The Fractional CISO Mission
Our team helps business leaders manage risk and grow their companies by providing tailored cybersecurity programs.
Rob Black was working at SaaS and IoT companies before the terms became common knowledge. While his title was usually some combination of the words “Senior Director Product Platform Manager,” he was always responsible for the cybersecurity program too.
After seeing that every company had a need for cybersecurity leadership, Rob figured “Why don’t I do this for EVERY midsize company? They all need this!”
In June 2017, Rob pulled the trigger. He quit his job and Fractional CISO was born.
Two months later, Fractional CISO had a few clients and was on the path to helping many more.
Many midsize companies begin to hit a sales plateau when they struggle signing large prospects. Large clients have large cybersecurity demands, and will require their vendors have attestations or accreditations in place – or at least a plan to get them – before signing the dotted line.
We’ve helped organizations earn their AICPA SOC 2, ISO 27001, PCI DSS, HIPAA, and many other cybersecurity compliance certifications.
When you sign with Fractional CISO, you aren’t just getting a consultant. We give your organization a two-person cybersecurity team composed of an experienced vCISO and a skilled Cybersecurity Analyst.
Your Fractional CISO cybersecurity team gives you a broader set of cybersecurity skills and perspectives. It also gives you increased coverage and support. You aren’t left out to dry just because your cybersecurity consultant is on vacation for the week. Someone will always be able to help you.
We firmly believe that there is no one-size fits all solution to cybersecurity.
We customize our services to fit each and every client. Your cybersecurity program will be hand-crafted for your organization’s unique needs.
We don’t have any hidden paid partnerships with other vendors or tools of our own to sell. We will only recommend tools that fit the specific needs of your organization’s security program. No extraneous software, no hidden referrals, get only what you need.
We take a quantitative approach to cybersecurity. Cybersecurity programs can be costly both in time and money, and not every cybersecurity control available is a wise investment.
We carefully analyze your risk profile and compliance goals to make recommendations that will maximize the efficiency and effectiveness of your cybersecurity spending.
A CISO is a Chief Information Security Officer. This high-level executive provides cybersecurity leadership to an organization.
A Fractional CISO (more commonly referred to as a Virtual CISO) provides their skills to companies in need on a part-time basis as a consultant.
We usually serve companies that have between 11 and 1,000 employees. Sometimes we serve departments or subunits of larger organizations. If you have a small or very large company outside of that range, we probably won’t be a good fit.
That said, we would be happy to refer you to a Virtual CISO more specialized to serve your organizations.
We do not serve government organizations. Again, we would be happy to refer you to a Virtual CISO more suited to working with your organization!
We price our services based on the size of the business we are working with, the scope of the projects we are undertaking, and the complexity of the company’s IT infrastructure.
No, we use fixed-price contracts. We believe this approach improves the consultant-client relationship and allows us to do a better job improving your security.
Rob’s deeper reasoning on this can be read at this blog post.
No, we are none of the above. We have worked with several different auditors, pen testers, and managed service providers (MSPs) over the years though. If your organization needs one or all of these services, we will refer you to the vendor that we believe best fits your needs.
We do not receive kickbacks or commissions when we make these recommendations.