The full service

What's included in the vCISO service

One engagement, six core areas of security leadership, and a named expert accountable for all of it.

3D illustration of a cyber risk assessment gauge representing the vCISO maturity assessment

Cyber Maturity Assessment

We start by understanding where you are. Your security posture is reviewed against recognised industry standards, your target state is defined with you, and the gaps that genuinely matter are identified and prioritised. This becomes the baseline every improvement is measured against.

3D illustration of a strategic cyber security roadmap

Strategic Cyber Roadmap

Security objectives are aligned with your business goals and sequenced into a clear, costed roadmap. It is written for two audiences at once: precise enough for your technical team to execute, and clear enough for your board to fund.

3D illustration of a Cyber Essentials Plus certification badge

Compliance Frameworks

Whether customers are demanding ISO 27001 or SOC 2, insurers are asking about Cyber Essentials, or GDPR obligations need evidencing, your vCISO guides you through scoping, implementation, audit and the ongoing work of staying compliant.

3D illustration of secure technology architecture

Architecture Reviews

A security architect reviews how your technology and products are built, from cloud infrastructure to release processes, and recommends changes that design risk out rather than bolting controls on afterwards.

3D illustration of a cyber incident response alert

Cyber Incident Response

Incident response plans are developed, tested through realistic exercises and refined over time. If a significant incident hits, you have seasoned leadership beside you to contain it, preserve evidence and get the business running again quickly.

3D illustration of cyber security awareness training

Training & Awareness

Targeted programmes that measure and genuinely improve how your people respond to threats: phishing simulations, tailored communications, and table-top exercises for your leadership team.

Behind your vCISO

One engagement, a whole security function

Your vCISO owns the strategy layer and draws on the full CyPro capability beneath it as your roadmap demands.

Cyber Strategy

Security strategy, executive reporting, decision making, budget and people management: owned by your vCISO

Security Advisory & Assurance

  • Policy, standards and procedures
  • Projects and change advisory
  • Data privacy, HR security and business resilience advisory
  • Risk management and acceptances
  • Third party due diligence
  • Data classification
  • Assurance testing: reviews, audits, pen tests, red teams, table-tops
  • Operational and management reporting

Security Operations

  • Security Operations Centre (SOC) and SIEM
  • Network and security alert monitoring
  • AV and intrusion detection/prevention
  • Microsoft 365 management and DLP
  • Anti-phishing campaigns
  • Threat intelligence and threat hunting
  • Shadow IT monitoring
  • Incident response
  • Patch and vulnerability management

Identity & Access Management

  • Authentication, SSO and MFA
  • Access control audits
  • Identity management
  • Attack surface assessment and reduction
  • Privileged access monitoring and approvals
  • Least privilege and separation of duty audits
  • Role-based access control
  • IAM in the cloud

Secure Architecture

  • Security architecture
  • Network security, zoning and segmentation
  • Secure backups and IT resilience
  • Projects and change advisory
  • PKI infrastructure
  • Firewall rule review and approvals
  • Cloud security: connectivity and secure patterns
  • Application and API security

Security Engineering

  • DevSecOps
  • Asset secure build and system image hardening
  • Virtual machine security
  • Cloud security assessments
  • Secure configurations, client and server
  • Secure software development lifecycle
  • Application and API security
  • Attack surface assessment and reduction

Security Culture

  • Training needs identification
  • Cyber training content
  • Integrating threat intelligence into learning
  • Cultural change and cyber awareness programmes
  • Security communications
  • Engagement initiatives: explainer videos, infographics, quizzes

How it's delivered

Built around your business

3D illustration of a dedicated named Virtual CISO

A dedicated, named vCISO

One person who learns your business inside out and stays accountable, not a rotating cast of consultants.

3D illustration of the extended specialist security team

An extended specialist team

Penetration testers, security architects and incident responders from the wider CyPro team, available when the work demands depth.

3D illustration of security consultants working on site

On-site presence

Typically one day a month on site, often chairing your security committee or presenting to the board. More if you want it.

3D illustration of an operational reporting dashboard

Board-level reporting

Regular plain English reporting on risk, progress and spend, designed for executives rather than engineers.

Every engagement is shaped in a scoping conversation, so you pay for the coverage you need and nothing you do not. See pricing for how that translates into a monthly fee.

3D illustration of a rocket launching

Take the first step

Speak to a Virtual CISO today

Book a free 30 minute consultation to talk through your security challenges and find out exactly how a vCISO would work in your business. No obligation, no hard sell.