Last Updated onReading Time: 2 minutes
A Virtual CISO (vCISO) or often called Fractional CISO, is an outsourced security practitioner (or team of practitioners) who offers their time and expertise to an organization on an ongoing basis, usually part-time and remotely.
Here is a simple breakdown of what drives the cost of vCISO engagements and some pricing you can expect when engaging a vCISO.
How much does a vCISO Cost?
90% of our clients fall between $4,500 to $12,500 per month for our vCISO and Virtual Security Team Services.
vCISO Cost Drivers:
During our discovery process, we look into each of these areas (and more) to build a vCISO offering that fits your needs:
- Access to Expertise – How much expertise do you need beyond what you currently have?
- The more access to expertise you need, the more you will typically invest.
- Information Security Management System (ISMS) Maturity – How much help do you need to develop your ISMS?
- The more mature your ISMS is today, the less work (and cost) it will take to develop, track and improve it.
- Internal Resources – How much information security work do you need to complete that you cannot currently handle?
- The more information security related tasks you want to outsource, the higher your monthly cost.
- Security Initiatives – How much help do you need to complete security initiatives/projects?
- Examples of security initiatives include preparing for ISO 27001 certification, completing a SOC 2 report, building a third-party risk management program, operating a vulnerability management program for an application, etc. Often large initiatives can drive up the cost of vCISO engagements, but usually only for short periods of time.
We appreciate you may not know what you need (many people don’t); after all, if you are looking into hiring a vCISO you are admitting you may need some expertise your business does not currently have. Through a conversation with our team we can give you confidence in some options that fit your needs. You can contact us and schedule time with a vCISO here.