Engagement models
Program Management
This is for folks who know they need to start being more secure, but need someone to come in and layout a roadmap. Expert help on a limited engagement
technical IMPLEMENTATION
This is where there is a plan and need technical controls to follow on policies and procedures. Securing build pipelines, getting a SIEM up and running, etc.. This is closer to staff augmentation
vCISo
There doesn't seem like there is enough work for a full time CISO, or maybe the director of IT or CTO is tired of managing compliance. This is a fractional employee on a defined engagement model that generally lasts for months
It can be tough to navigate what makes the most sense for your business. The goal of the different engagement models is to provide flexibility as you evaluate what stage of the security and compliance journey you are on, and how you would like it to be supported.
Possible things to reach out about
- Getting an initial set of policies and procedures drafted that allows you to demonstrate corporate controls
- Taking some of those policies and turning them into technical controls. How do ensure code getting pushed to production is secure, how to manage employee laptops to reduce or eliminate the risk of phi being stored
- A company that doesn't have a need for a full time security officer, but needs to have regular check-ins makes sure they are on track, and be setup for success if and when they are ready for that dedicated resource.