vCISO / Virtual CISO

Our vCISO / Virtual CISO service is designed to make top-tier security experts available to businesses and organisations who need security expertise and guidance. Our team of CISO’s and their supporting experts have decades of experience; building information security programs that work in line with your business objectives and demonstrate measurable improvements in your security posture.

Cyber Security Consulting

vCISO, how does it work?

Every good vCISO engagement begins with a risk assessment.

A good virtual CISO program that is geared to success and demonstratable improvements in security posture begins with a risk assessment. It is important to understand the current state of information security within your business so that your security program can be designed in a focused way.

Once the risk assessment is conducted, you will receive remediation suggestions from your vCISO, who will be there every step of the way to help you tackle them. After the remediation is complete, we reassess, help present the findings to the leadership team and the repeat the whole process all over again.

Our Approach

We are Experts. Hedgehog Security has been in business since 2010 offering vCISO services. Our virtual CISO team has in the past decade worked with more than 150 clients. Collectively we have in excess of 100 years of CISO experience in the team and more than 50 certifications. When it comes to growing a security program through a vCISO, you will have the benefit of our experience on your side.

Mission Focus. We believe every business has the right to a safer connected world. Our mission is to deliver that.  We respond to incidents, solve security weaknesses and work tirelessly to ensure that our mission focus is focused on you. Working with businesses before, during and after incidents is the only way we can help develop truly beneficial security programs.

Unique Approach. We do not have a giant cookie cutter. We do not have a template program to use for any business. We recognize that your business or organization is different and that every security program is in a different stage of maturity. We get to know your security program intimately, use an information security risk assessment to inform the vCISO team where your strengths and weaknesses lay, and then apply industry best practices to provide next steps that will help you make improvements.

Laser Focus. Information Security is all we do. We do not sell products, IT solutions, hardware or provide network solutions. We ONLY do information security. Because of this out virtual CISO team can provide you with unbiased recommendations that will make dramatic impacts in your security. Our vCISO team works hard to be a partner, not just a supplier, collaborating with and educating your team and business every step of the way.

Virtual CISO vs CISO vs Contractor

BenefitsVirtual CISOContractorFull Time CISO
Industry ExperienceXXX
Expert AdvisorXXX
Strategic Security PlanningXXX
Flexible InvestmentXX
Guarenteed ObjectivityXX
No Training & Certification CostsXX
Annual Risk AssessmentX
Comes with User Awareness TrainingX
Objective Measureable PerformanceX
Access to a Team of ExpertsX
No TurnoverX
Wide Range of Specialist SkillsX
Proven MethodologyX

Frequently Asked Questions

A vCISO or virtual CISO is a service designed to make top-tier information security experts available to organizations who need security expertise and guidance. Our virtual CISO team has in the past decade worked with more than 150 clients. Collectively we have in excess of 100 years of CISO experience in the team and more than 50 certifications. When it comes to growing a security program through a vCISO, you will have the benefit of our experience on your side.

vCISO services can cost as little as £25k per year and as much as £250k per year. Our typical vCISO engagements decrease in cost over time as out client’s security programs become embedded and second nature.

Our vCISO offering is extremely flexible and every engagement is designed with your needs in mind. However, all engagements follow a similar pattern of assess, plan and remediate.

Whether you need high level guidance on a monthly or quarterly basis or need hands-on help several days per week, our vCISO’s will be able to build a solution for you.

Typical objectives of vCISO engagements include:

  • Information security leadership and guidance
  • Steering committee leadership or participation
  • Security compliance management
  • Security policy, process, and procedure development
  • Incident response planning
  • Security training and awareness
  • Board and executive leadership presentations
  • Security assessment
  • Internal audit
  • Penetration testing
  • Social engineering
  • Vulnerability assessments
  • Risk assessment
  • And much, much more.

Lower Cost Over Time

The truth is, CISOs are expensive. Most of them cost between £100k and £250k when you factor in salaries and benefits. That’s not always easy for small- and medium-sized businesses to cover.

A typical vCISO engagement is between £20k and £250k annually and depending on your business’s size and needs. But, most of the work is preliminary, so the involvement (and therefore the cost) decreases over time.

Extensive Industry Knowledge and Skill

Does your “security” person wear a ton of hats in the organization? It’s not uncommon for companies to assign security roles as a secondary function of an employee’s primary role. Because of this, they’re often not true experts.

vCISOs, especially those at Hedgehog, are highly skilled and certified experts with years of information security experience. A virtual CISO is going to be able to enhance the internal capabilities of your employees tasked with handling security through the techniques they’ve learned.

Limited Turnover

Let’s face it, the security job market is as competitive as ever. We have to worry about employees leaving anyway, but that only adds to it. With a Hedgehog vCISO, you equip your team with the expertise, methodologies, and resources to avoid losing a step—either as you work to hire a new CISO, or if you want our team to occupy that role.

Download our Brochure

Hedgehog Security