About Us

Our background

We started Fractional CISO with the idea that “every company need this!” Rob worked at several SaaS / IoT companies where he was in charge of “the” or “a” cybersecurity program in addition to his other duties. “Why don’t I do this for EVERY medium sized company?” In June 2017, Rob pulled the trigger, quit his job and Fractional CISO was born. Two months later, Fractional CISO had a couple of clients and we were on a path to helping lots of clients!

Now we have four full-time employees assisting many medium-sized SaaS, finance, life science and manufacturing companies.

Our mission

We enable our clients’ sales, reduce their risk and help them comply with cybersecurity standards by providing expert cybersecurity advice.

What problem we solve

Are your large customers and prospects demanding that you improve your cybersecurity program? Many of our clients are in the same boat! We assess your organization, build a plan and help you execute toward the plan.

Do we solve other cybersecurity problems? Of course. Enabling sales, however, is the number one reason why clients sign with us.

What we do

Fractional CISO helps organizations successfully complete and maintain various standards, certifications and attestations such as SOC 2, ISO 27001, ISO 27017, HIPAA, NIST 800-171, NIST 800-53, CIS Controls, Privacy Shield, PCI DSS and many others.

Fractional CISO establishes and maintains organizations’ cybersecurity program. The activities include technical and gap assessments, risk assessments, plans, policies, procedures, program and project management.

Many of our clients’ utilize AWS or Azure to host their solutions and products. We are often reviewing their access controls, backups, monitoring solutions and other technical controls to help them minimize their cybersecurity risk.

Our key differentiators

There are three areas that we differentiate ourselves from others in the marketplace.

  1. We develop tailored solutions to meet clients’ needs. We are not tied to any vendor. We engage clients with high value interactions.
  2. We are quantitative. We help our clients invest wisely based on their budget and risk tolerance.
  3. We have a team approach. Every project and client has at least two team members assigned. That gives our clients higher availability, broader skillsets, and the ability to deliver content in parallel.

What we don’t do

There are a bunch of things that we don’t do. That lets us focus on the stuff that we are really good at. We partner with several best of breed solutions to maximize client value. We do not participate in any hidden referral transactions for any of our clients.

Fractional CISO does not service government sector clients. We can make an excellent referral if you would like though.

Fractional CISO is not a Managed Service Provider (MSP). We work with many MSPs at our client’s organizations. If you need someone to maintain your computers, software and network, we can also make excellent referrals here.

Fractional CISO is not a pen tester. We work with some great ones though!

Fractional CISO is not an auditor. We work with various CPA / auditing firms for those companies that need an auditor. We have worked successfully with various auditors. We make referrals here all of the time.

Fractional CISO doesn’t work with tiny companies. If you have fewer than 10 employees, then we will probably not be a great fit. We know another Virtual CISO company that focuses here so feel free to ask for a referral.

Fractional CISO doesn’t work with huge companies. If you have more than 1,000 employees then we won’t be a great fit. Of course, we know someone that can help you here too!

Our blurb

Fractional CISO provides Virtual CISOs to organizations. Fractional CISO helps its customers reduce their cybersecurity risk. Fractional CISO’s Virtual CISOs establish and maintain cybersecurity programs at its clients. The Virtual CISOs perform gap assessments, risk assessments and mange compliance. They establish policies and procedures and manage technical staff. Fractional CISO helps organizations make better cybersecurity decisions.