Cyber Security and Data Protection

Practical Approach.  Powerful Results.

Who We Help

CEOs and Boards of Directors

ceo board of directors boardroom cyber security information risk

You need to know, in plain terms, what technology investments will  support your financial goals.  You need to sort fad from solid trend,  know when to invest and when to say "no."

You need an independent look at your cybersecurity or data privacy program to know if it is effective, practical and reasonable.

You  want a qualified cyber, privacy or technology advisor to support the  board of directors or to add a technology voice to your regular board  conversations.

You need a qualified Information  Security Officer or Privacy Officer to meet regulatory expectations,  but you aren't in a position to hire one just yet.

You need to know if the large technology investment you are considering is really necessary or if there is a better option.


You have to manage the financial risk of a data breach, and secure the right cyber insurance coverage.

You need an external risk assessment to satisfy a client or regulatory requirement.

You need a vendor information risk management program.

You need to appoint a qualified information security officer under NY DFS 23 NYCRR 500, and outsourcing that role fits your circumstances.

You need to appoint a qualified Data Protection Officer ("DPO") to meet GDPR requirements, and you are aware that the regulation requires this person to have "expert knowledge."

You want an objective opinion on the ROI of a technology or cybersecurity investment.


You are fully familiar with the challenges that come with trying to protect your organization from well-armed adversaries. You need an ally and a sounding board that can give you insights from hands on experience in multiple environments.

You need a strategic planner to crystallize your vision and communicate your strategy in actionable terms.

You need additional resources to help execute or manage your project portfolio.

You need a "data map" or "data register" for GDPR compliance purposes.

You want reinforcements with specialized expertise to help you succeed.

CEO/Board Blog Topics

Want a quick summary of current trends and news? 

Find out more

CFO Blog Topics

Interested in which investments live up to promises and where cyber risk creates financial risk?  

Find out more

CIO/CISO/CPO Blog Topics

Ready for some actionable information?  

Find out more


Data Breach Prevention and Response Planning

 Every business has employee or customer information that, if  compromised, could have financial or legal consequences. Our teams build  privacy programs, data breach response plans and incident response  "playbooks" that help lessen the risk and cost of embarrassing and  expensive data breach events.  Our plans help your team act decisively  when responding to security events.  

Information Security Incident Response Playbook

 We literally built the SOC playbook for one of the world's largest government entities.  We've built them for small and medium sized organizations as well.  Our strength lies in flexibility.  We work with the resources you have to develop a sound triage, escalation, analysis and response plan to guide cross-functional teams through difficult situations. 

Incident Response Leadership - Experienced Navigation

The decisions that are made during a security incident can have a dramatic impact, either positive or negative.  The technical, financial and reputational  issues are often critical.  Having experienced guidance to avoid pitfalls can make all the difference.

Compliance Programs

 Large, well-known companies with carefully crafted privacy policies have  faced tremendous financial loss because the technical, operational,  marketing and support teams have not been aligned with policy  statements. Having a trained expert bridge the gap between the legal and  technology teams can prevent embarrassing and expensive errors. 

From GDPR, to New York State Dept. of Financial Services 23 NYCRR 500 to California's new privacy law, cyber security and data privacy requirements are clearly increasing.  SEC statements in the past several years have been clear.  We bring decades of experience to help you meet these regulatory requirements without disrupting your business operations.   We can serve as a "virtual" CISO or privacy officer until you are ready to make a full-time hire.  We can help you conduct your annual assessments, present to your board of directors or help your management navigate new requirements, such as establishing your third-party risk management or data governance program.

Interim or "Fractional" CISO, CIO or CPO

For companies that aren't in a position to recruit and hire a  full-time information security executive, but still need a qualified  chief information security officer ("CISO") to set a strategy and  provide leadership, our V-CISO service is a perfect fit.

Companies  required under NY DFS 23 NYCRR 500 to appoint a qualified CISO can  leverage our resources to have appropriately experienced professional  engaged at a fraction of the cost of a full-time employee.

Companies  required under GDPR to appoint a qualified data privacy officer ("DPO")  can rely on us to supply certified, experienced professionals with the  "expert knowledge" required by the regulation.

Cyber,  by definition, involves computers. You need specialized technical  expertise to solve technical problems. That technical expertise should  be coupled with strong business acumen and the ability to balance risk  and find technology solutions to support, and not hinder, business.

Our experienced team of technology and privacy executives and managers have "filled in" for technology and privacy lead roles to give the organization time to find, recruit and onboard the right talent without feeling rushed or exposed. 

Executive/Board Advisory Services

Do you bring in an outside expert to help the board of directors with issues relating to technology investments and risk? Or do you add a technology seat to the board? You are getting expert guidance on this topic in this "Digital Age." Aren't you?

Technology is complex, changes rapidly and is subject to numerous external forces--not unlike your business and strategies. Having a true expert involved in regular board conversations can help a business capture opportunities it would otherwise miss and avoid expensive mistakes.

Leaving a complex, dynamic and expensive portion of the business to manage itself and self-report is a tremendous show of faith, but it is not governance.

Who We Are

Hard to Find Talent ~ Objective Advice

In a time when cyber security skills and data privacy skills are in a state of shortage, we have both.  We've worked with financial, tech, educational, retail, government and healthcare clients to deliver privacy, technology and information security services.  We don't sell technology, so you can count on us for objective guidance.   


We hold strong to our position that strategy drives investment and tactical planning.   Technology or information risk shouldn't be the "tail wagging the dog."  It shouldn't prevent the business from moving forward.  It can be wind in your sails or an anvil.  We help you be certain that your technology budget is not driven by outside influence, but rather a strategic investment that doesn't carry hidden risk.

Results Oriented

We recently helped a client revive "shelfware" and successfully put it into production saving a huge investment from being a loss and improving the efficacy of their cybersecurity program.  

Customer comments like "we chose you because you were the most sensible" tell us we are doing something right.

We stand by the quality of our work.  100%.  

If you're not happy, we make it right or you don't pay.  

Contact Us

Contact us for experienced guidance on cyber strategy, technology governance, expense management, or just extra resources for challenging projects.

The Palisade Group