Fractional CISO
Peter Whelan is a cybersecurity executive with 40 years in technology. Since 2012, he's served as Chief Information Security Officer across organizations ranging from 100 to 2,000 employees operating across multiple countries. He maintains zero reportable security incidents.
What I Do
Fractional CISO providing enterprise-grade security leadership without full-time cost.
I've built compliance programs from scratch, passed rigorous audits, and maintained a standard most software companies consider aspirational: no known vulnerabilities on day of software release.
I integrate with your leadership team, own your security program, and report to your board or executive team. Engagements are flexible — monthly retainer, project-based, or interim coverage.
Fractional CISO/vCISO
Ongoing or project-based
Compliance
SOC 2 Type II, ISO 27001, Common Criteria, HIPAA, GDPR
Product Security
DevSecOps & SDLC integration
Risk Assessment
Board-ready risk posture reporting
AI & Security
Organizational AI adoption requires governance, not just enthusiasm.
I help organizations adopt AI responsibly — with governance frameworks, acceptable use policies, data classification, and model risk assessment. Security leadership that understands the technology and the threats it introduces.
Who I Work With
Mid-market US and Canadian companies that need enterprise security leadership.
SaaS Companies
Pursuing SOC 2 or ISO 27001 certification
Healthcare Technology
HIPAA compliance and patient data protection
Software Publishers
Product security and secure SDLC
PE-Backed Companies
Security due diligence for acquisitions
Scaling Businesses
Fractional CISO when full-time isn't justified