Get in touch
Fractional vCISO

Senior security leadership — without the full-time hire.

A fractional CISO who runs your security program week-to-week: board reporting, customer questionnaires, incident response, vendor reviews, and the awkward conversations a security function actually owns.

  • Senior CISO seat at fractional cost — sized to your calendar, not a generic retainer.
  • We run the program; we don't hand back a slide deck.
  • Internal handover and exit clause designed in from day one.
  • EU + US
  • SOC 2 · ISO 27001 · GDPR
  • Operator-led
  • Clean exit clause
When this is for you

Most companies call us in one of four moments.

  • Enterprise sales are stalling on security review.

    A buyer wants to see a CISO on the other side of the table. You don't have one yet, and a contractor name on a slide isn't enough.

  • Your last security lead just left.

    Six to twelve months of hiring lead time. The board, the audit calendar, and the next questionnaire won't wait.

  • You're between Series A and Series B.

    A full-time CISO is too expensive, no security at all is too risky, and the engineering manager wearing the hat is burning out.

  • You've just had an incident.

    You need experienced leadership in the room this week — for the response, the customer communication, and the program changes that have to follow.

What we own

A working CISO seat — sized to the calendar.

01

Strategy & roadmap

Quarterly security plan tied to revenue, fundraising, and product milestones. No standalone security roadmap that no one else reads.

02

Board & executive reporting

One page per quarter that a non-technical board can act on: posture, top risks, status of major commitments, what we're asking for.

03

Customer security reviews

We handle the questionnaire, the technical Q&A, and the call with the customer's security team — so your AEs close instead of forwarding emails.

04

Compliance program operation

SOC 2, ISO 27001, GDPR — running, not just designed. Evidence captured continuously, audit windows handled without panic.

05

Incident response & readiness

Tested playbooks, named owners, vendor relationships pre-arranged. When the bad day comes, the response is muscle memory.

06

Vendor & data governance

Processor register, DPAs, transfer assessments, and a working review cadence — kept current as procurement adds tools, not as a one-off cleanup.

Built to exit

The job is to be replaceable.

A vCISO that creates dependency is a bad vCISO. From the first month we design the engagement around a clean handover — to your first internal hire, to a sibling consultancy, or to a mature ops cadence your team can run alone.

  • Every artifact lives in your tools (Notion, Drive, Linear, GitHub) — not ours.
  • Quarterly review of what should move in-house and what's worth keeping fractional.
  • Job description, leveling, comp benchmark and interview loop for the future full-time hire — written by us.
  • 30/60/90-day overlap with your new CISO included in the contract.
From the practice
"A fractional CISO works because security maturity isn't a function of hours-per-week — it's a function of judgment at the moments that matter. We're there for those moments, and we make sure the rest of the week runs without us."

— Adam Gresh, Purple Dragon Cybersecurity

Frequently asked

Common questions, direct answers.

How much vCISO time do we need?

Most engagements run 0.5–2 days a week, depending on whether you are building, operating, or stabilizing. We size the seat to the calendar — board meetings, audit windows, customer reviews, hiring loops — not to a generic retainer.

Will you actually run the program, or just advise?

Both. We operate the program week-to-week — incident calls, vendor reviews, executive memos, customer questionnaires — and progressively transfer ownership to internal hires as you grow. The exit is part of the engagement from day one.

Can you cover an EU and US footprint?

Yes. Based in the Netherlands, working hours across EU/EEA and the US East Coast. Cross-border governance — SCCs, transfers, GDPR + state US laws — is everyday work.

How is this priced?

A fixed monthly retainer based on agreed seat time and scope. No hourly surprises, no scope creep mid-quarter — and a clean exit clause when you hire your own CISO.

Book a 30-min intro

A working conversation about what your security seat needs to cover this quarter — not a sales call.

Talk to a security operator.

Tell us what you're trying to ship, what's stalled, or which buyer security review is up next. We work with companies across the EU, EEA and US — and we reply within one business day.

Get in touch

By submitting you agree to our privacy policy.