For over a decade I’ve helped organizations build security programs that work, not just check boxes. Here’s what a fractional CISO engagement with me looks like in practice.
Fractional CISO / vCISO
You get a seasoned CISO without the full-time cost. I integrate with your leadership team, own your security program, and report to your board or executive team. Engagements are flexible, monthly retainer, project-based, or interim coverage.
Compliance Programs
I’ve achieved SOC 2 Type II, ISO 27001, Common Criteria, HIPAA, and GDPR compliance at a 2,000-person multinational. I know what auditors actually look for, and how to build programs that pass and stay passed. Whether you’re starting from zero or remediating a failed audit, I’ve done it.
- SOC 2 Type II
- ISO 27001
- Common Criteria
- HIPAA
- GDPR
Product Security & DevSecOps
I enforced a standard most software companies consider aspirational: no known vulnerabilities on day of release. I work with development teams to integrate security into the SDLC, threat modeling, code review practices, dependency management, and security testing, so problems are caught before they ship, not after.
Security Risk Assessment
A clear picture of your actual risk posture, presented in language your board and executives can act on. I assess your people, processes, and technology, then deliver a prioritized roadmap with business context, not just a list of CVEs.
Security Awareness Training
I’ve built security awareness programs from scratch, tailored to the actual threats facing a global software company. Generic training doesn’t stick. I build programs around your culture, your industry, and your real threat landscape.
Who I Work With
Mid-market US and Canadian companies, typically $20M to $500M in revenue, that need enterprise security leadership without a full-time CISO. I’m particularly effective with SaaS companies, healthcare technology firms, software publishers, and PE-backed companies preparing for security due diligence.
Ready to Talk?
Email: Peter@PeterWhelan.com
Phone: 647.287.2507
LinkedIn: linkedin.com/in/peterwhelan