Fortune 5 Security with v~CSO's

Security services scaled to your immediate needs or planned growth.

The Virtual Chief Security Officer / Chief Information Security Officer (CSO / CISO) model has the best ROI for SMB’s because it offers fractional executive security leadership, as needed.  Our CaaS (CSO as a Service) is perfect for companies not ready for a dedicated C-Suite security officer.

Fractional services are also used by Fortune 1000 companies needing assistance during critical incidents, sensitive projects, discreet investigations, or to augment their security programs.

Rick Orloff, CISSP, CAPI, vCSO

Security is not a static posture, it’s a journey.

What we Do

Services

Virtual CSO / CISO

The Virtual Chief Security Officer / Chief Information Security Officer (CSO / CISO) model has the best ROI for SMB’s because it offers fractional executive security leadership, as needed.

Fractional services are also used by Fortune 1000 companies needing assistance during critical incidents, sensitive projects, or to augment their security programs.  When appropriate, our program deliverables may include:

  • Assessing the security needs of the business
  • Designing non-bureaucratic risk mitigation programs supporting business objectives and operational risk appetite
  • Augmenting existing security teams
  • Providing CSO / CISO as a service (CaaS) for sustained operations or support
  • Special Projects

Incident Management

Our successful incident management expertise includes matters in excess of $100M for a single incident. Our experience includes everything from  data leakage, ransomeware attacks, intellectual property theft, and insider misappropriation.  Many companies fail to manage incidents that affords the needed legal protections during and after the incident is over. Our approach is often embraced, permanently, by legal departments. When appropriate, our program deliverables may include:

  • Engaging the C-Suite and technical teams during an incident
  • Restore services to customers while pursuing root cause methodologies 
  • Preparing an Incident Management framework and workflow before an incident occurs
  • Investigations

Security Program Maturity

Start-up’s and SMB’s tend to be laser focused on building products and features so they can establish top-line revenue with little focus to their security posture.

We offer a non bureaucratic approach that sizes a security program consistent with your business risks, needs, and objectives.  When appropriate, our program deliverables may include:

  • Operational Gap Assessment 
  • Risk Mitigation techniques 
  • Governance, Risk, and Compliance program
  • Policy Development
  • Incident Management Process
  • Pen Testing 
  • Eliminating friction between Red and Blue teams
  • Creating positive interactions between Engineering and Security

Board Member / Advisor

Some Federal and State Agencies are now mandating that Boards of Directors must have security expertise at the Board level.  This makes our experienced  business minded security executives ideal for these roles.

  • Guidance for policy based governance
  • Sustainable future
  • Corporate and Operational Governance 
  • Sound financial management

Advisory Boards 

Our executives participate in many Advisory Boards in the US, Ireland, and EU.  Our participation on Advisory Boards often focuses on:

  • Product roadmaps
  • Product security
  • How to communicate the product ROI to customers
  • Corporate security capabilities and roadmap 
  • Governance, Risk, and Compliance (GRC) programs
  • Vendor Due Diligence (VDD) programs

Physical Security

Our team has designed, built, and operationalized physical security programs for some of the largest companies in the world e.g., Fortune 5 as well as Fortune 500.

Programs are designed for the needs of the business and scaled to the needs of each location. For example, the security needs at a remote sales office shouldn’t be the same as Corporate HQ, Engineering (where intellectual property is created) or a data center. Our programs have included:

  • Electronic card access
  • CCTV monitoring and alerting
  • Geospatial engines that produce actionable alerts
  • Polices, Procedures, Standards, and Guidelines (PPSG)
  • Action plans for alerts and events
  • International Travel Security
  • Employee Emergency Notification system 
  • International emergency evacuation program

Personal Security (Cyber)

We have designed personal security programs for some of the wealthiest, and most recognizable, people in the world.  

Most wealthy individuals do not have proper Operational Security (OpSec) or ‘tradecraft’ for their personal lives and families.  A proper personal security program is intended to cloak individuals and families so they aren’t easy to locate, stalk, harass, etc.  

If they are stalked, harassed, etc, we provide a custom plan to mitigate the immediate threat.  Our team has experience to coordinate longterm resolutions.  Personal security programs have a defense-in-depth approach and should include:

  • Sustained Cyber Scrubbing (SCS) of personal data
  • OpSec to live normally but not have your personal details constantly leaking into different databases.  (If you’re not going to do this, don’t waste your money on a personal security program.) 
  • Layers of physical security consistent with the risk appetite of the individual

Great Attention To Detail

Security design includes tool normalization and measured staffing strategies.