Rob Black, CISSP is the Boston Virtual CISO (vCISO) who has improved many organizations’ cybersecurity. He has been the Interim CISO for a well known University in the Boston suburbs. He designed the cybersecurity strategy for a high growth SaaS company. Rob provided risk assessments to a multi-billion dollar financial services firm. He has improved the product security of many high tech firms. Rob has assisted multiple companies with their SOC 2 and other audits. Rob’s bio is here and highlights of his publication and speaking engagements are here.

As the Managing Principal of Fractional CISO, Rob oversees all client services. He personally provides Virtual CISO services to Fractional CISO clients. Rob provides varying levels of service to different organizations depending on their needs. Fractional CISO offers packaged cybersecurity services. It also has a more free formed offering to meet the complex needs of different organizations.

Our Boston Virtual CISO services have several differences from other providers resulting in a high quality, cost effective solution. One common theme you will note is our flexibility which allows us to tailor the solution exactly to client need.

• Highly customized Boston vCISO services that allow customer to get exactly what needed.
• Flexibility to accommodate differing needs.
• Use of quantitative risk analysis to most cost effectively leverage cybersecurity spending.
• Use of cybersecurity analyst to bring costs down for client. Cybersecurity analyst can perform tasks that do not require senior leadership such as policy editing, research or certain technical tasks. We pass the cost savings onto our clients.
• Flexible cybersecurity training depending on client needs. In many cases, a third-party product can deliver cybersecurity training more cost effectively. We will recommend you use the third-party product if you don’t have customized cybersecurity training needs.
• Strong application security, supply chain and IoT security understanding.

A typical Boston Virtual CISO engagement consists of the following:

• Gap assessment of an organization’s cybersecurity needs
• Risk assessment evaluating where the greatest cybersecurity threats are to an organization.
• Cybersecurity plan
• Cybersecurity program
• Update and/or creation of cybersecurity policies and procedures including incident response
• Cybersecurity training plan
• Vendor cybersecurity management
• Managing cybersecurity projects
• Driving cybersecurity decision making
• Building and executing audit and compliance strategy
• Presenting cybersecurity dashboard to executive management and board.

• Vulnerability Management Program
• Breach program management

A Boston Virtual CISO can help you throughout the entire security lifecycle of your product. Part of the lifecycle includes vulnerability introduction prevention. We can also help you find vulnerabilities not caught via penetration testing. Our Boston vCISO services can include the following product security capabilities:

• Threat modeling
• Secure Software Design Review
• Secure Network Design Review
• Secure Implementation Review
• Third Party Software Recommendations
• Secure Code Review
• Security Testing Review

• Expert security discussions with your customers (including the option of company badged information security consultants)
• Request for Proposal (RFP) / Request for Information (RFI) answers for security questions
• Security clause contract drafting and review (in conjunction with your legal team)
• Security messaging documents and white papers for your business

Next steps

Give us a call at Fractional CISO today to help you with your Boston Virtual CISO needs. We can be reached at (617) 658-3276 or email [email protected] to find out how we can assist you.