vCISO

A Chief Information Security Officer (CISO) provides executive-level oversight of an organisation’s cybersecurity strategy, risk management, and compliance efforts. For many growing businesses, hiring a full-time CISO isn’t feasible—but modern security risks don’t wait.

Today’s threats go beyond malware and firewalls—think misconfigured cloud storage, open file shares, shadow IT, and sensitive data left accessible in shared drives or third-party tools. At CySura, we offer Virtual CISO (vCISO) services that provide experienced security leadership on a flexible basis.

We work with your team to build a realistic security roadmap, support compliance goals, and ensure your infrastructure and processes are secure, scalable, and ready for what's next.

Our Approach as your vCISO .

  • We begin by looking at your environment through a practical, risk-focused lens—identifying not just obvious gaps, but the areas most likely to be exploited. From misconfigured systems to high-risk data exposure, we focus on what actually puts your business at risk, not just what’s easy to audit. It’s a clear, senior-level review designed to uncover what matters most.

  • We turn insights into a prioritised security roadmap that actually makes sense for your business. We start with the highest-risk issues—the ones most likely to land you on the front page if ignored. From there, we layer in compliance and maturity-building work at a pace that fits your resources. No bloated reports. No noise. Just clear, practical steps focused on real protection first, checklists second.

  • Depending on your needs, we either work alongside your team to guide implementation or roll up our sleeves and do the work ourselves. From policy development and vendor selection to SIEM tuning and security awareness programs, we’re not just advisors—we’re execution partners.

  • Security isn't a one-off project—it’s a continuous process. We help establish baseline monitoring and alerting across your environment, so you can track improvements, catch issues early, and gather proof for audits or board reports. Whether you're working with an internal SOC, external provider, or starting from scratch, we help tune alerts, reduce noise, and build processes for ongoing improvement. Our goal: to keep you secure, compliant, and quietly confident.

vCISO Service Tiers

We offer two ways to work together: a flexible contract rate for short-term or project-based work, and structured packages for businesses needing ongoing security leadership. Our Bronze, Silver, and Gold tiers scale from light advisory to fully embedded support—so you can choose the level that fits your team, risk, and growth stage.

Casual/Contract

For one-off projects that deserve more than generic advice

Need help tackling a specific security problem or preparing for an audit? Our casual tier offers flexible, short-term support for projects that don’t require ongoing engagement. You’ll work directly with Luke Thomas, CySura’s founder and former CTO/CISO, ensuring experienced insight and practical guidance from day one.

Ideal for:

  • Infrastructure or network reviews

  • Compliance readiness or client due diligence support

  • Security architecture feedback

  • Vendor risk assessments

  • Board or investor reporting

Price: $225 NZD/hour

Bronze

For teams who want expert direction, without hands-on execution.

Our Bronze tier offers direct access to senior CISO-level guidance from Luke Thomas, CySura’s founder and former healthtech CTO/CISO. You’ll get clarity on where to focus, support preparing for compliance, and a trusted voice to guide security decisions—without the need for deep technical execution.

Includes:

  • 8 hours/month of Luke’s time

  • Monthly strategy and advisory session

  • Security roadmap creation and oversight

  • Light-touch compliance support (SOC 2, ISO 27001, vendor assessments)

  • Input on policy and documentation

  • Slack/Teams/email access for async guidance

  • Optional board reporting input

Price: $1,600 NZD/month

Silver

For growing teams that need expert guidance and help executing.

The Silver tier gives you direct access to CySura’s founder, Luke Thomas, for more hands-on support. This package is ideal for businesses preparing for audits, scaling infrastructure, or needing help implementing a maturing security roadmap—without bringing on a full-time CISO or team.

Includes:

  • Up to 15 hours/month of direct support from Luke

  • Strategic guidance & roadmap ownership

  • Policy creation and control implementation

  • Compliance support (SOC 2, ISO 27001, HIPAA readiness)

  • SIEM/logging oversight and tuning

  • Security awareness planning and support

  • Slack/email support for team queries

  • Monthly security metrics or board-ready reporting

Price: $2950 NZD/month

Gold

For high-trust organisations that need a security leader on their team.

The Gold tier is built for businesses with growing complexity, external scrutiny, or internal gaps in security leadership. You’ll work directly with Luke Thomas. This tier provides deep, ongoing involvement—from strategic direction to hands-on oversight, reporting, and guidance across your organisation.

Includes:

  • Up to 30 hours/month of direct support from Luke

  • Everything in Silver, plus:

  • Attendance at board meetings

  • Ongoing audit-facing support (SOC 2, ISO 27001, HIPAA, client reviews)

  • Vendor due diligence and security onboarding

  • Incident response preparation and escalation guidance

  • Quarterly business risk & posture reviews

  • Priority access for urgent support and decision-making

Price: $6,000 NZD/month