© 2025 All rights reserved
Fractional CISO’s core business is catering to mid-market companies.
However, we get a handful of opportunities each year where the client is a large enterprise.
They often want us to take over their security program because…
These opportunities often need to be acted on in days.
Wow, that sounds like there are only a small number of people who might qualify!
Right.
What about industry specific knowledge?
Obviously that is valuable. In our experience, the above criteria trumps other considerations.
Our Enterprise CISO’s bill hourly. Typically, we agree to a range of hours for a given week. Often 10 – 20 hours.
The Enterprise CISO will work remotely, but we have found that it makes sense for the CISO to visit the in-person for approximately three days, two or three times in the beginning of the engagement. The visits helps to cement the relationship between the CISO and the client. The rest of the work is remote unless otherwise specified.
In addition, we provide a skilled cybersecurity analyst that will assist the CISO remotely to provide a number of services that, we have found, CISOs don’t necessarily like doing themselves. Additionally, the analyst will be a catalyst for interactions with Fractional CISO corporate for whatever cybersecurity stuff the CISO might need. Example services that the cybersecurity analyst might provide are the following:
The analyst also has access to Fractional CISO’s library of templates and can facilitate further help from other Fractional CISO team members who have expertise in a variety of fields.
Additionally, the CISO will be given an administrative point of contact with Fractional CISO that can solve administrative problems such as time sheet issues. (Although our time sheet process seems to be really smooth! We rarely, if ever, get complaints.)
Fractional CISO hires the CISO as a 1099 contractor.
We pay the CISO through our payroll system, which can pay contractors. Payments follow our payroll cycle which is every two weeks. The CISO needs to make sure that his/her hours are entered correctly.
The CISO is responsible for his/her taxes.
From our perspective, yes! If you can meet your obligations to our client, and your current employer does not bar you from moonlighting.
We do our best to get a market rate from the client.
The CISO typically gets roughly 2/3rds of the fee with Fractional CISO getting the rest. Sometimes, this is below what the CISO would like. That is the way it works though. Our team provides the CISO assistance. We have expenses too!
If you do a great job then yes! We have brought multiple projects to the same CISOs in the past, though we can’t make promises about availability of future work.
No, you don’t have to be. Yes, you can be. It is up to you.
In our initial conversations we will speak generally about the opportunity, but will not share identifying details about the client.
This is because our enterprise clients are often in the middle of an incident, or are in the process of letting their existing CISO go. We want to make sure that the candidate is through a significant portion of the interview process before we share these types of confidential details.
No, CISOs don’t typically have an issue with the agreement. You are welcome to have your attorney review it.
Our interview process generally goes something like this, although the order and the required steps sometimes change slightly.
© 2025 All rights reserved
Only 1/3 of cyber insurance policies actually pay out in incidents. Most companies have cyber insurance policies that insure too little, or too much, and have absurdly low caps and silly exclusions.
To learn more about cyber insurance and determine if you have the right coverage for you, join us for a free vCISO Office Hours session on Tuesday, April 18 at 1 p.m. eastern time. Bring your questions!
Getting ready for your first SOC 2? This eBook is full of actionable advice to help you prepare for and succeed in your first SOC 2 audit.
Learn: