Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Part-Time CISO is a virtual CISO service provided by Carl B. Johnson, also known as a Fractional CISO, outsourced CISO, or CISO as a Service. It is aimed at companies that need senior security leadership but cannot justify the cost of a full-time CISO. Its core value is outsourcing security strategy, compliance execution, board reporting, and audit preparation to an experienced security leader, rather than simply receiving a one-off consulting report.
The service is not focused on deploying products such as firewalls or EDR, but on security governance and compliance execution. The site explicitly covers cybersecurity risk assessments, gap analysis, risk registers, 12-month security roadmaps, incident response plans, tabletop exercises, vendor risk management, security awareness training, policy writing, evidence collection, and audit remediation. Supported frameworks include CMMC, HIPAA, NIST 800-171, ITAR, CUI, SOC 2, and ISO 27001, making it particularly suitable for defense contractors, healthcare organizations, and manufacturers subject to export-control requirements.
Delivery is primarily remote virtual CISO support, with on-site support available as needed. The typical process is to complete a risk assessment in the first 30 days, develop a strategic roadmap within 30–60 days, and then move into ongoing project management, with quarterly reporting to the board and executive team. The service emphasizes collaboration with the client’s IT/security teams, auditors, and vendor processes, but it does not disclose specific API, SIEM, EDR, or ticketing-system integrations. It should therefore be viewed more as a managed security leadership service than a technical platform.
Pricing is transparent: Strategic Advisor costs $4,000–6,000/month, Operational vCISO costs $7,000–11,000/month, and Full-Stack vCISO costs $12,000–17,000/month. Compared with the stated $250,000–400,000 annual salary for a full-time CISO, the cost advantage is clear, and customers can scale the engagement up or down depending on audit, incident, or steady-state operational needs. It offers strong value for companies with 50–500 employees and clear compliance pressure.
The strengths are fast onboarding, clearly defined scope, focused compliance frameworks, and inclusion of board reporting and execution management. The downsides are that the service appears to depend heavily on an individual expert, while team size, SLA, payment methods, and third-party attestations are not disclosed. Its claim of a “100% audit success rate” also lacks verifiable detail. It is best suited for growing companies with mandatory CMMC, HIPAA, NIST 800-171, ITAR, or SOC 2 requirements that do not yet need—or cannot afford—a full-time CISO.
The site does not provide information on access from China, payment options, or local service availability, so china_access should be considered unknown. Chinese companies considering this type of service should pay close attention to cross-border payments, time zones, language support, data export issues, and adaptation to local compliance requirements. Alternatives include domestic MLPS/data security compliance consulting, MSSP-managed security operations, professional services from cloud security vendors, or hiring a local part-time CISO consultant.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on parttimeciso.com official site.
parttimeciso.com is an United States Security provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Limited (proxy recommended). Click "Visit Official Site" to reach parttimeciso.com directly.