Menu
Close
Our team helps business leaders manage risk and grow their companies by providing tailored cybersecurity programs.
Fractional CISO is a cybersecurity consulting firm specializing in Virtual CISO services, compliance leadership (SOC 2, ISO 27001, etc.), and risk management for mid-sized companies.
Rob Black was working at SaaS and IoT companies before the terms became common knowledge. While he worked on the product side, he was always responsible for the cybersecurity program, too.
After seeing that every company had a need for cybersecurity leadership, Rob figured “Why don’t I do this for EVERY midsize company? They all need this!”
In June 2017, Rob pulled the trigger. He quit his job and Fractional CISO was born.
Two months later, Fractional CISO had a few clients and was on the path to helping many more.
Today, Fractional CISO provides Virtual CISO cybersecurity and compliance services to midsize organizations, along with interim CISO services to large enterprises.
Many midsize companies begin to hit a sales plateau when they struggle signing large prospects. Large clients have large cybersecurity demands, and will require their vendors have attestations or accreditations in place – or at least a plan to get them – before signing the dotted line.
We assess your organization, craft a plan tailored specifically to your organization’s needs, and help you execute it to meet your compliance and risk tolerance goals.
We’ve helped organizations earn their AICPA SOC 2, ISO 27001, PCI DSS, HIPAA, and many other cybersecurity compliance certifications.
With Fractional CISO, you aren’t just hiring a consultant. You’re adding a highly accessible U.S.-based cybersecurity team consisting of an experienced Virtual CISO and a skilled cybersecurity analyst to your organization.
Most cybersecurity and IT consultants collect commissions or finder’s fees when they recommend certain tools or partner businesses to their clients. We only recommend the tools that are right for your business and take no kickbacks, ever.
No two businesses are built the same. Would cookie-cutter guidance be enough for you? We quantify the cyber risks facing your business and integrate them with your goals to build a custom GRC program uniquely designed for your long-term success.
A CISO is a Chief Information Security Officer. This high-level executive provides cybersecurity leadership to an organization.
A Fractional CISO (more commonly referred to as a Virtual CISO) provides their skills to companies in need on a part-time basis as a consultant.
We usually serve companies that have between 11 and 1,000 employees. Sometimes we serve departments or subunits of larger organizations. If you have a small or very large company outside of that range, we probably won’t be a good fit.
That said, we would be happy to refer you to a Virtual CISO more specialized to serve your organizations.
We do not serve government organizations. Again, we would be happy to refer you to a Virtual CISO more suited to working with your organization!
We price our services based on the size of the business we are working with, the scope of the projects we are undertaking, and the complexity of the company’s IT infrastructure.
No, we use fixed-price contracts. We believe this approach improves the consultant-client relationship and allows us to do a better job improving your security.
Rob’s deeper reasoning on this can be read at this blog post.
No, we are none of the above. We have worked with several different auditors, pen testers, and managed service providers (MSPs) over the years though. If your organization needs one or all of these services, we will refer you to the vendor that we believe best fits your needs.
We do not receive kickbacks or commissions when we make these recommendations.
Only 1/3 of cyber insurance policies actually pay out in incidents. Most companies have cyber insurance policies that insure too little, or too much, and have absurdly low caps and silly exclusions.
To learn more about cyber insurance and determine if you have the right coverage for you, join us for a free vCISO Office Hours session on Tuesday, April 18 at 1 p.m. eastern time. Bring your questions!
Getting ready for your first SOC 2? This eBook is full of actionable advice to help you prepare for and succeed in your first SOC 2 audit.
Learn: