Service Descriptions


Professional Services are tailored to the needs of the Client. A Client may request program remediation support to address assessment findings. Clients may also request support to establish a process, with transition to internal personnel. Virtual CSO may be used as staff augmentation, to maintain the right balance between Capex and Opex.

Threat Landscape and Controls Analysis

It is necessary to tailor controls to the organization and to adapt to changes in the threat landscape. Threat Landscape and Controls Analysis starts with the inherent risk of the organization. Potential adversaries are described, with techniques for compromising data and coverage of the cybercrime ecosystem. Potential for impact is detailed while citing reputable sources. The organization’s risk tolerance is referenced for context. The organization's assets are listed, with a pivot into cybersecurity protection boundaries, control framework and risk assessments. Fair and balanced analysis is conducted by documenting risk mitigation and recent accomplishments in that domain. Residual risk is detailed with recommendations for new processes and controls. A summary statement addresses the organization’s risk culture, with recognition for conducting risk analysis.

Deliverables include a report and a slide deck presented to executive leadership.

Click here for a complete list of service offerings.

Zero Trust Risk Assessment

If you are not familiar with zero trust, it is a security model that accounts for adversaries within the internal network and insider threat. Given the current threat landscape, it is necessary to focus on zero trust principles, where data flows, identifying controls and residual attack vectors. This service evaluates your IT environment by zero trust principles, including technical and administrative controls.

Deliverables include a report and a slide deck presented to executive leadership.

Click here for a complete list of service offerings.

Establish a Third Party Risk Management Program

Establishes an end-to-end process for evaluating and managing third parties from a cybersecurity perspective (identify, risk rank, assess, risk treatment, monitor and oversight & escalations). Includes options based on risk tolerance and available funding.

Click here for a complete list of service offerings.

Fees and Payment

Assessments are billed as a deliverable, with payments during stages of the project. Professional Services are billed at a flat hourly rate, not including travel expenses. A minimum number of hours are purchased on retainer. Services are billed monthly.

Next Steps

Each engagement is customized to meet the needs of the client. The first step in the process is to have a conference call. We work together on a list of bulleted requirements. Virtual CSO responds with a Statement of Work.

This service offering description provides an overview for informational purposes only. The Statement of Work and the Master Services Agreement are the official documents for each Professional Services engagement.