Cybersecurity Program Maturity Assessment

Our consultants will assess the maturity of your cybersecurity program through the "lens" of the NIST Cybersecurity Framework (CSF), or another framework of your choosing.  We'll do this via documentation review, interviews, and observation.  We'll provide you with a report and maturity “score” for each CSF category that will enable you to better focus your future efforts and investments in your program in the areas where you have the largest "gaps."

Cybersecurity Strategic Roadmap

Our consultants will work with you and your stakeholders to build long-term strategy and roadmap to help you grow your program to the level of maturity to which you aspire based on your risk “appetite.” We'll recommend specific initiatives and projects to accomplish both your near-term and long-term objectives and estimate how much you'll need to invest in people, process, and technology to get there. This service is often a follow-on to a Cybersecurity Program Maturity Assessment.

Interim Chief Information Security Officer (CISO)

We'll provide a consultant with 'hands on" experience as a CISO to meet your temporary need for cybersecurity program leadership due to the departure of your CISO. This can be full-time or part-time, short-term or long-term, and on-site or “virtual,” depending on your needs and your budget.

Board of Directors Cybersecurity Subject Matter Expert (SME)

We'll provide an experienced consultant to serve as an outside director on your Board to provide the cybersecurity expertise and oversight of your cybersecurity program that many Boards lack today.  Alternatively, we'll provide a consultant on a retainer to advise your Board and/or Audit Committee on cybersecurity matters when called upon.

Other Targeted Cybersecurity Consulting

If you have needs that don’t match one of our standard cybersecurity service offerings, let’s talk about it.  We pride ourselves on being flexible, but we won’t try to sell you services that you don’t need or that don’t match our expertise and experience.  If we can’t help you, we'll tell you.  We have a large nationwide network and may be able to refer you to other firms we know who may be better positioned to provide the knowledge and assistance that you need.


All of the services described above are available directly from D. W. Stacy & Associates.  In some cases, we hire sub-contractors to work on our engagements. These sub-contractors could be well-qualified individual cybersecurity consultants or reputable cybersecurity consulting firms. In addition, we sometimes work as a sub-contractor to other cybersecurity consulting firms with whom we have a contractual business relationship.