theCISO.ca

Available in Canada + the United States

Same proven approach, delivered remotely or on-site as needed. Ideal for teams that want executive clarity, fast execution, and evidence-ready outcomes.

Canada (CAD)

Engagements are scoped around deliverables, operating cadence, and timeline. Invoices can be issued in CAD.

United States (USD)

US engagements can be invoiced in USD. Scope and deliverables remain identical.

Cross‑border compliance

Support for SOC 2, ISO 27001, vendor risk, and board reporting across Canadian and US stakeholder expectations.

Home / Packages / 90-Day Foundation

90-Day Cyber Foundation Build

A 90-day build program to establish a practical security baseline, operating cadence, and measurable resilience without slowing delivery.

Book 15-minute call edc@theciso.ca

Outcomes

  • Controls
    A baseline aligned to NIST CSF / CIS Controls implemented where it matters.
  • Cadence
    Vulnerability, patching, access review, and incident readiness rhythms.
  • Coverage
    Identity, endpoints, backups, logging, vendors, and data protections improved.
  • Metrics
    KPIs and reporting that leadership can track without jargon.

How it works

This is a build-with-your-team engagement. We establish a baseline, ship quick wins early, and create a sustainable operating model.

Scope: most mid-market foundations land between 30–50 consulting days depending on environment size, stakeholder count, and required artifacts. Final estimate is confirmed after intake.

Typical workstreams

DeliverableWhat you get
Security operating modelRACI, governance, policies that matter, and change management for adoption.
Identity & privileged accessMFA coverage, admin segmentation, PAM strategy, and access review cadence.
Vulnerability & patch programTool rationalization, SLAs, triage workflow, and dashboards.
Backup & recovery hardeningRansomware-resilient backup patterns, restore testing, and RTO/RPO alignment.
Logging & detection strategyWhat to log, where it goes, detection priorities, and IR runbooks.
Vendor risk programRight-sized questionnaires, tiering, and procurement integration.
Incident readinessIR plan, tabletop, comms, and coordination with insurance/legal.
Request scope & estimate Start with the Snapshot

Explore the Security Topics That Move the Needle

Clear internal structure for humans and search engines — and a practical path from priority to measurable outcome.

AI Governance & Security
Shadow AI, model risk, prompt injection, and data leakage controls — built for auditability.
PolicyVisibilityGuardrailsAuditability
GRC That Executives Can Run
Risk, controls, evidence, and board-ready reporting — without fire drills.
BoardEvidenceKPIsFrameworks
IAM, RBAC & IGA
Least privilege, lifecycle automation, and measurable reduction in identity risk.
Least privilegeIGAPAMReviews
SASE & CASB Guardrails
Modern access + SaaS data controls that don’t break the business.
ZTNACASBDLPSaaS
Vendor Risk & Integrations
Scale third‑party reviews, secure integrations, and reduce SaaS risk as you grow.
Third-partySSO/SCIMLoggingAPIs
Packages
Time‑boxed outcomes: board risk snapshot, 90‑day foundation, and ongoing fractional CISO.
4 weeks90 daysRetainerOutcomes

Latest Cybersecurity News

See more →
Loading…
Loading latest headlines.
Loading…
Loading latest headlines.
Loading…
Loading latest headlines.
Loading…
Loading latest headlines.