World-Class Cybersecurity Professionals at your Service

Virtual Cyber Consultant (VCC)

A cost-effective, flexible, full-service consultancy service for medium & large enterprises with immediate cybersecurity requirements

 

BOOK A DISCOVERY CALL

What is a Virtual Cyber Consultant (VCC)?

The Virtual Cyber Consultant (VCC) Service is a remote-only, full-service cyber consultancy service that offers 300+ services in over 15 cybersecurity domains. 

The VCC service is right for you if you have immediate requirements in cybersecurity, governance, risk  and compliance that they need fulfilled in a short span of time. Some requirements from our clients, include, but are not limited to: 

  • Enhancing cybersecurity maturity and cyber resilience.
  • Demonstrating improved cybersecurity controls to clients, management, regulators, partners etc. 
  • Preparing for and achieving ISO 27001 and or Cyber Essentials certifications 
  • Aligning the business with Cybersecurity Frameworks like the NIST Cybersecurity Framework and/or other standards & adopting best practices. 
  • Creating, reviewing or refreshing Cyber Incident Response Plans and/or Cyber Incident Response Playbooks. 
  • Review of your Disaster Recovery or Business Continuity Plans.      
  • Implementing the Risk Management Framework, including identifying assets and defining asset management processes. 

6 Benefits of our Virtual Cyber Consultant Service & Why it Matters to your Business

Significant Cost Savings

Our VCC Service leads to considerable cost savings. Not hiring full-time staff means no recruiter fees, no contractors, no salaries, no holiday or sick pay. What about urgent requirements? Not a problem as you can utilise your allocated Zoom hours in one go & buy more when required. 

Highly-skilled practitioners

With our VCC Service, you get access to highly-skilled cybersecurity practitioners with a wealth of cross-industry experience, at a fraction of the cost of hiring them. You are always supported by an experienced Security Consultant via Zoom calls and can ask any question you like. 

Extension of your IT/InfoSec Team

We can either take on the role of being your Infosec team or we can offer support to your existing team. If your resources are stretched and you have an immediate cybersecurity requirement, our VCC Service is perfect for you.  

Quick Improvement in Cyber Posture

If you are looking to RAPIDLY improve your existing cybersecurity maturity and/or achieve compliance, improve risk management, governance, business continuity & Incident Response, our Virtual Cyber Consultant Service is ideal. 

Complete Cybersecurity Assistance

As the name suggests, our Virtual Cyber Consultants will help you with all your cybersecurity requirements including supplier questionnaires, Cyber Essentials, Incident Response Plans, Playbooks and much more. 

Unparalleled Flexibility in Service

The USP of our VCC Service is the incredible flexibility it offers. You can choose from 4 Service Tiers (Silver, Gold, Platinum & Platinum+), 300+ Services & flexible payment options to make a choice that's absolutely fit for your business. 

What's Unique about our Virtual Cyber Consultant Service?

The Virtual Cyber Consultant model is affordable & specially tailored for medium to large enterprises that do not wish to pay exorbitant consultancy fees to achieve their cybersecurity goals. The service has been specifically designed for those businesses which have urgent cybersecurity requirements. If you are not in a hurry or if you don't have an immediate requirement then we recommend you try our VCA or Virtual Cyber Assistant service. 

Regardless of which service you select Cyber Management Alliance Ltd is known for its laser focus on customer service and satisfaction. 

Four Service Tiers

The Virtual Cyber Consultant Service offers 4 Service Tiers - Silver, Gold, Platinum, and Platinum+.  Each Service Tier comes with a different number of Zoom hours & additional benefits. No matter how extensive or urgent your cybersecurity requirement may be, there is a Service Tier for you. The best part is that you can use all the Zoom hours allocated to your Service Tier in one go if the need arises. 

 

Flexible Payment Plans

With flexibility as its USP, the VCC Service comes with both Monthly and Annual Payment options. For a monthly-paying client, there is no commitment. Annual clients, who pay upfront for 12 months or more, are entitled to a discount of up to 30% on the monthly charge. In addition, annual paying clients have access to many additional benefits and premium features including extra Zoom hours. 

Access to 300+ Cyber Services

The Virtual Cyber Consultant Service offers you  access to 300+ Cybersecurity, Governance, Risk & Compliance Services across 15 Domains. This means that no matter what your immediate cybersecurity requirement might be, the VCC Service should be able to cover it. We also offer readymade packages including Cyber Essentials, ISO 27001, BCP & more.

The VCC Service Is For You If You're Looking To... 

 

Implement a Cybersecurity framework and/or want to follow best practices. 

Become Cyber Essentials Certified and you need comprehensive support in this area. 

Align your business with the ISO 27001:2022 Standard because your management is worried about the lack of standards and/or cyber frameworks in the organisation.

Implement a Cyber Risk Management Framework and you want to follow best practices.

Have Incident Response Playbooks created, reviewed and/or refreshed so you can better respond to cyber-attacks.
Get a complete review of your Business Continuity & Disaster Recovery plans, processes and procedures.
Bolster your ability to respond to and recover from cyber-attacks and ransomware attacks & need support in creating and implementing a cybersecurity incident response plan along with related processes and response playbooks. 
Review cybersecurity practices in your Supply Chain and define onboarding and other processes in accordance with the best practices. 
Have your cybersecurity practices in Asset Management reviewed and define processes in accordance with the best practices.
Have the Risk Management Framework implemented even if you do not necessarily want to be certified with ISO 27001.
Identify assets and define asset management processes. 
Define processes to manage cybersecurity in the supply chain.

 

The Virtual Cyber Consultant Service VS the Virtual Cyber Assistant

The VCC or Virtual Cyber Consultant service is highly affordable and flexible. However, Cyber Management Alliance offers an even more cost-effective cyber consultancy service called  Virtual Cyber Assistant.

Here are the key differences:

Virtual Cyber Consultancy (VCC)

Virtual Cyber Assistant (VCA)

Immediate and urgent requirements in cybersecurity, governance and risk  Gradual improvements in cybersecurity, risk and governance
Unlimited, remote Zoom or MS Teams access to our senior consultants Time-limited remote access to cybersecurity consultants. Primarily, an asynchronous, ticket-based service.
Enhanced interaction and engagement with continuous live engagements.  Primarily, an asynchronous, ticket-based service.
Consume ALL your days in one GO! For example, you can use your 24 days consecutively over 24 days (assuming you have purchased the Gold Service Tier) Limited to number of days per month. Example, in our Gold Service Tier you get a total of 24 days per year, but you can only consume 2 days a month. 

 

Virtual Cyber Consultant Service

300+ Services across 15 Service Domains

Based on our professional experience & market needs, we have reduced the complex world of cyber into 15 simple domains. Each Service Domain has associated services and activities. We can support you in one or more domains.  

 
Client Feedback

Listen to what our clients have to say about our consultancy services

"In order for BMJ to the right way forward we looked for a VCISO to advise us on the right way to do things and give us expertise. We went to Cyber Management Alliance and it's been about a year now and we ran workshops, looked at our response to incidents, created the incident response plan and we are in a position now where we understand our way forward. Our VCISO keeps us on our toes and overall it's been a very effective way of delivering expertise into the organisation that we wouldn't have normally had."

Aaron Townsend, Service Delivery Manager, British Medical Journal  

 

 

Four Service Tiers for Different Needs

Service Tiers

Benefits, Features & Pricing

Here is a closer look at what each Service Tier offers

From as little as £440 per day

Tiers
Silver
Gold
Platinum
Platinum+
Features
Number of Days per Month (Monthly Subscription)
1
2
3
4
Total Number of Days per Annum
12
24
36
48
Access to 300+ different Cybersecurity, Governance, Risk & Compliance Services across 15 Domains
Ask Any Question (Best effort response) - Not deducted from allocated hours
Always Supported by an Experienced Security Consultant
Is it possible to buy additional hours?
Initial, one-time 120-minute onboarding support via Zoom
Zoom calls with Experienced Security Consultant
Unlimited
Unlimited
Unlimited
Unlimited
Access to NCSC-Certified Training Courses (Annual)
2
5
10
15
Access to CISA, CRISC, CISC & other Training Courses (Annual)
2
5
10
15
Carry forward hours (Yearly - Only on Annual Contract Renewal)
Yes; Max 1 day
Yes; Max 2 days
Yes; Max 4 days
Yes; Max 8 days
Specialist review of RFP/Engagement letters/Requirements Definition + Review of Responses to the RFPs
Additional inputs & advice by an Experienced Senior CISO
8 hours
8 hours
12 hours
16 hours
Security Consultant WILL attend calendar meetings virtually
Dedicated Account Manager
Optional
EBAS (Standard 45-minute session)
Yes (-1 days)
Yes (-1 days)
Yes (-1 days)
Yes (-1 days)
ECAS (180-minute Executive Cyber Crisis and Awareness Session)
Yes (-3 days)
Yes (-3 days)
Yes (-3 days)
Yes (-3 days)
Cyber Crisis Tabletop Exercise -Executive
Yes (-5 days)
Yes (-5 days)
Yes (-5 days)
Yes (-5 days)

Book a discovery call to find out more 

Popular Packages to Get You Started Immediately

ISO 27001 Readiness Package (Readiness - Create and/or Refresh)

+

We will support the organisation to create and adapt to cybersecurity framework based on ISO 27001. We will evaluate the current posture, provide recommendations for improvement, Create relevant policies and processes. Develop a Risk assessment methodology and assist in conducting Risk assessment. We will also provide you with templates and records to be maintained to ensure alignment to the framework.

Services include:

  • Gap Assessment
  • Create Cyber Policies
  • Create Governance Policies
  • Review Cyber Procedures
  • Compliance activity trackers
  • RA Methodology
  • Risk Assessment
  • Effectiveness Measurement
  • Risk Monitoring/Review of Risk Treatment Plan
  • Audit Report Response/Corrective Action Plan
  • Management Review Meeting - Create
    Continual improvement plans

ISO 27001 Review Package (Review Packages include Review Only)

+

We can review and comment on your ISMS framework and maintenance practices. We will review the relevant policies, processes, procedures and records.

Services include:

  • Review of Cyber Policies & Processes (Documentation set)
  • Review of Cyber Procedures
  • Gap Assessment (Request & review of evidences to ensure compliance to policies & processes)
  • ISO 27001 maintenance/framework review (Training, Risk monitoring & treatment plans, Management review meeting records, Internal audits, etc.)

 

Cyber Essentials Readiness Package

+

We will support the organisation to create and adapt to cybersecurity framework to comply to all Cyber Essentials requirements. We will evaluate the current level of compliance, provide recommendations for improvement, create relevant policies and processes. We will also provide you with templates and records to be maintained to ensure compliance to the requirements.

Services include:

  • Gap Assessment/Review of compliance to Cyber Essentials requirements
  • Create Cyber Policies & Processes
  • Create Governance Policies
  • Review Cyber Procedures
  • Documentation of Cyber Essentials
  • Self-assessment Questionnaire

Cyber Essentials Review Package

+

We can review and comment on your compliance to Cyber essentials requirements. We will review the relevant policies, processes, procedure, and records.

Services include:

  • Gap Assessment/Review of compliance to Cyber Essentials requirements
  • Review Cyber Policies & Processes
  • Review Cyber Procedures
  • Review of documentation & Cyber
    Essentials Self-assessment Questionnaire

BC & DR Readiness Package

+

We will support the organisation to create and adapt to the business continuity framework based on ISO 22301. We will conduct BIA (Business Impact Analysis) to identify critical assets and relevant acceptable unavailability periods, and create relevant policies and processes. We will help the organisation develop a Risk Assessment methodology and assist in conducting Risk Assessment. Based on the outputs of the assessment, we will support in creating Business Continuity plans and Disaster Recovery plans. We will also provide you with templates and records to be maintained to ensure alignment to the framework.

Services include:

  • Conduct Business Impact Analysis
  • Create Business Continuity Strategy
  • Create Business Continuity-related policies and processes
  • Risk Management Methodology
  • Risk Assessment
  • Business Continuity Plans
  • Incident Response Plans
  • Playbooks
  • Disaster Recovery Plans

BC & DR Review Package

+

We can review and comment on your Business Continuity & Disaster Recovery Plans and maintenance practices. We will review the relevant policies, processes, procedures and records.

Services include:

  • Review of Business Impact Analysis
  • Review Business Continuity Strategy
  • Review Business Continuity-related policies and processes
  • Review Risk Methodology & Assessment
  • Review Business Continuity Plans
  • Review Incident Response Plans
  • Review DR Plans
  • Review Playbooks
  • Review DR testing records

 

Incident Response Readiness Package

+

We will support the organisation to create Incident Response plans based on industry-accepted frameworks NIST SP 800-61 and SANS. We will assess the current practices in place and suggest recommendations for improvement. We will create Incident Response-related documents including Policy, roles & responsibilities, Processes, and Incident Response Plans. We'll also create playbooks to support timely and effective cyber incident response.

Services include: 

  • Create Incident Management Policy
  • Create Incident Management-related documents - Roles & responsibilities, communication plans, etc.
  • Create Incident Management processes
  • Create Incident Response Plan
  • Create IR Playbooks

Incident Response Review Package

+

We can review and comment on your Incident Response Plans and practices against industry-accepted frameworks NIST/SANS. We will review the relevant policies, processes, procedures and records.

Services include:

  • Review Incident Management Policy
  • Review Incident Management Processes
  • Review Incident Response Plans
  • Review Playbooks

Complete Risk Management Package

+

We will support the organisation to create and adapt to the cyber risk management framework based on ISO 31000/NIST SP-800. We will identify critical assets/processes, develop a Risk Assessment methodology and assist in conducting Risk Assessment. We will also provide you with templates and records to be maintained to ensure alignment to the framework.

Services include:

  • Create Information Asset Registers
  • Risk Assessment Methodology
  • Risk Assessment
  • Risk Treatment Plan
  • Risk Monitoring/Review of Risk Treatment Plan
  • Management Review Meeting - Create

Review of Risk Management Practice

+

We can review and comment on your Risk Management Framework and implementation. We will review the relevant methodology, assessment report and relevant records.

Services include:

  • Review of Information Asset Registers
  • Review of Risk Assessment Methodology
  • Review of Risk Assessment Records
  • Review of Risk Treatment Plan & Risk Monitoring Process

End-to-End Supply Chain Cybersecurity Management

+

We will create, review and evaluate your organisational cybersecurity controls for your supply chain management processes. We'll connect with you to understand the areas/services with supplier involvement, data shared, IT controls implemented and high-level guidelines, if any in accordance with the same.

Services include: 

  • Review supply chain processes & practices (agreements, data sharing practices, cyber security controls, etc.)
  • Identify applicable cyber controls
  • Create supply chain standard (as per the identified cyber controls that need to be implemented)
  • Create supply chain policy

Review of Supply Chain Processes

+

We can review and comment on your supply chain management processes and its implementation. We would connect with you to understand the areas/services with supplier involvement, data shared, IT controls implemented and high-level guidelines in accordance to the same. We will review the relevant policy, standard and relevant records.

Services include: 

  • Review of Supply Chain practices
  • Review of Supply Chain policy & standard
  • Review of Supplier monitoring records

Asset Management Lifecycle

+

We will help you create Information Asset registers, classify assets and develop cybersecurity integrated processes to manage your asset lifecycle. We will address all types of assets - Hardware, Non-IT, Software, Paper, Staff/People, Electronic, etc.

Services include:

  • Review of Asset handling processes
  • Create Information Asset Registers
  • Assist in Asset Classification & Criticality
  • Asset Management Policy and Standard

 

Review of Asset Management Lifecycle

+

We can review and comment on your Asset Management processes, Information Asset registers, Asset Classification and overall Asset Management Lifecycle.

Services include: 

  • Review Asset handling processes
  • Review Information Asset registers
  • Review Asset Management policy and standard

What makes our Virtual Cyber Consultant service unique compared to traditional consultancy models?

Complete Flexibility

Utilise all the allocated Zoom hours in one go for urgent requirements, along with the option to buy additional hours.

Full-Service 

Direct engagement with the Cybersecurity Consultant over Zoom calls.

Remote cyber consultancy-as-a-service

We can service clients globally at a budget that is palatable to a large number of businesses. 

Expert Advisory

Get access to insights, inputs & advice by an Experienced Senior CISO.

Ask Our Experts Any Questions - At No Cost!

All our subscribers can ask our experts any questions at no cost to the allocated hours.

Pay-as-you-Go Monthly Subscription Model

The World's First Truly Flexible Cyber Consultancy Subscription Service.

Pick-&-Choose From Over 300+ services

You can ask us to Create New, Review & Refresh from over 15 Service Domains.

Scale Up/Scale Down

Total flexibility: Upgrade or downgrade your service at anytime using our self-service portal.

Carry Forward Your Unused Hours!

You have been busy and couldn’t use up all the days in your Service-Tier. No problem. Roll them over to the next contract.

NO Need To Raise a PO For Each Project or Task!

Our Cybersecurity-as-a-Service model negates the need for raising separates POs for separate projects.

Why not book a discovery call to discuss your requirements?

Want more information on what is a Virtual CISO, Virtual CISO Services & Virtual CISO hourly rates? Book a no-obligation discovery call with one of our consultants. 

Let us show you why our clients trust us and love working with us.
PACKAGES AVAILABLE

What exactly do you get with our Virtual Cyber Consultant Services?

Here's a quick look at 15 of the main service domains that we cover in our Virtual Cyber Consultant Services UK. There are several sub-categories under each domain, some of which have been listed below. 

Cyber Resilience

1. Cybersecurity Strategy
2. Cybersecurity Policy & Procedures
3. Cybersecurity Roles & Responsibilities 
4. Crisis Management Procedures 
5. Disaster Recovery & Business Continuity Plans

Incident Response

1. Incident Response Plan
2. Policies, Plans & Procedures
3. Playbooks
4. Threat Actor Library
5. Mapping of incidents/Security events

 

Cyber Risk Advisory

1. Risk assessment
2. Risk mitigation plan/Risk prioritization
3. Audit/Assessment reports
4. Incident tracker & Change management tracker - Major Changes
5. Information asset registers

Supply Chain Cybersecurity

1. Agreements with Suppliers
2. Requirements in Supply chain
3. Evaluation of cybersecurity controls in supply chain
4. Policies & Procedures
5. Evaluation & Monitoring checklists

Certifications & Standards

1. Gap assessment
2. Measurement of effectiveness of controls
3. Previous audit report closures
4. Implementation of controls
5. ISO 27001 & Cyber Essentials

Governance & Compliance

1. Policies & Procedures
2. Measurement of effectiveness
3. Compliance to organisational framework
4. Audit plans & Assessment reports
5. Information security strategy

Technology & Architecture

1. Architecture diagram
2. Comparison of solutions
3. Configuration
4. Monitoring

Data Security

1. Information classification
2. Data flow analysis
3. Information access controls/restrictions
4. Data leakage controls

Security Operations

1. Policies
2. IT Procedures
3. Configuration guidelines
4. Incident/Problem Management
5. Effectiveness of IT Security controls

Asset Management

1. Asset Management
2. Information asset registers
3. Information classification and labelling
4. Asset criticality
5. Asset handling procedures

IT Operations

1. IT Operations Security Policies
2. IT Security Operating Processes
3. Configuration Guidelines
4. Incident Management Processes

Audits & Assessments

1. Audit Report Response
2. Audit Report – Corrective Action Plan
3. Penetration Testing reports review & closure plans
4. Audit Plans

Cloud Security

1. Cloud Security Policies
2. Cloud Security Processes
3. Configuration Guidelines
4. Cloud Security Strategy
5. Review of Cloud Service Agreements

Cyber Strategy

1. Organisational Cyber Security Strategy
2. Management Review Updates
3. Continual Improvement Plans
4. Organisational Risk Profile

Business Continuity & Disaster Recovery

1. Business Continuity/Cyber Resilience Strategy
2. Crisis Management Plans
3. Incident Response Plans
4. Playbooks
5. Business Impact Analysis

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

The information on this page and related pages and documents is Copyright of Cyber Management Alliance Ltd. The VCC or Virtual Cyber Consultant term, other terms, information, concepts, ideas, workflows, processes, procedures and other content that directly or indirectly supports the VCC Service are Copyright of Cyber Management Alliance Ltd. Copyright 2022.