Security Practice

Fractional CISO / CSO

An experienced security executive on a part-time basis — accountable for the security program, vendor oversight, and board-level reporting. Right-sized for small and mid-market companies.

Fractional CISO / CSO

Part-time security governance and operations leadership from a Partner who has built and run security programs before. Accountable for the roadmap, the vendor ecosystem, and the board conversation.

Interim CISO / CSO

Full-time temporary security leadership when the in-house role is unavailable — during a transition, a major event, or a rapid scale-up.

What the role covers

  • Strategic and tactical security decisions for deploying internal security teams.
  • Security roadmap development aligned to budget, culture, and risk tolerance.
  • Building a mature security organization in stages the business can absorb.
  • Security team hiring, structuring, and mentoring.
  • IT Security Governance and Operations Management delivered as a service.
  • Organizational security strategy tailored to your threat landscape and risk profile.

When it's a good fit

Companies that need a credible security posture but can't — or shouldn't — stand up a full-time CISO yet. Organizations covering a gap during hiring or transition. Growth-stage companies that need to mature quickly because of customer, regulatory, or investor pressure.

Talk to a Partner ← Back to Security Practice
Also in this Practice

More Security services

Information Security Risk Assessments

Structured risk assessments using industry-accepted frameworks. We inventory assets, evaluate controls, and deliver a prioritized remediation roadmap tied to business impact.

Learn more →

Policy and Control Development and Implementation

Definition and implementation of controls across assets, risks, and departments — typically aligned to NIST, ISO 27001, SOC 2, or customer-specific frameworks.

Learn more →

Security Audit Preparation

Preparing your team and documentation for third-party audits including SOx, SOC 2, ISO 27001, HITRUST, and client-specific assessments.

Learn more →

Security Operations Development

Strategic and tactical buildout of security operations — from SIEM selection to incident response playbooks to managed-service evaluation.

Learn more →
Partners

Partners who lead this work

Michael Lyman, CISSP, CCSP, PMP

Michael Lyman, CISSP, CCSP, PMP

Partner, Security

Security and risk leader specializing in assessments, incident response, and fractional CSO/CISO services.

View profile →
Nate Kostoulakos, CISSP, CCSP

Nate Kostoulakos, CISSP, CCSP

Partner, Information Systems Security

22+ years in software engineering, IT management, and information security; fractional CISO for life sciences.

View profile →
Daryl Rinaldi, CISSP, CCSP

Daryl Rinaldi, CISSP, CCSP

Partner, Information Systems Security

30+ years in information security and IT management, providing fractional CISO services to 30+ Biotech companies.

View profile →