Specializing in vCISO Services

vCISO is what we do.  We are enabled with the right people, processes, and technology to serve you well, regardless of your company size.

Focused

Our vCISOs are dedicated to your business.  We are a part of your team, focused on driving success for you.  To us, success is reducing risk, improving threat response, and increasing resilience.  You have our complete attention, and are devoted to enabling your growth through usable information security.

Strategic

We identify your business needs and risks and create a strategic information security plan that is custom to your situation.  Aligning information security to your organizational strategy, vision, mission, and goals is a crucial part of security leadership.

Collaborative

Our vCISOs build strong ties across the business and across departmental boundaries in order to foster progress and cooperation in order to better secure the organization.  We are committed to building those relationships and earning trust across the company.

Experienced

Each of our vCISOs has at least 10 years of experience in cybersecurity leadership as well as business leadership, allowing us to bridge the gap between the IT and information security organization and the business.  Our experts come from cybersecurity firms, managed service providers, and corporate executive teams.

Certified

Our team has cybersecurity certifications ranging from ISACA Certified Information Security Manager (CISM) through CompTIA Advanced Security Practitioner (CASP+).  We also hold many other certifications through Microsoft Azure, Microsoft 365, Cisco, AWS, Okta, Veeam, and CompTIA.

NIST Cybersecurity Framework (CSF)

Tensile Advisors may map ISO 27001, HIPAA HITRUST, CMMC, PCI DSS, NERC, or other control sets, as required by your contractual and regulatory obligations.  Our vCISOs always lead with the NIST Cybersecurity Framework (NIST CSF) as our core framework.

Identify

Assessing your business risk depends on identifying your assets and assessing their vulnerabilities and current controls.  We are in a constant mode of identification and discovery.

Protect

After assessing your current assets and cyber posture, Tensile Advisors guides your company in implementing controls and protections appropriate to your unique situation.

NIST CSF Tiers

Detect

Implementing continuous monitoring systems, intrusion detection systems, outsourcing to an MSSP for managed detection and response (MDR), and even building a security operations center (SOC) to improve detection are all tactics that our vCISOs deploy.  Attack surface monitoring and dark web monitoring are approaches we use to enhance threat detection as well.

Respond

Analyzing, containing, and eradicating any attack is critical to your business.  Tensile Advisors vCISOs create an incident response plan, and may create (or recommend outsourcing) incident response team functions.  This plan is something that needs constant attention, as this needs to address new attacks and your changing business.

Recover

Resilience and ability to bounce back is core to your business continuity.  Resilience engineering and planning for disaster and cyber event recovery are led by our vCISOs.  Tensile Advisors leverages the MITRE Cyber Resiliency Framework, also known as NIST 800-160 vol 2, for resiliency strategy and planning.