Your On-demand Security Resource, Thought Leader, and Collaborative Risk Manager

Improve Security Posture

A Virtual CISO (vCISO) offers high-level strategy, tactical expertise and experience in all areas of cybersecurity.

We recognize every company has different needs and concerns, and our vCISO offering is meant to be flexible and scalable in order to meet those individual needs. We know not all companies can or want to recruit, hire and maintain a cybersecurity team and CISO. Sometimes, it’s just more logical to outsource those cybersecurity functions.

Our vCISO service will provide custom-tailored solutions and recommendations based on company size to align specific security programs with business objectives and priorities. Working with MorganFranklin means access to more than just a security expert; our vCISO will serve as an on-demand security resource, thought leader, and collaborative risk manager for a fraction of the cost and effort to hire someone full-time.


Learn more about how we can help you with your cybersecurity needs.

Immediate, flexible and cost-effective security expertise

A virtual CISO from MorganFranklin provides access to experienced senior executives that are well-versed in security strategy, planning, budgeting and delivery while possessing a strong background in IT leadership and organization design. The vCISO engages remotely to help an organization develop and deliver security programs, evaluate existing projects, provide recommendations on any security gaps, and promote a company wide security conscious approach. Hiring our vCISO will provide a team-based approach, bringing a wide range of specialized role-based resources to any security strategy including security architects, analysts and project managers.

How a vCISO works with an organization

A typical Morgan Franklin vCISO engagement for a midsized company may include:

  • Information security leadership and guidance
  • Influence committee leadership or participation
  • Budget Planning
  • Risk Assessment (ie email security)
  • Vendor management
  • Security strategy planning
  • Review compliance with regulations and standards
  • Review managing personnel, contractors and/or vendors
  • Build security program / policy creation
  • Security training and awareness
  • Implement additional programs as recommended (ie Governance, Risk and Compliance (GRC), Identity and Access Management (IAM), Cyber Security Operations, Application Security, Incident Response & Risk Intelligence)
  • Maintain security operations

Key benefits of a MorganFranklin vCISO

  • Motivated thought leaders providing insight and guidance
  • On-demand need-based availability
  • Objective advice and planning – unbiased, never limited to experience or knowledge
  • Affordable Team-Based approach – not all activities require the expertise of a high-paid CISO, leave those tasks to the people that specialize in that topic, and use the savings elsewhere in a budget
  • Scaleable teams and resources – ability to build out small teams with specific focus (VM, SOC, GRC, etc)
  • Flexible and nimble expertise in prioritizing needs and assessing challenges as they present themselves, start from scratch or adopt an existing plan
  • Exclusive partnerships and negotiable pricing on tools
  • No turnover maintain security operations without interruption

Technical Experience

Information Security Governance
Information Security Audit
Regulatory Compliance
Program Development
Operational Risk Management
Application Security
Cloud Security
Incident Response
Privacy Data Protection
Insider Threat Mitigation

Skill Sets

Business Transformation
Organizational Design
Process Re-engineering
C-Suite Communications
Global Operations
Consultative Partnerships
Financial Systems
Strategic Planning
Staff Development
Resource Management
Location Strategies
Product Strategies
Change Management
Complex Analytics


ISC2 Certified Information Security Professional
ISACA Certified in Risk and Information Systems Control
ISACA Certified Information Systems Auditor
Certified Information Security Manager
IAPP Certified Information Privacy Professional
CompTIA Advanced Security Practitioner

The MorganFranklin Way™

MorganFranklin’s approach to cybersecurity strategy and GRC solutions allows our consultants to better protect your organization’s brand against threats of all kinds. We’ll tackle the broader issues associated with corporate governance, enterprise risk management, and corporate compliance with a simple, structured approach.

By aligning with your business objectives, you’ll reap benefits such as:

  • Improved decision-making
  • Optimal IT investments
  • Reduced fragmentation with the elimination of silos

You may have a thorough understanding of the need for a GRC strategy, but you may not have the team or resources to implement internally. MorganFranklin can connect you with one of our GRC experts to create a business-aligned strategy that improves your GRC and overarching cyber security decision-making abilities. From security strategy, planning, budgeting and delivery, our consultants have a strong background in IT leadership and organization design. Whether you need part-time, interim or fully outsourced help, MorganFranklin is your trusted source to define and implement an effective GRC strategy.


We are experienced, engaged professionals that are highly energetic and motivated to work in challenging, high stakes environments.