Virtual CISO Role Bundle

A fractional CISO engagement guide that sequences security skills into coherent programs. This bundle replaces ad-hoc security work with structured engagement patterns that produce measurable outcomes.

When to Use

Invoke this role bundle when any of the following conditions are true:

• No dedicated CISO. The organization lacks a full-time security leader and needs someone to own the security program, even part-time.
• Security program assessment. Leadership wants to understand the current maturity of security controls, policies, and operations against a recognized framework.
• Preparing for SOC 2 audit. The company is 60-180 days from a SOC 2 Type I or Type II audit and needs structured gap analysis and remediation planning.
• Board wants a security posture report. The board or investors have requested a summary of security risk in business terms, not a vulnerability dump.
• Post-incident program review. A significant incident has occurred and the organization needs to assess whether the broader security program failed, not just the individual control.
• AI/LLM adoption oversight. Engineering is shipping LLM-powered features and nobody has evaluated the threat surface those introduce.

If the ask is a single tactical task (e.g., "scan this repo for secrets"), use the individual skill directly. This bundle is for program-level work.