Pratum vCISO - Virtual Chief Information Security Officer - Virtual CISO

Virtual CISO (vCISO)

Cybersecurity leadership, guidance and implementation.

Pratum's Virtual Chief Information Security Officer (vCISO) service helps businesses take control of information security by providing an outsourced cybersecurity leader to develop and implement a cybersecurity strategy that guards sensitive information, strengthens brand reputation and protects customer data.

vCISO delivers a tailored information security program with expert security leadership and a supporting team of analysts and consultants to solve clients’ unique cybersecurity challenges.

In Need of Cybersecurity

Pratum's vCISO Process

We start by learning about your organization and understanding your business objectives. We then develop a cybersecurity plan that aligns with your business needs. From there, we are able to function as an extension of your business and deliver expert information security insight, leadership and support.


Establish Your Cybersecurity Vision

Understanding where you want to go is integral in deciding how to get there.


Determine and Prioritize Cybersecurity Initiatives

The tailored cybersecurity program will provide strategic direction to help you achieve your goals. We will determine and prioritize cybersecurity initiatives to reduce risk in a quick and cost effective manner.


Reduce Risk with Continual Security Improvements

Assessing and addressing risk is never complete, but Pratum’s team will be with you, leading and assisting with implementation along the way.


The vCISO team has a deep understanding of our business and security needs. They are down-to-earth, communicate effectively, and display a real passion for helping our organization.

Tysen Landmesser Information Technology Manager - Accumold LLC

Developing your cybersecurity program

Pratum’s Virtual CISO team develops cybersecurity programs by utilizing a combination of the following services. Your program will be unique to your organization and designed to execute cybersecurity initiatives while achieving business objectives.

IT Risk Management

By understanding security risk and the impact it may have on an organization, Pratum’s cybersecurity consultants set the foundation for a formalized IT risk management program. Beginning with a risk assessment, organizations can realize a positive ROI by prioritizing expenditures in a manner that improves security posture while aligning risk with acceptable tolerance levels.

IT Audits

IT audits provide insight into potential gaps in processes and procedures in a technology environment. Audits identify problem areas by reviewing how well technology controls are designed and implemented.

Policy Review and Development

Policies must be designed to support risk management goals while maintaining business operations. Pratum’s process involves one-on-one interaction with business leaders, providing consultants with the insight necessary to draft your policies in a manner that will support your objectives.

Penetration Testing

Penetration testing is a proactive approach to discovering exploitable vulnerabilities in your computer systems, network, and web applications. Gaining an understanding of these vulnerabilities will enable you to resolve issues before an attacker interrupts business operations with a devastating security breach.

Social Engineering

By performing social engineering assessments of an organization’s facilities and employees, Pratum is able to establish the baseline security posture and make recommendations for modifying and developing stronger policies, procedures, and security awareness and training practices. Social Engineering services include Pretexting Phone Calls, Email Phishing, Dumpster Diving, and Facility Access - Onsite Security Assessment.

Security Awareness and Training

When implemented properly, security awareness and training activities can lead to greater reporting of suspected attempts to compromise an organization’s critical assets and fewer instances of employees falling prey to cyber threats and tactics.

Cybersecurity Consulting

Pratum consultants meet with clients to gain an understanding of their organizational culture, risk tolerance levels, regulatory environment, and industry pressures. This allows the team to approach information security using a risk-based methodology, enabling customization of each solution.

Business Continuity and Disaster Recovery

Business continuity and disaster recovery planning are critical to a business’ ability to weather interruptions to business functions and recover in case of a disaster. We help you identify critical assets and plan accordingly.

Compliance and Controls

Pratum’s vCISO will help discover a balance of risk management and security without compromising your organization’s mission and budget. Rely on Pratum as your partner for achieving HIPAA, SOX, PCI, GLBA, and FISMA compliance, preparing for SOC 2, and identifying and evaluating appropriate frameworks and controls (NIST, ISO, CoBIT, etc.).

Yes, Pratum utilizes a team of information security professionals to provide the very best security services for each vCISO client. Your program will have a Vitual CISO leader who will guide the program's strategy while utilizing Pratum's security team of consultants and advisors to accomplish necessary milestones. One of the advantages of vCISO is that additional security professionals are included in the security program, unlike with a CISO who must hire additional people (or outsourced service providers) to fulfil security needs.

Pratum's Virtual CISO (vCISO) is generally much less expensive than a full-time in-house CISO. According to SilverBull's May 2016 report, the Median salary for a CISO is $223,000 per year. The base salary doesn't even include the additional expenses that go into increasing employee headcount. On average, Pratum's vCISO clients pay a fraction of what it would cost to hire an in-house CISO. vCISO clients also gain access to the expertise of an entire team, which eliminates the inherent skills gap of a single employee.

vCISO enables companies that could not otherwise justify the expense of a CISO to receive top quality security vision, strategy and execution.

Virtual CISO has no borders. That is one of the many benefits of the program. Communication with Pratum's vCISO team can occur remotely though the use of tele-conferencing and online collaboration tools. Engagements can also be conducted in-person. Many of our clients employ a hybrid approach where the vCISO lead is onsite periodically to foster teamwork while other times working remotely to leverage the cost savings that virtual meetings afford today’s businesses. Pratum's team will find the right balance of on-site and remote activities that fit your company culture and budget.

Yes, vCISO is designed to provide tailored security programs. Pratum solves information security challenges based on risk, and because there are risks unique to your company, our security program is as well.

The vCISO program begins as soon as the statement of work is executed. Pratum’s vCISO team is organized and prepared with the appropriate “first step” action items for inaugural vCISO initiatives. However, the maturity of a client’s current information security program dictates the speed at which the vCISO program progresses. Pratum is prepared to work at whatever speed the client is equipped to handle.

Pratum prides itself in its ability to fully integrate with existing IT and business leadership teams. Pratum's vCISO relies on these teams to strengthen the client's security posture and improve security policies and procedures. The goal of the vCISO is to appear indistinguishable from an internal entity. The virtual CISO has the client's best interest in mind, and the relationship with IT and business leaders is integral in achieving security success.

Pratum's vCISO is not defined by hours. It is designed around security needs. This means that vCISO clients receive as many hours as needed in order to meet security objectives. Pricing is based on estimated hours to achieve objectives defined in the scoping of the vCISO engagement, but there is no cap on hours once the scope is defined.

As your vCISO, Pratum will work with your clients/customers to provide them the proper documentation and help them understand your information security program and how it supports the work you perform for them.

Some of Pratum's clients know exactly what they want from their vCISO program, but most of them do not. Pratum works with clients to define the vCISO service based on company culture, risk tolerance and compliance requirements. Once services are defined, Pratum will generate a proposal to review with the client. Adjustments will be made to the proposal until it meets security needs and business objectives.

Pratum is a great partner to us in providing valued information security guidance and advice to our organization. Pratum’s team of professionals are able to integrate well with our team and provide the needed consulting to make our information security program successful.

John Bertrand Vice President of IT - Kreg Tool Company
Kreg Tool Company

Certifications held by Pratum’s vCISO consultants and analysts.

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Payment Card Industry Internal Security Assessor (PCI ISA)
  • Certified Ethical Hacker (C|EH)
  • Offensive Security Certified Professional (OSCP)
  • GIAC Certified Intrusion Analysts (GCIA)

Interested in our vCISO Program?

Fill out this form for more information or to request a proposal.

Call 1 (515) 965-3756 ext. 3, or fill out this form.