Fractional CISO Services

Board-ready security
leadership.
Without the $300K hire.

Technology companies at Series A through mid-market get the same security program that powered four consecutive SOC 2 Type II audits with zero exceptions — on a monthly retainer.

Book a Free 30-Minute CallView Services & Pricing
SOC 2 Type II
Zero exceptions across two organizations
30+
Years in Security
Spanning pre-cloud to AI governance
15+
Conferences
DEF CON, RSA, FBIIC-FSSCC & more
Published inRT InsightsInfosecurity MagazineCPO MagazineCyber Defense MagazineSecurity Magazine

Speaker at DEF CON · RSA · FBIIC

What I Do

Four service products. One senior practitioner.

Transparent pricing. No retainer-for-retainer's-sake. The right engagement for where your company actually is.

Most Popular

Fractional CISO Retainer

$8,500/month· ~15 hrs/month

Ongoing security program leadership for Series A–C technology companies. Risk management, compliance oversight, board reporting, policy development, and strategic guidance.

Learn More
Fixed Scope

SOC 2 / ISO Readiness Sprint

$18K–$25K project· 60–90 days

Gap assessment, control design, policy development, and audit preparation with a hard deadline in mind. Four consecutive audits with zero exceptions.

Learn More
High Demand 2026

AI Security Governance

$12K–$18K project· 30–45 days

AI use case inventory, risk assessment against NIST AI RMF and EU AI Act, Acceptable Use Policy, vendor AI risk framework, and board briefing package.

Learn More
Low Barrier Entry

Hourly Advisory

$350/hour· 2 hr minimum

On-demand senior security guidance. Often the starting point for engagements that convert to retainer relationships.

Book Now
The Difference

Technical depth that most executives stopped having years ago.

Most vCISOs are policy writers. I've architected Zero Trust deployments, built DNS security infrastructure from scratch, deployed AWS Bedrock for production teams, and stood up SOC 2 programs that survived four consecutive audits without a single exception.

I've also presented that work at DEF CON main track and RSA Conference — because credibility with practitioners is as important as credibility in the boardroom.

Full Background
Zero Trust Architecture
Cloudflare + EntraID SSO deployed in production. Not theoretical.
SOC 2 Track Record
Four consecutive Type II audits. Zero exceptions. Two different organizations.
AI Security Governance
Built and published AI governance frameworks before it was required. Now it is.
Board-Level Communication
Quarterly risk reporting directly to boards for 4+ years at a Series B company.
DNS Security Authority
DEF CON main track speaker. Decade of peer-reviewed work in the field.
Cost Reduction Track Record
30% reduction in security tooling spend through vendor consolidation — with better coverage.
CISSP
Certified Information Systems Security Professional
Since 2016 · Active & In Good Standing
CISM
Certified Information Security Manager
Since 2019 · Active & In Good Standing
Start Here

Thirty minutes. Free. No pitch deck.

Tell me where your security program is today and what's driving urgency. I'll tell you honestly whether and how I can help.

Book a Free 30-Minute CallEmail Directly