Hello and welcome to TrustedCISO! I have 30 years of experience in information security. Having been a Chief Information Security Officer (CISO) at RedSeal, Inc, I decided to launch my own vCISO consulting company in 2022. I am experienced in building SOC2 and security programs. I can advise you on obtaining a specific audit report such as SOC2 as well as maturing your current security program or building one from scratch. I offer virtual Chief Information Security Officer (vCISO) services to advise on building your company’s security program and lowering your company’s cyber risk.
Services Offered
I can manage your company’s SOC2 audit from start to finish including:
- Author and review policies and procedures
- Internal & External assessment of your company’s security posture
- Document and communicate the current Risks to Executive management
- Third-Party Vendor Risk Management
- Manage Assessment, Preparation, and Audit support of the following:
- SOC2 Type 1 and Type 2
- ISO 27001
- HIPAA & HITRUST
- CMMC
- PCI
- Lead Table Top Exercises
- Vulnerability Management Prioritization
- Threat Modeling
I have longstanding relationships in the industry and have trusted penetration testers, and I work with a top CPA firm to conduct the audit. We work with you in partnership to ensure your success.
Getting the Basics Down
As a CISO, I’ve learned that getting the basics down is critical. When attackers break in, it’s usually something as simple as a critical patch wasn’t applied within 30 days or a firewall, or cloud component was incorrectly configured. Getting the basics down is so important to keep the hackers out. Check out these statistics:
- According to Microsoft, 99.9% of account hacks are stopped by using Multi-factor Authentication (MFA).
- Through 2025, Gartner says that “99% of cloud security failures will be the customer’s fault.”
- Misconfigurations will cause 99% of all firewall breaches through 2023, according to Gartner. – hbr.org
Trust but Verify
I call it Trust but Verify, and I’ll be covering the various items that need to be reviewed and managed either as a new CISO or periodically in your organization. Ideally, continuous monitoring should be implemented, but a TrustedCISO initial gap and risk assessment should be conducted to understand your company’s current security posture and cyber risk. I have in-depth knowledge and partner with experienced pen testers and auditors. I can manage your audit from start to finish and automate 80% of the evidence via automation tools such as drata. Don’t just check the compliance box, but implement controls and monitoring that will lower your company’s cyber risk.
Learn More About TrustedCISO
Read more about what a vCISO is and how we can help.
To learn more how TrustedCISO can advise your company on compliance and cybersecurity click here to Contact Us.