Learn about our Virtual CISO Services

Flexible Service Models Tailored
to Your Needs

Many of our mid-tier clients find that the traditional consulting model doesn’t work for them and is not delivering the sustainable capability improvement they require. To help you rapidly build and maintain your cyber capability, we provide the option of different service models which are flexible and tailored to your needs. Every organisation is unique and has its own cybersecurity risk profile and requirements. Our service model can be tailored to your specific needs, based on an initial maturity assessment and threat and risk assessment.

Project based (traditional consulting model)

Professional consulting services on a project by project basis


A part time CISO providing coaching, advice and support


A dedicated part time CISO who becomes part of your management team

Co-sourced or outsourced

Outsource part or all of the management of your security program and function

Indicative services in each
vCISO service

Specialist cyber services packaged into a cost-effective and sustainable service model

The table below provides an example of the types of services provided under each service model. The services are indicative and will be tailored to meet your needs.

Service model
Outsourced vCISO
A part time CISO providing coaching, advice and support
A dedicated part time CISO who becomes part of your management team
Outsource the full management of your security program and function
Assess your cyber risk and capability
A part time CISO providing coaching, advice and support
Cyber threat and risk assessment
Regulatory compliance
Technical security assessments
Define your cyber strategy
Cyber security strategy and roadmap
Capability development plan
Business case and budget

What are the benefits of a virtual CISO service model?

  • Flexibility – vCISO services can be tailored to complement your in-house capabilities with specialist skills in specific areas where you may not have the skills or capabilities available full time.
  • Scalability – the service can be scaled up or down with your workload and demand, for example you may want to ramp up the service when you are kicking off a new program, and then scale down again when returning to business-as-usual operations.
  • Responsiveness – having a vCISO on demand means you can get access to specialist skills or assistance at short notice when you need it.
  • Cost effective – the cost of a vCISO service is typically a fraction of what it would cost to have a full time CISO.
  • Objectivity balanced with inside knowledge – a long term relationship with a vCISO often provides the right balance between the knowledge of an insider with the objective perspective of an external adviser.
  • Continuity – on average CISO roles turn over every 2 years. A vCISO service from an organisation with a number of experienced specialists as backup for each other means no staff turnover or periods when you have no CISO capability on board.
  • Access to a range of expertise – every CISO comes with their own unique background and experience. A vCISO service can provide you access to multiple different skillsets for less than the cost of an individual CISO.
  • Proven methodology – a leading vCISO service is typically based on proven methodologies and approaches to ensure the effectiveness and efficiency of the service, not just “body shopping” of experienced people.