A full-time Chief Information Security Officer (CISO) is salaried at $180k-$200k. Add on benefits, bonuses, stock programs, etc, the total compensation is $250k-$300k. A virtual CISO (vCISO) can cost a fraction of that amount. So, why doesn’t everyone outsource their CISO?
vCISO services can cost as little as $35k per year and as much as $250k per year. Our typical vCISO engagements decrease in cost over time as our client’s security programs go into “maintenance mode,” where the constant building effort is no longer a factor.