Managed Security Program
(vCISO)
Everything you need to jumpstart and maintain a CyberSecurity Program.
All for a fixed monthly cost.
No hiring. No Surprises.
Define
We help you define a risk profile and use it to build a security improvement roadmap
Implement
We guide your team through the implementation of your new security program roadmap
Manage
We provide ongoing security program monitoring and guidance
Improve
We provide ongoing leadership and strategy for continuos evolution of your program
Choose your optimal plan
Ideal for small startups
(Up to 25 employees)
Secure
-
Security Leadership
-
Security Management Framework
-
Program Management
-
Discounted Additional Services
-
Discounted Automated Compliance Platform (optional)
Ideal for growing startups
(25 - 50 employees)
Compliant
-
Security Leadership
-
Security Management Framework
-
SOC-2 Compliance Framework
-
Privacy Management Framework
-
Secure Development Program
-
Program Management
-
Implementation Support
-
Discounted Additional Services
-
Discounted Automated Compliance Platform (optional)
Ideal for established startups
(50+ employees)
Proactive
-
Security Leadership
-
Security Management Framework
-
SOC-2 Compliance Framework
-
Privacy Management Framework
-
Secure Development Program
-
Security Assurance Reviews
-
Incident Management Leadership
-
Program Management
-
Implementation Support
-
Discounted Additional Services
-
Discounted Automated Compliance Platform (optional)
Detailed Plan Comparison
Need something custom?
Our approach
1
Baseline.
Find out where you are now and what your capabilities are. We perform a baseline risk assessment of your current security posture.
2
Plan.
Define where you need to be and how to get there based on your unique business needs. We build a security roadmap tailored to your unique needs and capabilities.
3
Execute.
Implement a Security Architecture. We combine decades of experience, best of breed technologies and agile implementation methods to get you there faster.
4
Fine Tune.
Even the best architecture needs to be constantly refined and maintained. We provide Security and Privacy Advisory service to help you keep up with constant changes in the business, regulatory and technology threat landscape.
5
Monitor.
Good security and compliance require constant vigilance. We provide Partner Solutions to help you sleep well knowing your systems and data are being constantly monitored against ongoing threats.
6
Respond.
Breaches are inevitable. The key is to be ready to respond quickly and appropriately to minimize the financial, reputational and other negative impacts of a breach. We provide Incident Remediation support to help you manage incidents and get back up and running quickly.
-
What is a vCISO?A vCISO, also known as e-CISO or "fractional" CISO, is a Senior Cybersecurity Expert who will assume the role of Chief Information Security Officer (CISO) for your organization on part-time basis. This is increasingly an optimal alternative to hiring a full-time security leader for smaller organizations because finding and retaining cybersecurity experts is difficult and expensive.
-
Who would be our vCISO?Our vCISO consultants have 15+ years of experience in Cybersecurity and Privacy, and have worked for organizations of all sizes and in different industries. They hold the most prestigious certifications in the industry such as CISSP, CISM, CISA amongst others. In addition, when you hire us, you get not only an experienced vCISO, but you also gain access to a team of experts in different areas.
-
What are the "Client Security Questionnaires" packs?Most of your customers likely have questions about your security and privacy practices. Typically they will send you questionnaires to learn more about them. These questionnaires can be a big drag on your Sales and technical teams as they tend to be long and tedious. Our experts have developed tools and techniques through years of experience to get these questionnaires answered better and faster. Let us take away the pain of security questionnaires and focus on answering the business questions in RFPs. We know every customer will have different needs with regards to how many questionnaires they receive, so rather than building this service into our packages we have developed additional "packs" of 10 or 25 questionnaires that you can purchase as you need them.
-
How do you do knowledge transfer?Knowledge transfer is a critical component of our service. We understand that the goal is for your organization to eventually manage security on its own. For this reason, we use every report, every call and every interaction to educate and coach your team on Cybersecurity. We can even help solve the Cybersecurity skills gap by training a junior team member on your team who is interested and willing to get involved.
-
What is the "Sales Call Support" for?Occasionally you may have a client that requests to speak directly with your Security Lead. Our vCISO is more than happy to jump on those calls representing your organization and helping to close that deal.
-
What is the "Marketing Collateral" ?Most of your clients will be looking for basic information about your security practices before even calling your sales team. Our experience tells us that having the right Whitepaper or Security Portal in your website can do wonders to accelerate the security due-diligence process that is expected in today's B2B deals. We know how to build that marketing collateral to help your Sales team succeed.
-
What is the optional Compliance Platform?We have partnered with some of the best Automated Compliance platforms out there. If your budget allows for it, adding an Automated Compliance Platform to your package is the best way to organize all your Security and Compliance related artifacts, accelerate the process of achieving compliance as well as simplifying the audit process. Our partnerships can mean significant savings on the platform license cost for you.
-
What requirements do we need to provide?If you choose to add the Compliance Platform to your package, we can build the framework inside that platform. Otherwise, we will work with your Knowledge Management platform, which will be used to build all the required documentation for your Security and Privacy Frameworks. In addition, you likely already use a Ticketing system, which will also be needed to implement several of the security processes.
-
What is the setup fee for?We understand that as a startup is difficult to commit to a long-term contract. For this reason, all our plans have zero commitment. This means you can end your contract at any time. However, because our work is customized to your organization and setting up the framework takes significant effort, we charge a setup fee to offset the cost of setting up the framework should you decide not to continue after a few months (although we're sure you will stick with us because we do a great job!).
-
Are there discounts for annual commitments?If you do decide that making a 1-year commitment is something that you'd like to do (and we strongly recommend it given that building a robust security program takes time), then we're happy to give you a 50% discount on the setup fee, plus a 5% discount on the monthly fee.
-
What happens if I choose to end the service?No problem! Although we will be sad to see you go, you keep all the artifacts we've created for you. This will be available within your own Confluence/JIRA platform or within your own license of the Automated Compliance Platform (if you've chosen to take advantage of our discounted license).