A full-time CISO costs $250,000/year. A vCISO from West Computers gives you the strategic security leadership your business needs — risk management, compliance oversight, and security roadmapping — at a fraction of the cost.
Technical security controls — firewalls, MXDR, Zero Trust — are necessary but not sufficient. Someone has to own the security strategy: defining risk tolerance, building the security roadmap, managing vendor relationships, communicating to leadership, and making sure compliance obligations are met and documented.
That's what a CISO does. For most SMBs, a full-time CISO is unaffordable and unnecessary. West Computers' vCISO service provides experienced security leadership on a fractional basis — engaging as deeply as your business needs, from monthly advisory sessions to full program management.
Jack West brings hands-on experience in incident response, compliance frameworks, Microsoft 365 security architecture, and managed security operations — translating technical realities into business terms your leadership team can act on.
Every deliverable your business receives as part of this service.
A prioritized, budgeted security improvement plan — based on your current risk posture, compliance obligations, and business objectives. Updated quarterly.
A documented risk register tracking identified risks, likelihood, impact, and treatment decisions — providing the evidence base for security investment decisions.
Information security, acceptable use, incident response, business continuity, and vendor management policies — written for your business and kept current as regulations change.
Security review of third-party vendors and cloud services before onboarding — evaluating their controls against your requirements and compliance obligations.
Clear, non-technical security reporting for leadership and board-level audiences — communicating risk posture, program progress, and investment priorities.
During a security incident, your vCISO leads the response — coordinating technical response, client communications, regulatory notification, and post-incident review.
Comprehensive review of your current security posture, compliance obligations, vendor relationships, and policy documentation — establishing a risk baseline.
A 12-month security roadmap produced — prioritizing improvements by risk reduction, compliance requirement, and cost-effectiveness.
Risk management program, policy library, and vendor assessment process implemented. Compliance oversight framework established.
Monthly or quarterly advisory sessions. Policy updates. Vendor reviews. Compliance monitoring. Executive reporting. Incident support as needed.
Annual security risk assessment, roadmap refresh, policy review cycle, and compliance program assessment — with updated documentation for audit or insurance purposes.