vCSO Deliverables



IT Status Meeting:

Attend IT status meeting to provide updates on projects, answer tactical security questions, and get decisions from leadership as needed; review any current security vulnerabilities and discuss how the organization may or may not be impacted.

Employee Security Training:

Weekly video training modules to keep the entire organization vigilant and educated on the current cyber threats. A company leaderboard and credit score-based rankings heighten the competitive spirt.


IT Performance Analysis:

Audit monthly IT activities, document findings and initiate/request/validate any necessary changes

IT/IS Security Meeting:

Meeting to review issue progress, vulnerability test results, security project status, plan for upcoming events, and review/edit deliverables as needed

Simulated Phishing Exercises:

Deploy simulated fishing exercises and analyze results for frequent clickers or other signs and/or anomalies.

Backup/Continuity Review:

Review backup of all endpoint machines and servers to ensure that they are occurring on a timely basis and are within backup service legal agreement


User Privilege Review:

Review the list of line of business, M365 and domain users to ensure no unneeded users; verify tickets were created for user termination requests as well as any human resources changes

Leadership Meeting:

Meet with the executive team to provide updates on current trends in IT security, the latest vulnerability analysis, and status of IT projects

Disaster Recovery Testing:

Provide ongoing security analysis of network, provide & review report findings with leadership and assist in necessary remediation projects


Board Update Meeting:

Prepare and present updates for bi-annual cybersecurity risk board update


Chain-of-Custody Protocols:

Establish and maintain protocols for tracking of digital assets, ensuring secure handling and protection against unauthorized access

Policy Implem. & Review:

Implement, review, and update procedures

Penetration Testing:

Schedule, coordinate, and oversee third-party penetration testing; coordinate and remediate any findings from the testing

Vendor Security Audit:

Conduct security review of vendors; initiate/oversee vendor security changes as needed

Risk Assessment:

Review the different types of risk facing the business units; prioritize security and compliance investments and initiatives based on risk findings

PCI Self Assessment:

Complete and save to file the annual self-assessment questionaries for compliance purposes

Tabletop Exercise:

Perform annual table-top exercise of the disaster recovery plan/incident response plan with applicable IT vendors and company personnel

Inventory Data Assets:

Review the list of assets/vendors with the executive team on an annual basis, generally as part of quarterly IT executive meetings; review the list of Key Vendors in the IT security portal to ensure it is up to date


Site Visits:

Conduct in-person visits to the organization’s sites to review on-site security practices and initiate necessary changes

Threat Intelligence Emails:

Provide threat intelligence emails to the organization as relevant

Security Deliverables:

Provide other security deliverables and best practices as needed

Schedule a Consultation