What is a Virtual CISO (vCISO)?

A vCISO is an outside senior security expert who, in alignment with the company's strategies and objectives, leads the information security program at a company.

The vCISO works alongside existing IT and security teams with the goal of improving the confidentiality, integrity, and availability of services and data supporting business operations.  The vCISO collaborates with and influences other business units as necessary to improve the information security posture of the business.

As a function of leading the information security program in the business, the vCISO assesses risks, updates policies, develops plans, and develops programs in order to align security with the dynamic threats and the dynamic nature of the business.

Depending on the company's org chart, the vCISO may answer to the Board of Directors, the CEO, the CTO, or the COO.  Sometimes, the CISO even reports to the CFO due to the risk avoidance nature of the CISO.  The CISO should not report to the CIO, since the CISO should be holding the CIO accountable and may have opposing objectives.

Cybersecurity is about iterative improvement.

The threat landscape is changing.  There are new vulnerabilities, new threat actors, and new threats every day.  Your business is evolving, with new compliance requirements, new people, new technology, and new risks.

In order to address this dynamic situation, the cybersecurity of your business, there must be continuous improvement, continual striving toward maturity, and continual buy-in from the top of your company.

A vCISO serves that role:  driving cybersecurity forward in your organization.



vCISO: Cyber Informed

$5,500.00 / month

vCISO: Cyber Maturity

$10,995.00 / month

Security vs. functionality

The most secure systems are turned off and unplugged.  We are seeking a level of security that we call usable security.  Implementing security is not an easy job.  Your business has requirements and priorities that your vCISO will focus on while reducing your risk as much as possible.

Every piece of technology that your business add, and every additional functionality and usability you add (apps for customers to place orders, apps for employees to have remote access, etc.) adds risks and vulnerabilities to your system.

For this reason, the goals of the CIO usually oppose the goals of the CISO.  The CIO is often expected to innovate the business, driving digital transformation, and pushing boundaries.  The role of the CISO is to reduce risk to the business.

Unlike many security professionals, Tensile Advisors will take the time to understand your business needs and align ourselves with your strategy, your objectives, and your team.

In order to be effective in securing your organization, we know that we need to enable progress and build relationships with your operational teams and executives.  It supports our mission to be seen as a business driver.

vCISO Packages

ServicesCyber Informed
Cyber Maturity
Risk AssessmentQuarterly
Vulnerability AssessmentQuarterly
Security Architecture ReviewQuarterly
Gap AnalysisQuarterly
Controls Mapping for ComplianceLead, Execute, AdviseOngoing
Strategy & Planning
Top-Level Cybersecurity StrategyCreate, UpdateOngoing
Information Security ProgramCreate, UpdateOngoing
Information Security Steering CommitteeCreate, LeadOngoing
Incident Response PlanCreate, UpdateOngoing
Disaster Recovery PlanCreate, UpdateOngoing
Information Security PoliciesCreate, UpdateOngoing
Reports and Slides for ExecutivesCreate, UpdateQuarterly
Board PresentationCreate, PresentQuarterly or Annually
Vulnerability Management ProgramCreate, Lead, AdviseOngoing
Tabletop Exercises (Incident Response, Disaster Recovery)Create, Lead, AdviseSemi-Annually
Engagement with executive team, IT teams, and security teams.AdviseOngoing
Cyber Awareness Training and Phish Testing ProgramLead
Internal security teams or external MSSPs or MSPs.Recruit, Lead, AdviseOngoing
Gap Remediation PlanLead, AdviseOngoing
Third-Party Risk ManagementLead, AdviseOngoing
Gap Remediation ProjectLeadOngoing
This is a breakdown of vCISO services included in our Cyber Informed and Cyber Maturity vCISO packages. These are monthly packages intended for the ongoing improvement of your organization's security posture.