Fractional leadership

vCISO — enterprise security leadership without the full-time cost

CISO-level expertise on a flexible retainer. We build and mature your security program, guide compliance, and report to leadership — at a fraction of a $250k+ salary.

Book a vCISO assessment

What you get

Security leadership that scales with you

  • Strategy & board reporting

    Monthly advisory sessions and quarterly executive-ready updates your leadership can act on.

  • Risk & compliance

    Risk registers, policy development, and roadmaps for SOC 2, ISO 27001, and PIPEDA.

  • Governance with Eramba

    We deploy and tune Eramba as your GRC hub — controls, audits, assets, and compliance tracking in one place.

  • Vendor & incident readiness

    Third-party risk programs, IR planning, and tabletop exercises when you need them.

  • Cloud security guidance

    AWS Well-Architected reviews, Zero Trust direction, and team mentoring as you grow.

  • Cyber insurance support

    We help you navigate policy applications, coverage gaps, and insurer questionnaires — so you qualify and stay covered.

Advisory & consulting

Scoped engagements beyond the retainer

Need depth in a specific domain? We take on targeted advisory and consulting gigs alongside — or independent of — a vCISO engagement.

  • Vulnerability Management
  • Identity & Access Management
  • Active Directory Assessment
  • PCI Assessment
  • Defensive Security
  • Security Architecture Reviews
  • Threat Modeling
  • Penetration Test Coordination
  • Security Awareness Programs
  • Incident Response Advisory
  • Financial Planning
  • Security Automation
  • Vendor Risk Assessments
  • Cloud Security Posture Reviews

GRC platform

Eramba for governance & compliance

Open-source Eramba gives SMEs enterprise-grade GRC without six-figure licensing. We handle installation, framework mapping, control libraries, and workflows so your team can run audits and track remediation — not wrestle with spreadsheets.

  • Control frameworks
  • Audit management
  • Asset inventory
  • Policy lifecycle

Ideal fit

Built for $20M–$500M organizations

Former CISOs and security leaders with 15+ years in finance, healthcare, and energy. Fixed monthly fees, 3-month minimum, scale up or down as your program matures.

  • Regulated industries
  • No surprise costs
  • < 4 hr urgent response
  • Knowledge transfer

Engagement tiers

Monthly retainer packages (CAD)

Billed in advance · 3-month minimum

Essential

$7,600/mo

10 hours / month

Strategy calls, risk register, policy reviews, and a compliance roadmap.

Small–mid companies starting their program.

Popular

Growth

$14,000/mo

20 hours / month

Full vCISO leadership, board reporting, vendor risk, and IR planning.

Growing SaaS, fintech, and tech-forward SMEs.

Enterprise

$23,600+/mo

40 hours / month

Embedded leadership, SOC 2 / ISO support, mentoring, and pentest coordination.

Larger or regulated organizations.

Add-ons: security awareness training, tabletops, cloud security reviews, and blended implementation retainers.

Need CISO expertise without the full-time hire?

Book a free assessment — we'll give you an honest fit check, even if we're not the right match.

Schedule assessment