top of page


Cybersecurity Health Review + vCISO Retainer

At The Security Agency, we are committed to assisting you in understanding and fortifying your security posture in a manner that is both prudent and economical. As an expression of this commitment, we offer an affordable Cybersecurity Health Review with a built-in vCISO retainer. These health reviews are for companies who are eager to examine their exposure to attacks and engage in a discussion about building a security roadmap over a two-year horizon. We couple this review with a vCISO retainer so that you begin building up a pool of hours that you can utilize as needed and when needed.

Each TSA Cybersecurity Health Review encompasses:

  • An exhaustive assessment of your organization's externally-facing assets, with a focus on identifying vulnerabilities and misconfigurations.

  • A meticulous evaluation of endpoint controls, or any deficiencies therein, from an inside-out perspective with a focus on ransomware risk.

  • The invaluable guidance of an experienced CISO, dedicating up to two hours to elucidate the health review findings and collaboratively explore strategies for enhancing your security posture based on your business priorities.

Once you start your vCISO retainer, you can use these hours for:

  • Presentation at an all-hands meeting on current trends and discussion of recent attacks to identify lessons learned for your industry in general and your company in particular.

  • Join your leadership at a board of directors meeting to discuss your infosec roadmap, supporting the projects that you wish to be prioritized and funded for the next few quarters.

  • Adhoc incident review and guidance on identifying the root cause and lessons learned on how to avoid a similar incident recurring in the near future.

  • Mentoring of your infosec team and/or IT team to find ways to elevate the current security practice with a focus on tickets and automation of monitoring and incident response.

  • Third-party risk portfolio analysis (a CHR for your primary service providers) and recommendations.


If you have not engaged your retainer hours after 10 months, we can deliver a standards-based risk assessment (CIS Top Controls, NIST 800-171 or NIST CSF v2.0) to meet the needs for your cyber insurance policy or vendor/partner due diligence questionnaires and third-party risk.

bottom of page