Grouped by situation. If yours isn’t here, ask — we’ll answer it.
Separate the AI question from the data question. Most AI risk isn’t the model — it’s the data plumbing around it. A secure adoption program defines what data each tool can see, configures the guardrails to enforce it, and trains your team on what they can’t paste into a chatbot. Defensible baseline in 60 days.
Inventory before policy. We start with a two-week shadow-AI inventory — which tools your people use, with what data, for what — then write a policy your team will actually follow instead of route around.
Rough cut: if the strategic load is full-time but executive presence required is 4–10 days a month, fractional fits. If you also need someone to run day-to-day team operations, that’s a full-time hire. We’ll tell you straight if you’re in the second case — we’d be in the way.
CIO — how the company uses technology internally. CTO — how the company builds technology externally. CISO — how the company defends itself. Most mid-market companies need a blend; we’ll scope the mix on the first call.
Usually yes. Most insurance and customer questionnaires ask whether you have a named security executive, not whether they’re W-2. We’ll be named, attend the diligence calls, and back you in audits. We’ll tell you upfront if your situation actually requires a full-time hire.
Send it over. We’ll triage which questions are yes today, which need a small lift, and which need a real project. Customers are usually more flexible than the questionnaire sounds — especially with a named CISO on the reply explaining your trajectory.
There isn’t a fast one, just slow and very slow. SOC 2 Type I: 4–6 months. Type II: 6 more. HIPAA: faster if you’re already running tight. PCI: scope-dependent. ISO 27001: longest of the four. We’ll map your shortest realistic path on a 30-minute call.
50–500 person companies — large enough that tech and security decisions matter at a board level, small enough that you don’t already have a full executive team. We’ll be honest if you’re outside that range.
Foundations, charities, real estate, biotech, healthcare, financial services, technology, and startups — regulated and unregulated. The common thread isn’t industry; it’s size + moment: 50–500 people with AI on the agenda or a leadership gap to fill.
Almost always. Fractional leadership multiplies a good in-house team or vendor — it doesn’t replace them. We set boundaries on day one so nothing falls through the cracks.
A short PDF you can run through with your leadership team in 30 minutes. Tells you, honestly, where you stand on the eight things that matter most before scaling AI usage. Coming soon. Email us to be notified when it's available.
Ask us. We respond within one business day — usually much faster.
Ask Us Anything