Our Virtual CISO service provides you with an expert, board-level resource that can help manage and steer your information security compliance, governance or regulatory program. Our prime focus is on knowledge transfer, enabling you to undertake information security tasks without relying on expensive external resource. The Virtual CISO performs any or all of the duties a CISO or CSO normally undertakes and provides an expert resource that can manage, develop and support your security framework. We base the service on making highly experienced personnel available to you – either onsite or offsite, to lead and drive security efforts within your organization, resulting in a highly customised, tailored approach that ensures maximum benefit.
Virtual CISO profiles
Mike is an experienced senior security leader and Chief Information Security Officer (CISO) who originates from the Highlands of Scotland, early career trained as an Engineer in the Royal Air Force working on secure ground to air communications. Mike has worked extensively at senior level across the public and private sectors – most recently, chairing and leading strategic programmes for the Metropolitan Police Service (MPS), National Police Improvement Agency (NPIA) and covert/overt projects for the Child Protection Agency CEOP/SOCA. He was executive director for the security arm of a Big 4 practice and is currently retained by a the Big 5 Advisory firm as Head of Information and Cyber Security working across a diverse range of clients, assisting organisations ensure they are adequately protected from both a legislative as well as threat management perspective. Previous assignments on which Mike has led include two years as UK Managing Director for the security division of an IT Global services firm running a Government GCHQ List X and CHECK Green Light facility where he was managing technical teams conducting security assessments on ISO27001, DPA and vulnerability testing for high profile clients. He has conducted a global review of security for an online gaming company that suffered a serious data breach and is experienced in advising company boards on information security related matters and acting as Head of Information Security. He is a qualified NLP & NVI practitioner, top 1% member of MENSA and is highly approachable. Trained by the Institute of Directors (IoD) on the Chartered Director Programme he works with 2-sec across organisations providing a CISO advisory service. Mike is Chairman of AGE UK London Hounslow a recognised national charity and is a family man based near Heathrow.
Peter has worked for over 14 years in information security focusing in the last 6 years on Information Security Management, notably as Chief Information Security Officer (CISO) of the Gala Coral Group. His expertise covers enterprise risk management, information security business development and penetration testing. A trusted adviser to a number of UK organisations on Information Security, Peter is also a frequent speaker at Information Security events throughout Europe. After acquiring Certified Information Systems Security Professional (CISSP) status, Peter went on to be awarded Chartered Information Technology Professional (CITP) status by the British Computer Society and is currently a member of the ISACA Security Advisory Board. Peter’s outside interests include his smallholding in the Peak district and outdoor activities. His sidekick Brook, a springer spaniel, is never far from his side and is often seen ‘guarding’ Peter’s desk or ‘escorting’ the post. Peter also enjoys sailing and is a former crew member of RNLI boats “Himley Hall” and “Dignity”.
Martin has over 10 years experience working with information security, with strong boardroom experience and the technical know-how to match. Martin is a Certified Information Systems Security Professional (CISSP), a Certified Information System Auditor (CISA) and an active member of the information security community. He has worked on many enterprise scale projects for 2-sec customers, such as government agencies, ministries, banks, international corporations and blue chip service providers. As a QSA, he has helped over 75 entities reach their compliance goals and there is not much about PCI DSS that Martin does not know, widely regarded as a subject matter expert throughout Europe. Martin’s skills include Information Technology control assurance, compliance audit, regulatory consulting, auditing techniques, computer control environments and security services backed up by a wealth of experience within the information security consulting and managed services arena as well as the Payment Card Industry (PCI). Martin speaks Dutch, Croatian, Russian, Bulgarian and English.
What does a Virtual CISO do?
A Virtual CISO can help in many ways, and provides:
- An expert, independent and unbiased view of your risk, compliance and security postures
- Elimination of office politics from your project decisions by presenting an objective opinion unaffected by turf wars and egos
- Access to a wealth of industry experience. Your Virtual CISO will have performed a senior security management role already for a number of years and can help you avoid costly mistakes
- Senior-level presentations of your security posture and plans for the future to your organisation’s Board of Directors or other concerned bodies such as regulators or business partners
- Procurement services and security technology liaison. We know where to find value, what works and what often fails. Cutting through marketing and technology jargon will help you understand the true costs and benefits. This one feature alone will often save your company enough money to pay for the entire service
- Strategic guidance in company growth, risk management and service offerings
- Handling of your organisation’s vendor management program. The Virtual CISO can validate, track and maintain your organisation’s relationships with third party service providers and vendors, and the risk they pose to your business
- An independent review of audit and assessment reports, assisting with prioritizing issues and tracking resolution
- Co-ordination of security breach and incident investigations
- An information security liaison to auditors, assessors and third parties
- Assessment of the information security skills of your personnel and development of a multi-media program of education and cross training designed to provide them with skills necessary to protect your information
2-sec consultants are highly experienced, with extensive senior / CISO level experience already under their belts. The Virtual CISO service will help you access resource that you could not afford to maintain on a full time basis, helping bring you ahead of the game.