Security Assessments
Strategy & GRC
Incident Response
SERVICES
Red Team

A Red Team simulates the tactics, techniques, and procedures (TTPs) of real-world threat actors to test an organisation’s defences against likely adversaries.

Purple Team

A Purple Team exercise brings together the offensive expertise of the Red Team and the defensive capabilities of the Blue Team to identify and remediate security gaps.

Penetration Testing

A Penetration Test leverages the offensive expertise of our security team to simulate real-world attacks on your critical systems and applications. Our tailored approach uncovers misconfigurations, flawed application logic, and other security gaps that may have gone unnoticed.

Security Uplift

A comprehensive analysis and remediation plan which aims to tangibly reduce organisational risk in the short-medium term for key cyber security scenarios.

SERVICES
vCISO

Our expert team can operate as an embedded part of your organisation, either as a vCISO or embedded security team.

Security Maturity Assessments

Our team helps your baseline your cyber security control and capability effectiveness and performance.

Cyber Risk Management

We help you build the right frameworks, policies and processes aligned to your risk profile across a broad range of areas. 

Cyber Strategy & Roadmap Development

Our team helps you define a long-term path forward based on your risk profile.

SERVICES
Incident Readiness

Equip your organisation with the tools, processes, and training needed for a swift and effective response to cyber incidents.

On-Call/Emergency Incident Response Retainer

Our team will identify threats, analyse risk and damages to critical assets, and provide immediate and preventative remediation, uprooting the threat from the network.

Post-Incident Response Analysis and Remediation

After an incident has been eradicated, our expert team will identify opportunities to improve preventative controls to reduce the risk of incident re-occurrence. 

Board & Advisory Education

Our in-depth and realistic scenarios help prepare executive teams in the event of an incident to minimise the resulting impact.  

Explore All Services
vCISO

Cyber Security expertise at every stage

Access a dedicated, outsourced virtual Chief Information Security Officer (vCISO) to guide and implement key cyber security strategies and initiatives in your organisation.

Talk to us

A vCISO can help you with:

Designing and implementing a security roadmap to achieve long-term maturity and resilience

Developing policies, procedures, frameworks aligned to your risk profile

Ensuring continued compliance with regulatory requirements and industry frameworks and standards

Conducting regular risk assessments to identify, evaluate, and mitigate emerging threats

Defining reporting metrics to facilitate effective communication with the board and management

Building and refining incident response plans to ensure your organisation is prepared for cyber incidents 

Facilitating security awareness and training programs to foster a security-minded culture

Providing ongoing expertise and advice on cyber security (e.g., for new systems or projects)

Benefits

Access expert cyber security leadership without hiring an in-house team  

Access to all of Skylight Cyber’s expertise through a single point of contact 

Minimise cyber risk through on-going cyber and threat landscape management  

How it Works

01

Initial Consultation and Assessment

We begin by understanding your organisation’s unique needs, goals, and existing security posture. This helps us tailor our vCISO service to fit your specific risk profile and priorities.

02

Security Roadmap Development

Based on our assessment, we create a customised security roadmap that outlines key initiatives, timelines, and milestones to enhance your organisation’s cyber security maturity.

03

Policy and Framework Design

We develop or refine security policies, frameworks, and procedures aligned with regulatory requirements and best practices, ensuring a strong foundation for your security program.

04

 Ongoing Advisory and Implementation

Your vCISO provides continuous guidance on security strategy and works with your teams to implement initiatives, from incident response plans to third-party risk management.

05

Progress Tracking and Reporting

Through regular updates and reports, we keep you informed on security progress, project status, and improvements made, ensuring transparency and measurable results.

06

 Continuous Support and Expert Advice

Your vCISO remains available to advise on new projects, technology changes, and evolving threats, ensuring your security strategy adapts to meet your organisation’s ongoing needs.

Our vCISO Experts

Our expert team have diverse and in-depth cyber capabilities aligned to your vCISO needs.

Jennifer Vu

Jennifer is the Head of Advisory Services and leads the cyber strategy and GRC capability at Skylight Cyber.


As an experienced cyber security consultant, she specialises in delivering pragmatic and risk-driven cyber security strategies, assessments and cyber risk management services to her clients. Jennifer has engaged with CISOs and cyber security teams to build their security organisations and successfully gain funding for their programs. She also has experience in getting into the weeds of cyber risk management to design, implement and run client's GRC processes and capabilities.


Additionally, in her most recent previous role at NSW Government, she has helped create the 2021 NSW Cyber Security Strategy and led the development and delivery of the first NSW government-wide training sessions for executives and senior management across all departments of NSW government.


Jennifer holds a Bachelor of Information Systems (Co-op) (Honours) from the University of New South Wales (UNSW).

Read more

Jimmy Hong

Jimmy is a senior cyber security and strategy consultant, specialising in cyber risk management and governance, and cyber security strategy. He excels in customising critical industry standards such as the ISM, ACSC Essential Eight, ISO 27001, and NIST to align with the unique needs of client organisations, as well as a deep understanding of regulatory compliance requirements such as GDPR and PDPA. This ensures their cybersecurity strategies are effective and well-integrated with business objectives.

Additionally, Jimmy is skilled in information security contractual negotiations and third-party risk management, providing comprehensive safeguards and compliance strategies for organisations.


Jimmy’s consultancy work covers a broad spectrum of sectors, including government agencies, private entities, and global financial institutions. His impact is noted with significant contributions for clients across Australia, Europe, and Asia.


He holds a Bachelor and Master of Electrical Engineering with a focus in Telecommunications from the University of New South Wales.

Read more

Mischa Tanne

Mischa is senior cyber security consultant with comprehensive experience delivering governance, risk, and compliance engagements. He has worked with clients to assist them in complying with industry standards and frameworks as well as regulations and laws, including ISO 27001, NIST CSF, ACSC Essential Eight, and GDPR. Mischa has also served as a vCISO, acting as the client’s on-call cyber security expert while also coordinating efforts to increase security practically. Mischa always makes an emphasis to provide business-led cyber security advice in order to provide practical advice to uplift maturity that has the most benefit.


Mischa’s consulting experience has included engagements with national, state, and local governments, public, and private sector clients, across both the APAC and EMEA regions.


He holds a Bachelor of Economics and a Bachelor of Art from the University of Sydney with majors in Econometrics, Financial Economics, and Political Economy. In his focus on continual development, he has also attained industry certifications including CompTIA Security+, and ISC2 Certified in Cybersecurity.

Read more

Speak to our team

Talk to us

FAQs

Is vCISO the right choice for me?

A vCISO could be the perfect fit if your organisation needs expert cyber security leadership but doesn’t require a full-time CISO. It’s ideal for companies that want to enhance their security posture, manage regulatory requirements, or gain strategic insights without the overhead of a permanent executive role. If you’re working on high-impact projects, facing interim leadership gaps, or have specific compliance challenges, a vCISO offers targeted, scalable expertise tailored to your unique needs and budget.

Why should I hire a vCISO instead of an in-house CISO? 

Organisations typically choose a vCISO over an an-house CISO due to the flexibility in scope, requirements, niche skills, and as a cost-effectiveness method to access a team of experts.  

How does a vCISO work with an existing security team?

A vCISO collaborates closely with your internal team, acting as an extension of your organisation to provide strategic direction and expert guidance. They work alongside leadership to align security initiatives with business goals, while supporting IT and security staff on tactical tasks like policy implementation, risk assessments, and incident response. The vCISO also serves as a mentor, helping upskill internal team members and fostering a security-conscious culture. With regular check-ins, clear communication, and tailored support, the vCISO seamlessly integrates into your operations, enhancing your team’s capability and resilience without disrupting workflows.

   

Can we update the scope of a vCISO depending on what we need?

Yes, we will work with your organisation to define the key outcomes required by the vCISO, which can be adjusted over time. 

Does the vCISO role include roadmap implementation?

Yes, the vCISO role typically includes implementing the cyber security roadmap they develop for your organisation, albeit, additional resources may be required. Beyond just planning, the vCISO works alongside internal teams to execute initiatives, including deploying security technologies, establishing policies and procedures, and supporting risk management activities. This hands-on approach ensures the roadmap’s objectives are fully realised, helping your organisation progress toward its targeted security maturity. If specific projects require extra assistance, the vCISO can also coordinate with internal resources or external vendors to ensure seamless implementation.

Are there any responsibilities outside the scope of a vCISO?

Yes, while a vCISO provides strategic guidance and oversight for cybersecurity, certain tasks may fall outside their typical scope. vCISOs generally focus on high-level planning, risk management, policy development, and security program oversight rather than day-to-day operational tasks. Routine responsibilities, like direct management of IT staff, continuous monitoring, or technical configurations, are usually handled by internal teams or dedicated IT resources. However, the vCISO can coordinate with those teams and advise on these activities to ensure alignment with the overall security strategy.

Copyright © 2024 Skylight Cyber All rights reserved.
Privacy Policy