theCISO.ca
Book 15 Minutes Email
vCISO engagement scope

vCISO Pricing

Scope varies because every environment, timeline, and governance requirement is different. The clearest way to evaluate fit is by scope, outcomes, and operating cadence. Here’s how a scope-based delivery model model maps to common deliverables, plus what drives cost up or down.

Book a 15-minute call Free Risk Snapshot Pack

Reference engagement patterns

  • 4-week Board Risk Snapshot: a focused 4-week advisory sprint
  • 90-day foundation build: a broader 90-day foundation build
  • Retainer: 2–6 days/month depending on complexity

What increases cost

  • Multiple business units / acquisitions
  • Weak identity hygiene (no MFA, broad admin rights)
  • No tested recovery, unclear backups, unknown RTO/RPO
  • Heavy compliance scope (SOC 2 / ISO / regulated)

What reduces cost

  • Clear executive sponsor and quick decisions
  • Existing ticketing / change management discipline
  • Good asset inventory + ownership
  • Willingness to prioritize (not “do everything”)

Want a clear engagement outline without sales theatre?

Send a quick snapshot of your environment and priorities. I’ll respond with a realistic range and the first milestone that unlocks value.

Book 15 minutes Send a snapshot

Explore the Security Topics That Move the Needle

Clear internal structure for humans and search engines — and a practical path from priority to measurable outcome.

AI Governance & Security
Shadow AI, model risk, prompt injection, and data leakage controls — built for auditability.
PolicyVisibilityGuardrailsAuditability
GRC That Executives Can Run
Risk, controls, evidence, and board-ready reporting — without fire drills.
BoardEvidenceKPIsFrameworks
IAM, RBAC & IGA
Least privilege, lifecycle automation, and measurable reduction in identity risk.
Least privilegeIGAPAMReviews
SASE & CASB Guardrails
Modern access + SaaS data controls that don’t break the business.
ZTNACASBDLPSaaS
Vendor Risk & Integrations
Scale third‑party reviews, secure integrations, and reduce SaaS risk as you grow.
Third-partySSO/SCIMLoggingAPIs
Packages
Time‑boxed outcomes: board risk snapshot, 90‑day foundation, and ongoing fractional CISO.
4 weeks90 daysRetainerOutcomes

Latest Cybersecurity News

See more →
Loading…
Loading latest headlines.
Loading…
Loading latest headlines.
Loading…
Loading latest headlines.
Loading…
Loading latest headlines.