Embedded advisory that gives your organisation strategic security direction, compliance oversight, and board-level governance — on a fractional basis.
vCISO Advisory
Policy Reviews
12/12 CURRENT
Starting Price
$8K
per month
Your IT manager handles security on top of everything else. There's no strategic direction, just reactive firefighting.
Your board wants regular cyber risk reporting but no one is synthesising the data into business-relevant insights.
You've achieved compliance milestones but there's no roadmap for maintaining and building on them.
Annual security plan with priorities, milestones, and resource allocation aligned to your business objectives.
Regular cyber risk committee papers that translate technical posture into business-relevant language.
Ongoing monitoring and management of E8, DISP, ISM, and PSPF compliance obligations.
Third-party and supply chain risk assessment guidance to manage your extended security surface.
Development, review, and lifecycle management of security policies and procedures.
Incident response plan development, coordination support, and exercise facilitation.
You need senior security leadership but can't justify or find a full-time CISO. A fractional model gives you strategic direction at a manageable cost.
You need governance coordination across DISP, E8, and supply chain requirements with someone who understands the defence context.
You've reached a size where ad-hoc security decisions create risk. You need a structured approach with experienced oversight.
Pick a time that works for you — we'll discuss your cyber governance needs and scope a tailored engagement.
Federal agency
Delivered executive and board-ready cyber governance papers, stood up a Foreign Ownership Control and Influence process, and supported system accreditation activities across a shared-services environment — so the agency walked into its next review with defensible answers.
Federal department
Led the department's Essential Eight maturity review using ACSC verification methodology, then ran continuous-assurance activities through annual PSPF reporting and ASD cyber survey submissions — keeping E8 posture live between formal reviews.
Federal agency
Scoped, assessed, and reported on three high-priority SRAs in a single calendar year — an enterprise integration platform, a supplier-security uplift, and a public-facing online services portal with paired penetration testing — all delivered inside the agency's assessment window.
Engagement models range from a few days per month for light-touch oversight to near-full-time embedded support. We tailor the model to your organisational needs and budget.
When your organisation has sustained, complex security operations that require daily executive attention — typically 500+ employees with significant regulatory obligations. Until then, a vCISO gives you the same strategic value at a fraction of the cost.
Absolutely. A vCISO provides the governance layer that coordinates DISP compliance, Essential Eight uplift, and ongoing assurance activities — all under a single strategic umbrella.
Most clients see their first board-ready paper within 30 days. We start with a 2-week orientation covering current controls, risk posture, and stakeholder map, then run to a monthly cadence aligned to your reporting cycle.
Starting from $8,000/month. Actual scope is set per engagement — from a few days a month of advisory through to embedded weekly support. We scope and quote after an initial conversation, so the monthly figure is predictable.
MSPs run your security tools; a vCISO owns the security program. Unlike Big 4, our vCISO role is a senior AGSVA-cleared consultant — same person every week, direct line to your exec, no staffing churn.