strategic guidance, risk assessment, business resilience and response plans, and policy development – all without the overhead of a full-time employee. Carefully evaluate your organization’s specific needs and the fractional CISO’s capabilities to ensure a good fit.
How much does a Virtual CISO service cost?
A Virtual CISO’s cost is flexible and can be tailored to your organization’s specific requirements. Rather than committing to a full-time, in-house CISO, you define the scope of an on demand CISO engagement based on your needs, whether it’s full-time, part-time, fractional, or project based. This scalability allows you to access top-tier cybersecurity expertise in a cost-effective manner, ensuring that you pay only for the exact level of expertise and time commitment you require.
What type of expertise should I look for in a potential VCISO?
When looking for CISO as a service, prioritize expertise in areas such as cybersecurity strategy development, risk management frameworks, and your industry’s compliance requirements. Hands-on expertise in building cyber operating models and implementing security controls is crucial for managing your organization’s security function. Make sure the VCISO you engage has specialized security certifications and the relevant project experience to back them up.

Defend your data and reputation. Our Cybersecurity team can help address your security concerns.