One of the hardest parts of choosing a Virtual CISO is knowing what you’re going to get once your contract starts. Security vendors are compelled to provide a cookie-cutter service to streamline marketing and reduce overheads. But of course, a CISO’s role at your organization shouldn’t look like a CISO’s role at another organization. Each one will have a unique mandate, with nuances for the security environment, compliance framework, and more.
What stands out about Defensible Technology as a vCISO provider is its flexibility. Rather than a one-size-fits-all, their advisors are able to assess your organization’s security needs and goals and provide a service that focuses on specific deliverables. For example, as vCISO for one company, they may have a short-term mandate, and a monthly contract, to perform due diligence during a merger/acquisition. For another organization, their vCISO can perform security program design from the top down, setting priorities, and goals and setting a plan to develop security infrastructure.
Unlike many vCISO providers, Defensible’s pricing reflects this, offering both monthly and annual contract options.
Depending on your organization’s needs, a vCISO from Defensible could help provide:
- Information Security Risk Management
- Information Security Policies, Standards, and Metrics Review
- External Attack Surface and Public Profile Assessment
- Information Security Advice and Response
- Third-Party, Cloud, and Vendor Security Review
- Detailed Controls Assessment
- Risk Register, Security Project Definition, and Implementation
- Monthly Information Security Updates
While working with a vCISO is supposed to reduce costs, getting a vCISO with insufficient experience can increase costs (not to mention increasing security risks). Defensible is trying to marry experience with cost efficiency. CEO and founder Stephen Doty has more than 20 years of experience in security, from program design & implementation to creating security governance strategies, managing enterprise-level IT programs, and leading recovery and remediation from significant data breaches.
Defensible is a good fit as vCISO for startups and mid-market companies in North America. They have experience solving security problems in healthcare, non-profits, tech & SaaS businesses, government entities, legal, higher education & critical infrastructure.
Their experts are available for free consultation via the Defensible website.