Summary of Services

Provides vCISO and other advisory services to companies that are struggling to fill leadership gaps in their security organization or desire to implement modern security strategies. The following are typical services that David can provide clients on an hourly or retainer basis:

• Virtual/fractional security leadership (vCISO, program/project management, architecture)
• Current state assessments and validation of regulatory compliance against common frameworks
• Analysis of security capabilities to support due diligence for mergers & acquisitions
• Planning & architecture support for upgrades/acquisition of security technologies (on-prem or Cloud) or MSSP services

Friday, January 21, 2022


I'll be speaking as part of a panel at the AITP meeting in February.  This is open to both members and non-members.  

Register here:

  • Wed, February 16, 2022
  • 5:30 PM - 7:00 PM
  • Virtual Zoom Meeting

Topic:  The rise of the vCISO – Determining if fractional information security leadership is the right fit for your organization

In the past 5 years the Information Security industry has experienced a rise in the number of firms and individuals offering fractional leadership and governance offerings, especially to medium and small-sized client organizations who may not have the resources (team size, funding, etc.) to build out and mature a robust program. These virtual (v) a.k.a. vCISOs are representing a growing presence in the information security ecosphere.


Ninety minute program. Moderator and panel will introduce themselves (15m). Moderator will summarize panel talks for the audience and have two to three planned questions to start the panel discussion (60m). Questions and answer session (15m).


Panel will largely address the difference between an in-house CISO and vCISO and pros/cons of each, with an emphasis on the unique advantages of the vCISO model. The moderator and panel will also address general security topics and their approach to solving them.

  • What is a fractional or vCISO?
  • Why do we need a CISO?
  • How do we create value?
  • What are the challenges for a vCISO?
  • and more.