Security

Thesis is pleased to announce a collaboration to help SMBs accelerate growth securely and achieve critical compliance milestones efficiently. This partnership provides our clients with a highly-flexible model to support their business objectives and key inflection points through cybersecurity strategy, governance, risk, compliance, and execution.

We’ve opened these security offerings as we’re driven by the belief that businesses deserve better from their security programs and partners. We’ve observed over the years a shared frustration about the market:

  1. Vague offerings offered under “cybersecurity strategy” or “vCISO”.

  2. Software sales wrapped in a thinly veiled consulting practice.

  3. Inexperienced teams with high churn, lacking much needed perspective, business acumen, and vision to provide the necessary depth and breadth most businesses need with their budgets. 

  4. Unclear scopes, missed timelines and deliverables, and lack of ownership.

  • We provide a focused and guided path to achieving crucial certifications, attestations, and regulatory milestones, backed by sound program development and audit support. Collaborate with your existing IT and security personnel to achieve independent credentials that can provide partners and customers confidence in your security practices.

    • ISO 27001 & SOC 2 Readiness and Audit Support: Achieve full readiness for independent certification and/or attestation with a clear, guided path to program implementation and audit support.

    • IPO Support: Strategic development of SOX IT General Controls (ITGC) and SEC-aligned cyber programs to support public capital raises. Post-IPO support through quarterly reporting, internal leadership, and BoD updates

  • Gain strong, practical insight and hands-on guidance without the cost of a full-time CISO. Our offerings are designed to complement your existing IT leadership and/or MSP, enabling them to focus on maximizing technical operations, project delivery, and support services.

    Cybersecurity Program Leadership & Management (vCISO)  

    Focus: Fractional Executive Leadership & Program Ownership. The strategic “what” and “why”. 

    Our vCISO service provides high-impact, dedicated security leadership and cybersecurity program management. It is built for long-term ownership and accountability. The vCISO is a fractional senior leadership partner that ensures overall cybersecurity and compliance program success, translating business goals into a comprehensive security strategy, managing the executive relationship, risk appetite, and budget. This includes:

    • Executive Ownership: Setting strategy, owning short- and long-term roadmaps, and providing executive reporting to the Board, investors, and C-Suite.

    • Governance: Overseeing compliance efforts (e.g., ISO 27001) and directing which operational programs need to be built (e.g., deciding the organization needs a Third-Party Risk Management program).

    Budget Alignment: Managing the entire security budget and ensuring all investments align with high-level business risk and growth objectives.

    Cybersecurity Risk Management and Operations

    Focus: Hands-On Program Execution and Implementation. The Tactical "How."

    This service group delivers actionable, project-based execution for critical security and risk programs. This service is designed for clients who have defined a strategic goal (the "what"), whether through Thesis or others, and now need expert, dedicated help to build, test, and operationalize their cybersecurity program. We focus on implementation and delivery, partnering with your key stakeholders:

    Foundational Control Implementation & Optimization

    We deploy high-impact security controls aligned with the CIS Critical Security Controls and best practices for modern security architecture.

    • Secure Identity & Access: Implement key controls like Zero Trust principles, Multi-Factor Authentication (MFA), Conditional Access, and Single Sign-On (SSO) across your environment.

    • Endpoint Security: Selection, deployment, and optimization of Endpoint Detection and Response (EDR) and Endpoint Security solutions.

    • Operational Documentation: Development of customized Standard Operating Procedures (SOPs) and technical Playbooks to ensure staff can reliably manage and maintain the new controls.

    • Secure Foundations: Hands-on execution of foundational security, securing identity, and optimizing IT infrastructure for robust, cost-effective protection.

    Detection and Response Build-Out

    We move you beyond simple alerting to a state of robust, managed threat detection and crisis readiness.

    • MDR / SIEM / SOC Implementation: Selection and integration of Managed Detection and Response (MDR), SIEM, or Security Operations Center (SOC) services, ensuring the necessary visibility and alerting is established.

    • Incident Response (IR) Readiness & Tabletop Exercises: We develop, refine, and test your full Incident Response program, ensuring legal alignment and SEC disclosure readiness.

    Governance & Business Resilience

    We build the core risk management and resilience programs required for regulatory maturity and continuous operation.

    • BC/DR Program Build-Out: We are the doers who operationalize the foundational elements required for resilience, including the Business Impact Analysis (BIA), Disaster Recovery Plan (DRP), Risk Register, and the necessary System of Record.

    • Supplier/Third-Party Risk Management Optimization: We implement and scale a risk-driven assessment program to dramatically reduce vendor review times.

    AI Strategy and Governance Workshop: We establish the necessary governance and security guardrails to safely adopt and leverage generative AI tools (like Gemini, OpenAI, Claude) for business efficiency.

  • Unique to Thesis, our bespoke “Retained Advisory” service provides on-demand expert access for your leadership and management teams. It is ideal when you need an experienced "sounding board" or expert tactical input for specific projects without requiring full program oversight. Support includes hands-on assistance for M&A considerations, legal/contract support, cyber vendor evaluation/selection, technology investment optimization, and insurance support.

  • An independent, top-down review of your current cybersecurity and compliance posture. This assessment provides an objective look at where you stand today, resulting in a prioritized, risk-based roadmap for a defined period like 12-24 months.

    Through this kind of engagement, we can deliver clarity on immediate threats and long-term strategy by:

    • Benchmarking Maturity: Validating organizational maturity and control posture against relevant frameworks (e.g., ISO 27001, NIST CSF, CIS Controls).

    • Optimizing Spend: Including an assessment of current MSP/security vendor performance and tool efficacy to ensure technology investments are efficient and aligned with business risk.

    • Delivering a Clear Plan: Providing a roadmap with clear steps for improvement, enabling you to secure budget and resources for the highest-impact initiatives.

    You fully own the report and can use it as necessary, such as by informing partner transitions or  internal skill gaps.


Let's talk!