vCISOBanking & Financial Services6โ12 month engagement
Mid-tier financial services firm โ fractional CISO programme.
A growing financial services firm under BNM RMiT obligations needs dedicated security leadership but cannot justify a full-time CISO hire. Engagement establishes the security programme, embeds governance cadence, delivers board-level risk reporting, and prepares the organisation for regulatory thematic reviews. Typical deliverables include a 12-month security roadmap, monthly governance forums, risk acceptance papers, and audit liaison support.
Risk AssessmentSaaS4-week engagement
Regional SaaS provider โ pre-funding security assessment.
A B2B SaaS company preparing for a funding round or enterprise procurement onboarding needs an independent security posture evaluation against ISO 27001 and SOC 2 control mappings. The engagement produces an executive-readable assessment report, a prioritised risk register, and a 12-month remediation roadmap suitable for investor and customer security review.
Crisis SimulationManufacturingHalf-day exercise
Regional manufacturer โ board-level cyber tabletop exercise.
A manufacturer with operations across multiple ASEAN countries wants to test executive decision-making following a ransomware threat against a peer organisation. Scenario co-designed with the firm's Head of IT covers initial detection, escalation decision points, customer communications, regulatory notification, and recovery prioritisation. After-action report identifies governance, comms, and escalation gaps with specific remediation recommendations.
Penetration TestFintech3-week engagement
Payments fintech โ pre-production penetration test.
A payments startup launching a new customer-facing platform requires external and authenticated penetration testing before production rollout. Scope typically covers the web application, supporting APIs, authentication flows, and cloud infrastructure controls. Engagement delivers an executive summary, a technical findings report with CVSS scoring and remediation guidance, plus a free retest of remediated findings within 60 days.
OT SecurityManufacturing / Infrastructure6-week engagement
Regional manufacturer โ OT infrastructure design & security assessment.
A manufacturer with multiple production sites across ASEAN engages on an independent OT security review, often triggered by an IT/OT convergence project, a regulatory expectation, or insurance-driven due diligence. Scope covers IEC 62443 alignment assessment, IT/OT network segmentation review, ICS asset inventory, vulnerability and patch management for OT, and security architecture review for newly converged manufacturing systems. Deliverables include a maturity-tier scoring against IEC 62443-2-1 and 3-3, a prioritised remediation roadmap that respects production uptime constraints, and a go-forward operating model for OT cybersecurity governance. Distinct from IT-centric work โ OT engagements require attention to availability over confidentiality, vendor-imposed lifecycle constraints, and safety-system separation.