About Us

Our background

Fractional CISO was founded to fill the gap for medium-sized companies that don’t have a CISO.

After working at multiple SaaS / IoT companies where he was in charge of the cybersecurity program in addition to his other duties, founder Rob Black figured, “Why don’t I do this for EVERY medium sized company? They all need this!”

In June 2017, Rob pulled the trigger, quit his job, and Fractional CISO was born.

Two months later, Fractional CISO had a few clients and was on a path to helping many more.

Today we have four full-time employees assisting many medium-sized SaaS, finance, consulting, life science and manufacturing companies.

Our mission

We enable our clients’ sales, reduce their risk and help them comply with cybersecurity standards by providing expert cybersecurity advice.

What problem we solve

Are your large customers and prospects demanding that you improve your cybersecurity program? Many of our clients are in the same boat.

We assess your organization, build a plan and help you execute toward the plan.

Do we solve other cybersecurity problems? Of course. Enabling sales, however, is the number one reason why clients sign with us.

What we do

Fractional CISO helps clients establish and maintain their cybersecurity program by providing technical and gap assessments, risk assessments, plans, policies, procedures, and program and project management. For clients using AWS, Azure or GCP to host their solutions and products, we review their access controls, backups, monitoring solutions and other technical controls to help them minimize their cybersecurity risk.

We also help organizations successfully complete and maintain various standards, certifications and attestations such as SOC 2, ISO 27001, ISO 27017, HIPAA, NIST 800-171, NIST 800-53, CIS Controls, Privacy Shield, PCI DSS and many others.

Our key differentiators

There are four factors that differentiate Fractional CISO from others in the marketplace:

  1. We develop tailored solutions to meet clients’ needs, as we are not tied to any vendor.
  2. We engage clients with high value interactions and partner with several best of breed solutions to maximize client value.
  3. We incorporate a quantitative approach by helping our clients invest wisely based on their budget and risk tolerance.
  4. We incorporate a team approach in which at least two team members are assigned to every project. Our clients gain higher availability, broader skillsets, and the ability to deliver content in parallel.

What we don’t do

Having a clear understanding of the services we don’t provide allows us to focus on the stuff that we’re really good at.

Here is a list of some things Fractional CISO does not do:

  • We do not participate in any hidden referral transactions for any of our clients.
  • We do not service government sector clients but can provide an excellent referral if you need one.
  • We are not a Managed Service Provider (MSP), but we work with many MSPs at our clients’ organizations. If you need someone to maintain your computers, software and network, we can also make excellent referrals here.
  • We are not a pen tester. We do work with some great ones, though!
  • We are not an auditor, but we work successfully with various CPA / auditing firms for companies that need an auditor and make referrals all the time.
  • We do not work with tiny companies. If you have fewer than 10 employees, we will probably not be a great fit. We know another Virtual CISO company that focuses on this market, so feel free to ask for a referral.
  • We do not work with huge companies. If you have more than 1,000 employees, we won’t be a great fit. Of course, we know someone that can help you here too!

Our blurb

Fractional CISO provides Virtual CISOs to organizations, helping its customers reduce their cybersecurity risk. Fractional CISO’s Virtual CISOs establish and maintain clients’ cybersecurity programs, policies and procedures, manage technical staff, perform gap and risk assessments, and manage compliance.

Fractional CISO helps organizations make better cybersecurity decisions.