How to Use CISO Marketplace

1. Choose Your Membership Level:


  • Access: Swag, courses, bookcase, gadgets.
  • Discount: 5% off on all products.
  • Benefits: Ideal for those looking to explore our offerings without a commitment.

CISO Membership:

  • Access: All freemium benefits plus on-demand penetration testing, direct access to engineers via Zendesk, compliance add-ons, and more.
  • Discount: Exclusive discounts on select services.
  • Benefits:
    • Comprehensive Reporting: Tailored for different audiences, including technical reports for IT staff, executive summaries for leadership, and specialized reports for board meetings.
    • CISO One-on-One: Personalized report explanation and strategic guidance in a one-on-one session with a CISO.
    • Continuous Support: Direct access to our engineers via the Support platform for support or further assistance.

2. Explore Our Services:

  • Domain Profiler (OSINT): Gain insights into a domain’s security posture.
  • Executive OSINT Assessment: Understand the digital footprint of executives and high-profile individuals.
  • Physical Security Assessment: Evaluate the physical security measures in place at your facilities.
  • Physical Social Engineering: Test the human element of your security.
  • External Vulnerability Assessment: Identify vulnerabilities in your external-facing assets.
  • Cloud Security Assessment: Assess the security configurations of your cloud services.
  • Third-Party and Vendor Risk Assessment: Evaluate the security posture of your vendors and third-party applications.

3. Start with the Basics:

For CISOs new to our platform, we recommend beginning with:

  • Domain Profiler (OSINT): Understand your organization’s online presence.
  • Cloud Security Assessment: Ensure your cloud configurations are secure.
  • Third-Party and Vendor Risk Assessment: Get a handle on the security of your third-party applications.
  • External Vulnerability Assessment: Identify vulnerabilities in your external-facing assets.

4. Project Timeline Overview:

Each of our service products has a hypothetical timeline to gauge how long the scope of work takes. Some assessments are quick, from 1 hour of testing to 1 – 3 weeks of testing to reporting. Our Assessments are conducted by Principal Security Consultants with over 10 years of information security experience in architecture, Engineering, Assessments, Hacking, and Compliance to operate many hats within the risk discovery phase.

  • Initial Consultation: 1 – 2 Hours Phone Call scoping (Security sales Engineers are also our Engineers for projects, so no mis-scoping)
  • Documentation: Project samples, Resume, Calendaring discussed
  • Assessment Duration: Varies based on the service, typically 2-3 weeks.
    • We reference a working cadence of 5 Business days with an equal to reporting (5 + 5 – two weeks) for a typical project length and rotation for our engineer’s flow.
      • The traveling engineer’s cadence is usually 1 + 5 + 1 for flying travel on each end of the working engagement.
  • Reporting: Detailed report delivered within seven business days after the assessment.

5. Report Delivery:

Once the assessment is complete, you’ll receive a comprehensive report detailing our findings, potential risks, and recommended remediation steps. Our team is available for any follow-up questions or clarifications.

  • Reporting has proofers for grammar and technical review.
  • Where we can add videos or need to edit social engineering videos for report delivery.
  • Reporting is guaranteed 10 days after report delivery.
    • Vulnerabilities, patches, exploits, and hacking operate to frequently for data on our report to not to become stale and outdated.

6. Continuous Support:

With the CISO membership, you have direct access to our engineers via our support platform for support or further assistance. Membership includes how many hours (Eight), to begin with, with others being able to add on additional.

You can buy “levels” of experience based on your task requirements and time constraints. Sometimes, you need assistance with architecture, engineering, or just QA testing some tools for a set duration like 8 hours or five days. Depending on the specific project type, you can choose experience levels, whether CISO, Engineer, or Hacker.

7. We Are Assessors, Not Auditors: Know the Difference

What We Do: Assessment

  • Objective Analysis: We evaluate your organization’s cybersecurity posture and provide actionable recommendations.
  • Hands-On: Our assessments are practical and involve real-world testing to identify vulnerabilities.
  • Custom Solutions: We offer tailored security solutions based on your organization’s unique needs and risks.
  • Continuous Support: Our relationship doesn’t end with a report. We offer ongoing support to help you implement our recommendations.

What We Don’t Do: Auditing

  • Checklist Compliance: Auditors often focus solely on whether an organization meets certain compliance criteria, usually through a checklist.
  • Limited Scope: Auditing often doesn’t involve the hands-on, practical testing that assessments do.
  • No Follow-Up: The relationship typically ends without ongoing implementation support once an audit is complete.
  • Audit Fines: Audit usually comes with compliance fines from HIPAA, PCI, GDPR, Insurance companies, etc.

Why Choose Assessment Over Auditing?

  • Actionable Insights: Unlike audits, assessments provide actionable insights that you can use actually to improve your security posture.
  • Holistic View: We look at the full picture, not just whether you meet certain compliance standards.
  • Long-Term Partnership: Our goal is to provide continuous value, helping you maintain a robust security posture in the long run.
  • Please note that your conversations will be recorded.

  • Sales Q: Hello, I am here to help around the CISO Marketplace with Sales and Product Questions. Ask me anything about items we sell or scope within cybersecurity!

We're thinking ...

CISO Memberships