A senior fractional CISO to design strategy, govern risks, coordinate vendors and report to the board. Expert decisions on a realistic budget.
An SME cannot afford €90,000/year for a senior CISO. It also cannot afford not to have one. This is the in-between solution that makes sense.
Annual security plan with objectives, KPIs and a roadmap prioritised by risk and return. Not a list of random tasks.
Quarterly executive reports in business language. No empty jargon: risk, impact and decision.
Asset inventory, risk map, treatment plans and periodic review with real criteria.
GDPR, NIS2, ISO 27001, ENS, DORA. Whatever applies to your sector, managed with intelligence and no useless paperwork.
Your CISO talks to your MSP, MSSP, lawyers, insurer and external auditor. You just read the summary.
If there is an incident, your CISO is on the front line. Communication, regulators, customers, crisis management. You are not alone.
Overall maturity, compliance by standard, open risks and pending decisions. Ready to present without translating from IT jargon.
12-24 month vision with budget, milestones and KPIs aligned with the business plan.
MAGERIT/ISO 27005 methodology, semi-annual review and treatment plans.
Definition and maintenance of policies, standards and procedures. Approved with management.
Mapping of applicable obligations, compliance plan and audit-ready evidence.
Critical vendor assessment, security clauses in contracts, due diligence.
Awareness plan for employees with simulated phishing campaigns and training sessions.
Executive scorecard with key metrics, quarterly board presentation.
Incident response plan, exercises and executive leadership during real incidents.
We introduce the senior CISO assigned to your sector and maturity level. If they do not fit, we change them — no questions asked.
Meetings with management, IT and key areas. Asset inventory, critical systems and regulatory obligations.
Identification of major risks, valuation and prioritisation. First validation meeting with management.
12-month roadmap with quick wins, prioritised investments and KPIs. Approved at the board.
Recurring agreed dedication (8-60h/month per plan), quarterly reporting, annual plan review.
Let's spend 30 minutes on your current situation and see if a fractional CISO makes sense for you.
The CISO acts as an advisory role with delegated authority. Ultimate legal responsibility always lies with the company's management, but the CISO signs their recommendations, leaves a decision audit trail, and carries professional liability insurance.
Depending on the plan: 8h/month on Advisor, 20h/month on Strategic, up to 60h/month on Embedded. Hours are real senior CISO time — not juniors in disguise.
They work with your team. The CISO sets the what and why; the how is executed by your IT (in-house or managed). Complementary, not a replacement.
Scorecard with KPIs: maturity level (1-5 scale), open vs. closed risks, incidents avoided, regulatory compliance, board satisfaction.