vCISO Retainer
Ongoing senior security leadership - without the cost, commitment, or hiring risk of a full-time executive. Three tiers to match where you are.
Learn more →Services
Coastal Cyber works across four areas. Engagements are scoped in writing before work begins. The scope defines what is included and what is not - because clarity at the start is how good work gets done.
Cyber Risk Management
Risk management that produces decisions, not documents. Frameworks applied as tools, not tick-boxes.
Learn more →Board & Executive Advisory
Cyber risk in language your board will actually act on. Clear communication, not jargon in a red-amber-green grid.
Learn more →Projects & Assessments
Fixed scope, defined deliverable, clear price. See how we work before committing to an ongoing engagement.
Learn more →For MSPs & MSP Channel
Coastal Cyber works with a select number of Managed Service Providers in a strictly independent capacity. These engagements are structured to complement - not compete with - MSP service delivery, and are governed by a conflict-of-interest protocol that protects the interests of all parties.
Fixed price
Essential Eight Independent Assessment
An independent, evidence-based assessment of your client's Essential Eight maturity - delivered by Coastal Cyber, not your team. Available as a client-commissioned engagement or as MSP-commissioned independent validation of your own work. Either way, the methodology is the same: scoped to ACSC guidance, with a maturity rating per strategy, a gap register, and a board-ready summary.
90-day program
MSP Security Practice Development
A fixed-scope 90-day program to help MSP owners build a coherent, credible security offering. Covers your service stack, client-facing documentation, policy templates, and how you position and price security to clients. Delivered in three phases: Assess, Design, Embed. Clear deliverables at each gate.
Fixed price
MSP Governance & ISMS Uplift
You tell your clients to take security seriously. Does your own business reflect that? This engagement builds the governance foundations your MSP needs - ISMS scope, risk appetite, control framework, and a minimum viable policy suite aligned to ISO 27001. Certification optional. The discipline isn't.
These services are not available to MSPs currently engaged as IT service providers to Coastal Cyber vCISO clients.
Not sure which engagement model fits?
Most new relationships start with a project. Get in touch and we'll tell you what makes sense for where you are.
Get in touch