Service 02
Your dedicated security manager or architect — without an internal hire and without unnecessary bureaucracy.
Good security needs an owner. Someone who is actually accountable for it — not just delivering reports.
Most mid-sized companies can't afford a full-time in-house CISO or security architect. And yet that role is what decides whether security controls actually work — or just sit in documents.
In our Security Leadership engagement, we take that role on for you. We work as part of your team — you know us by name, you have direct contact, and you know what's actually going on. No anonymous support, no escalations through a ticketing system.
We tailor the scope of engagement to your actual needs — from strategic leadership to technical architecture design. Or both at once.
What's included
We take on the role of cybersecurity manager. We talk to leadership, report to the board, and run the security programme — like an internal CISO, without the fixed cost.
We communicate regularly with company leadership — monthly briefings, board reporting, participation in key decisions. We manage vendor relationships, oversee implementation of security controls, and represent the company in audits or regulator communication. The minimum commitment is 6 months, typical engagement is 1–2 years.
We design security architecture for your specific environment. Cloud, on-premise, or hybrid — we know what it should look like from the foundations up.
We work with you on designing or revising the overall security architecture — from network segmentation through IAM to cloud security controls. The output is architecture documents, reference designs, and technical recommendations your team can implement. We engage one-off as well — for example during a cloud migration or new infrastructure rollout.
We help you choose the right tools. We're not tied to any vendor — we recommend what genuinely fits your context and budget.
Before recommending any tool, we understand your stack, processes, and the capacity of your in-house team. We compare realistic options — including open-source alternatives — and prepare the basis for the decision. Optionally we run a proof of concept or a pilot rollout in collaboration with the chosen vendor.
We create or revise security policies, standards, and procedures. Documents that actually get used — not ones that sit in a drawer.
We focus on what your organisation actually needs. Typically: Information Security Policy, Access Management Standard, Acceptable Use Policy, Change Management Procedure. We tailor each document to your culture and operational reality — language, structure, and content. We don't bury you in templates — we write for the people who will actually read the documents.
We don't hand off the output and leave. We stay, track progress, and adjust the plan as your environment changes.
Regular (typically monthly) progress reviews, priority updates, and reporting to leadership. We track new threats and regulatory changes and fold them into the plan. We function as your internal coordinator of security initiatives — without needing a full CISO engagement. The collaboration is flexible — scope adjusts to the current phase of your security programme.
Who it's for
01
Security matters, but a full-time CISO or architect hire isn't realistic. You're looking for a flexible solution with real accountability.
02
You need security that grows with you — not a solution designed for the company you'll one day be, but for the one you are now.
03
You need a responsible person to guide certification or audit prep from start to finish — and stand behind the result.
Frequently asked
vCISO focuses on management and strategy — talking to leadership, running the security programme, ensuring compliance. vCSA focuses on technical design — system, network, and security tool architecture. The two roles complement each other naturally.
Usually 6–12 months with the option to extend. Shorter engagements are possible for specific projects. We don't lock you in — the engagement runs as long as it adds value.
It depends on scope. A typical vCISO retainer is 8–20 hours per month. We always set scope upfront to match your needs and budget.
Let's talk
Tell us what you need and we'll propose a concrete engagement — no commitments, no overpromising.