Fractional CISO Services
Cybersecurity Leadership for Cloud Startups

Fractional CISO Services

Cybersecurity Leadership for Cloud Startups


A Part-Time CISO for Cloud Startups

As the threat landscape grows more hostile and customers more concerned about those with whom they share their data, the need for cybersecurity leadership increases. Gone is the time when a startup could just accumulate security debt until large enough to hire a Director of Information Security.

Fractional CISO Services enables cloud start-ups to bridge the gap from the point in their growth from when they need a cybersecurity leader to the point when they can afford one.

George Pajari is the principal of Fractional CISO Services, and was previously the Chief Information Security Officer (CISO) at Hootsuite, the most widely used social media management platform, the largest cloud startup in Vancouver, and one of the Forbes Cloud 100’s “Best and Brightest” private cloud companies.

One of the strongest commonalities among companies with a solid cybersecurity culture is that they have a definitive and highly placed executive in charge of security. The study found that 86% of companies performing well in security employ a chief information security officer (CISO). 

- (ISC)² Study: “Building a Resilient Cybersecurity Culture”

Get in touch with us to set up a consultation, or use the contact form at the bottom of this page to enquire whether our services can advance your security and accelerate your growth.




950 Granville Street
Vancouver, BC V6Z 1L2


George was honoured to be asked by the (ISC)² to be an author of a complete rewrite of the official (ISC)² CISSP CBK textbook (published May 2019).

George was honoured to be asked by the (ISC)² to be an author of a complete rewrite of the official (ISC)² CISSP CBK textbook (published May 2019).


cybersecurity leadership

Improving your company’s security is easy. Buy every security service, tool, and product that catches your eye. Your security will improve, however, you’re likely to run out of money very quickly. The challenge is to know how to achieve Minimum Viable Security — just enough security, with the least expenditure possible, to reduce risk to a level acceptable to your customers and investors. And then, as you grow, iterate — increasing security where, and only where, such investments lead to measurable returns.

Security Collateral Development

Just as important as the marketing materials you use to explain the valuable services you offer, is the security collateral that explains how you will protect the precious information you are asking your customers to entrust to you. As a professional writer (three books and countless magazine articles), George knows how to craft a compelling security narrative.

SOC 2 Audit Preparation

The coming of age of almost every cloud services company is achieving external certification of their cybersecurity. With that independent attestation, customers no longer have to take your word for your security. A SOC 2 audit is the most common external validation of a service organization’s security, and George has had the experience of preparing Hootsuite and other companies for their first SOC 2 audit.

Security Incident Response Planning

It’s a question of when, not if. All organizations will be compromised at some point, and as important as it is to put up a good defence, it is even more important to know what to do when it happens. George led the security incident response team at Hootsuite and has the scars to prove it.

Security Team Hiring

When you are ready to hire your first security engineer, who is going to verify their technical skills? Who on your team has the training and experience to be able to interview a security engineer and separate the wheat from the chaff? George has written the Security Architecture and Engineering section of one of the foundational textbooks in the field, and can quickly determine if a candidate has the skills you need.

Enterprise Security Sales Assistance

Cloud startups selling into the enterprise space quickly find that the risk-management vetting they are subject to can be daunting. George set up the supplier risk management at Hootsuite, and also handled many of the due diligence investigations by Hootsuite’s major enterprise customers so he has seen the process from both sides, and can assist and coach start-ups in navigating the process, shortening your sales cycle, and accelerating your growth.


If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.
— Bruce Schneier


Let's Chat.

Please tell us a bit about yourself by filling out this form or sending us an email.

Name *
Please do not include confidential or sensitive information in your message.