The Fractional CISO Mission

Our team helps business leaders manage risk and grow their companies by providing tailored cybersecurity programs.
THE FOUNDER

Rob Black

Rob Black was working at SaaS and IoT companies before the terms became common knowledge. While his title was usually some combination of the words “Senior Director Product Platform Manager,” he was always responsible for the cybersecurity program too.

After seeing that every company had a need for cybersecurity leadership, Rob figured “Why don’t I do this for EVERY midsize company? They all need this!”

In June 2017, Rob pulled the trigger. He quit his job and Fractional CISO was born.

Two months later, Fractional CISO had a few clients and was on the path to helping many more.

What We Do

Many midsize companies begin to hit a sales plateau when they struggle signing large prospects. Large clients have large cybersecurity demands, and will require their vendors have attestations or accreditations in place – or at least a plan to get them – before signing the dotted line.

We provide tailored cybersecurity programs.

We assess your organization, craft a plan tailored specifically to your organization’s needs, and help you execute it to meet your compliance and risk tolerance goals.

We lead cybersecurity compliance efforts.

We’ve helped organizations earn their AICPA SOC 2, ISO 27001, PCI DSS, HIPAA, and many other cybersecurity compliance certifications.

Fractional CISO Difference

1Team Approach

When you sign with Fractional CISO, you aren’t just getting a consultant. We give your organization a two-person cybersecurity team composed of an experienced vCISO and a skilled Cybersecurity Analyst.

Your Fractional CISO cybersecurity team gives you a broader set of cybersecurity skills and perspectives. It also gives you increased coverage and support. You aren’t left out to dry just because your cybersecurity consultant is on vacation for the week. Someone will always be able to help you.

2Flexible

We firmly believe that there is no one-size fits all solution to cybersecurity.

We customize our services to fit each and every client. Your cybersecurity program will be hand-crafted for your organization’s unique needs. 

We don’t have any hidden paid partnerships with other vendors or tools of our own to sell. We will only recommend tools that fit the specific needs of your organization’s security program. No extraneous software, no hidden referrals, get only what you need.

3Quantitative

We take a quantitative approach to cybersecurity. Cybersecurity programs can be costly both in time and money, and not every cybersecurity control available is a wise investment.

We carefully analyze your risk profile and compliance goals to make recommendations that will maximize the efficiency and effectiveness of your cybersecurity spending.

Frequently Asked Questions

A CISO is a Chief Information Security Officer. This high-level executive provides cybersecurity leadership to an organization.

A Fractional CISO (more commonly referred to as a Virtual CISO) provides their skills to companies in need on a part-time basis as a consultant.

We usually serve companies that have between 11 and 1,000 employees. Sometimes we serve departments or subunits of larger organizations. If you have a small or very large company outside of that range, we probably won’t be a good fit.

That said, we would be happy to refer you to a Virtual CISO more specialized to serve your organizations.

We do not serve government organizations. Again, we would be happy to refer you to a Virtual CISO more suited to working with your organization!

We price our services based on the size of the business we are working with, the scope of the projects we are undertaking, and the complexity of the company’s IT infrastructure.

No, we use fixed-price contracts. We believe this approach improves the consultant-client relationship and allows us to do a better job improving your security.

Rob’s deeper reasoning on this can be read at this blog post.

No, we are none of the above. We have worked with several different auditors, pen testers, and managed service providers (MSPs) over the years though. If your organization needs one or all of these services, we will refer you to the vendor that we believe best fits your needs.

We do not receive kickbacks or commissions when we make these recommendations.

Better cybersecurity decisions for your organization

Want to learn more? Get in touch!
  • 👋 Hi, my name is
  • and I'd like to reduce my company's cybersecurity risk.
  • ✉️ Please email me at