CISO since 2012. Zero reportable incidents. Available fractionally.
I’m Peter Whelan, a cybersecurity executive with 40 years in technology. Since 2012 I’ve served as Chief Information Security Officer for everything from a 100 person company to a multinational software company with 2,000 employees operating across multiple countries.
I haven’t had a single reportable security incident. That’s not just luck. It’s a system.
What I Do
I work with mid-market companies as a Fractional CISO, enterprise-grade security leadership without the full-time cost. I’ve built compliance programs from scratch, passed the toughest audits, and enforced a standard most companies consider aspirational: no known vulnerabilities on day of software release.
Services
- Fractional CISO / vCISO, ongoing security leadership, part-time or project-based
- SOC 2 Type II, ISO 27001, Common Criteria, HIPAA, GDPR, compliance programs that pass and stay passed
- Product Security & DevSecOps, security built into your development lifecycle, not bolted on after
- Security Risk Assessment, board-ready reporting that translates technical exposure into business language
- Security Awareness Programs, training tailored to your culture and your actual threats
Track Record
| Since 2012 | Consecutive years as CISO across multiple organizations |
| 0 | Reportable security incidents across a 2,000-person multinational |
| 0 | Known vulnerabilities on day of software release |
| 5 | Compliance frameworks: SOC 2 Type II, ISO 27001, Common Criteria, HIPAA, GDPR |
| 40+ | Years in technology; 31 certification exams passed |
| $3M | Largest project delivered, on time, on budget |
Who I Work With
I work with US and Canadian companies that have outgrown their current security posture, or never had one. Ideal clients include SaaS companies pursuing SOC 2 or ISO 27001, healthcare technology companies, software publishers, PE-backed companies preparing for due diligence, and scaling businesses that need a CISO but not a full-time one.
AI Integration & Security
AI is already inside your organization, whether you planned for it or not. Employees are using it. Your competitors are using it. And attackers are using it against you.
I help you adopt AI deliberately, with security built in from the start. That means governance frameworks, acceptable use policies, data classification, model risk assessment, and making sure your AI tools don’t become your biggest liability.
The companies that get this right will have a significant advantage. The ones that don’t will be cleaning up breaches and paying regulatory fines. I can help you get it right.
Let’s Talk
Email: Peter@PeterWhelan.com
Phone: 647.287.2507
LinkedIn: linkedin.com/in/peterwhelan