Rather than provide a catalog of services, let me point instead to my background and say that my focus is on helping companies define, assess, implement and lead successful security, risk and privacy programs. Just a few examples of how I can help you include:
- Virtual Chief Information Security Officer (vCISO) services for companies whose size does not justify a full time CISO, or as an interim CISO while searching for a permanent replacement.
- Mentor newly appointed CISOs regarding how best to structure and manage a security program and effectively work with peers, leadership and the board.
- Security program implementation. I help companies design, implement, organize and staff the most appropriate security organization to meet their business needs and constraints.
- Cyber risk program assessment, implementation and management. Properly assessing your cyber risks is the key to ensuring that your security program is focusing its limited resources on achieving the most meaningful risk reductions possible.
- Security architecture review, design and implementation. I help companies select the most appropriate technologies and processes to address their identified risks, considering their constraints of time, personnel and funding, to include application security practices for organizations who develop software for internal or 3rd party use.
- Advisor to boards and senior management on cyber risks and issues. I help boards understand their cyber oversight responsibilities in line with NACD guidelines and provide briefings on relevant current cyber risk issues. In addition, I provide an independent view of management’s security/risk and privacy initiatives.
- Assessment of security/risk/privacy programs. I can assess programs from multiple dimensions, ranging from compliance to industry or regulatory requirements, to maturity against industry security frameworks including ISO and NIST, and develop prioritized recommendations for action based on the findings.
These are just a few examples of services I can and have provided. If you have an issue you are grappling with, I am available for a free initial consultation to discuss your problem and how I can help, or point you to someone who can.
I can be reached at Michael.Lines@heuristicsecurity.com or (719) 377-3070.