Fractional CISO Services —
Board-Ready Security Leadership
Without the $300K Hire.
Companies at Series A through mid-market get the same security program leadership that powered four consecutive SOC 2 Type II audits, ISO 27001 certifications, PCI-DSS audits and Sarbanes-Oxley audits and maintained a Microsoft Security Score above 98% for a monthly retainer.
What many companies search for as a vCISO or virtual CISO is exactly what this practice delivers — senior security executive leadership on a fractional basis. The difference here: one practitioner with 30+ years of hands-on experience, not a consulting firm rotating junior staff. Same strategic output. No overhead.
Speaker at DEF CON · RSA · FBIIC
Tailored Fractional CISO Services. One senior practitioner.
Fractional CISO services designed to match where your company is and what's driving urgency — SOC 2, ISO 27001, AI governance, or ongoing CISO leadership. Every engagement is scoped precisely.
Security Program Maturity Review
Not sure where to start? This is the answer.
A structured one-hour session to assess where your security program is today, what gaps are most urgent, and what a realistic path forward looks like — delivered with a written findings summary.
Fee applies in full toward any retainer or sprint engagement signed within 30 days.
Fractional CISO Retainer
Ongoing security program leadership for technology companies that need a senior security executive — without the $300K full-time commitment.
Learn MoreSOC 2 / ISO 27001 Readiness Sprint
Structured readiness program with a hard audit deadline. Gap assessment, control design, policy development, and audit preparation.
Learn MoreAI Security Governance Framework
AI tool and use case inventory, risk assessment against NIST AI RMF and EU AI Act, Acceptable Use Policy, and vendor AI risk assessments.
Learn MoreIncident Response Planning & Tabletop Exercise
Incident Response Plan development, tabletop exercise facilitation, and post-exercise findings report.
Learn MoreHourly Advisory
Senior security guidance for specific questions, due diligence, vendor assessments, or architecture reviews.
Book NowBoard / Fractional Advisor
Board-level security credibility and governance for early-stage startups.
Learn MoreTechnical depth that most executives lack.
Most vCISOs are policy writers. I've architected Zero Trust deployments, built DNS security infrastructure from scratch, deployed AWS Bedrock for production teams, and stood up SOC 2 programs that survived four consecutive audits without a single exception.
I've also presented that work at DEF CON main track and RSA Conference because credibility with practitioners is as important as credibility in the boardroom.
Full BackgroundEngaged for a first SOC 2 Type II audit with an investor-driven deadline. Gap assessment completed in week one. All required controls designed, documented, and implemented within 60 days. Audit completed in 87 days total. Result: Zero exceptions. Renewal audit the following year — same outcome.
Enterprise customers began requiring AI governance documentation in vendor questionnaires. Engaged for the AI Security Governance Framework. Delivered an Acceptable Use Policy, AI Use Case Registry, and vendor AI risk questionnaire within 35 days. Zero failed enterprise security reviews since deployment.
Thirty minutes. Free. No pitch deck.
Tell me where your security program is today and what's driving urgency.
I'll tell you honestly whether I can help. If I can help, I'll tell you how.