Verizon

• Verizon provides security solutions and professional services to small businesses. Its corporate headquarters is located in New York, NY.
• The company's official website can be accessed here.
• In 2018, the company generated $130.9 billion in consolidated revenues.

Cisco

• Cisco offers security advisory services to small and medium-sized businesses. They are headquartered in San Jose, CA.
• The company's official website can be accessed here.
• In FY 2019, Cisco generated a revenue of $51.9 billion, 25 percent of which come from its services and 5 percent from security.

Deloitte

• Deloitte offers cyber risk advisory and services to small and medium-sized enterprises. Its US headquarters is in New York, NY.
• The company's official website can be accessed here.
• In FY 2019, Deloitte reported a total revenue of $46.2 billion, with its Risk Advisory business segment showing an 8.4 percent growth fueled by the double-digit growth of its Cyber Risk and Financial Risk offerings.

Rapid7

• With a team of former security leaders from different industries, Rapid7 offers virtual CISO services (vCISO) to teams and organizations no matter the size. Its global headquarters is in Boston, MA.
• The company's official website can be accessed here.
• Rapid7 generated $244.1 million in revenue for the full year of 2018, 85 percent (or $207.7 million) of which come from North America and 15 percent ($36.4 million) from the rest of the world.

CoalFire

• CoalFire is a vendor-neutral cyber security advisory firm that provides CISO program management services to organizations of all sizes, and it is headquartered in Westminster, CO.
• The company's website can be accessed here.
• CoalFire is estimated to have an annual revenue of $165 million.

Avalon Cyber

• Avalon Cyber Security partners with Side Channel Security in providing vCISO services to small and medium-sized companies and organizations. Avalon Cyber Security is headquartered in Buffalo, NY.
• The company's official website can be accessed here.

•  Avalon Document Services, the company that owns Avalon Cyber, has an estimated annual revenue of $16.8 million.

Research Strategy

IBM

• IBM is a global company that provides "application, technology consulting and support, process design and operations, cloud, digital workplace, and network services, as well as business resiliency, strategy, and design solutions."
• It is the largest employer in technology in consulting, globally.
• It was founded in 1911 and it is headquartered in New York City, in the United States.
•  IBM Security, through which CISOaaS is offered, is one of the company's main brands, along with IBM Cloud, IBM Watson, IBM Services, IBM Research, and IBM IT Infrastructure.

Number of Employees

• At the end of 2018, IBM had 350,600 employees across its wholly-owned subsidiaries.
• Additionally, there are 9,400 employees in its less-than-wholly owned subsidiaries and 21,000 of the complementary workforce.
• It is estimated that this year, the number of employees in IBM's wholly-owned subsidiaries was reduced to 340,000. The company plans further layoffs as a part of its digital transformation.

Products and Services

•  IBM Critical Data Protection Program involves discovering, classifying, protecting, and monitoring data. It also includes establishing a data protection strategy.
•  IBM X-Force Incident Response and Intelligence Services. They provide a subscription service with constant access to top-notch consultants, a possibility to go through simulated cyber attacks, and deal with real attacks with a dedicated solution.
• IBM Promontory offers expertise and tools to come up with strategies for data protection, minimizing the risk of financial fraud, and fit specific regulatory environments. It also assists in implementing those strategies.
• For IBM Data Protection Services, the company uses the Total Privacy Management Framework to establish the privacy office, come up with data protection strategies, and handle all data privacy-related issues.
•  IBM Managed Security Services provides non-stop assistance with identifying threats, monitoring, and meeting regulatory requirements.

Competitive Advantage

• IBM has a competitive advantage because it owns industry-leading security solutions, such as IBM QRadar and IBM Resilient.
• Its security products and services have been named top in Gartner Magic Quadrant for ten years in a row.
• The company also got recognized for its security services at SC Awards Europe.
• IBM is one of the world's most recognizable brands, which also gives it an edge over other CISOaaS providers.

Pricing for CISOaaS

• IBM does not disclose the pricing of its CISOaaS services. It only mentions their cost efficiency.
• For example, it claims that IBM Managed Security Services allow to "save up to 55% on information security management."

DXC Technology

•  DXC Technology is a global company that helps its clients modernize IT and data architectures, organize operations in the cloud, and secure their data.
• It has 6,000 private and public customers in 70 countries.
• DXC Technology was founded in 2017 from "the spin-off of Hewlett Packard Enterprise's Enterprise Service segment and its merger with Computer Sciences Corporation (CSC)." It is headquartered in Tysons Corner, Virginia, United States.
• Its network of 200+ partners includes 15 strategic partners, which are Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow, and VMware.

Number of Employees

• As of September 2019, the total number of DXC Technology employees was 128,727, out of which 24,304 were in the United States.

Products and Services

• Through its Risk and Compliance Management advisory and management services, DMX offers "full strategic management of security risk and compliance." It helps identify the risks, come up with strategies that align with company-wide goals, manage their implementation and monitor the results.
•  DXC Data Protection and Privacy Services provide highly-skilled security experts, who help develop data protection strategy, build appropriate solutions, and maintain their efficiency. They offer services of varying sizes, ranging from one-time projects to enterprise-wide deployments.
• Through DXC Intelligent Security Operations, the company provides complex management and advisory services, solutions to detect and monitor threats, ethical hacking to identify vulnerabilities, and a security platform.

Competitive Advantage

• The company claims that it offers the most complex solutions in the security consulting market, assisting companies in each aspect of security and compliance.
• It has a network of trusted security vendor partners, which are assessed and selected according to the highest standards.
• It provides more than 3500 security experts with different deep specializations. Each of them has 5-10 of experience in security at the highest level.

Pricing for CISOaaS

• Pricing is not available on the website or in other sources. For more information, it is necessary to contact the company.

Research Strategy

Deloitte

• Deloitte is a multinational professional services company, one of the big four accounting organizations in the world, and the largest professional services firm globally by revenue.
• Deloitte offers the following professional services to businesses of all sizes globally: risk and financial advisory services, audit and assurance, consulting services, tax services, and mergers and acquisition services.
• Deloitte US and its subsidiaries have 80,000 employees in the US.

• In the United States, Deloitte offers the following professional services:
•  Risk and Financial Advisory Services: Deloitte professionals leverage their business operations experience to help their clients become more resilient and effectively navigate operational, financial, regulatory, and cyber risk, among other market risks, and gain a competitive advantage. CISO-as-a-service is probably offered by the Deloitte cybersecurity segment of their Risk and Financial Advisory Services.
•   Audit and Assurance Services: According to Deloitte, their audit services give organizations a clearer and more in-depth view of their businesses. The company performs audits on organizations globally to help the organizations meet regulatory assurance demands. 
•  Consulting Services: According to Deloitte, they are the largest management consultancy in the world, and they offer consultancy services that look deeply into businesses to bring bold strategies to life through innovation and disruption. The Deloitte US consulting firm has employed close to 30,000 professionals and operates in three key service areas, namely human capital, strategy and operations, and technology.
• Tax Services: Deloitte offers its US clients a wide range of integrated tax services to help the companies excel locally and globally. The firm's tax services include the US Tax Reform Services, Business Tax, International Tax, Transfer Pricing, and Indirect Tax, among others.

• For its cybersecurity services, Deloitte boasts of a "global network of Cyber Intelligence Centers" that operate round the clock to help organizations mitigate the ever-evolving cyber threats. The CICs offer customizable managed security solutions such as "threat analytics, cyber threat management, and incident response." 
• According to Deloitte, while other audit firms describe audit innovation, they (Deloitte) demonstrate it. The company uses automation for routine tasks to speed up the audit process and give priority to higher-order questions, analytical tools to find more insightful answers, and artificial intelligence to complement human understanding.
• Deloitte US has received numerous consulting awards and recognition that give it a leg up over its competitors. In 2019, the firm was named among America's best management consulting firms, in 2018 it was named as a global leader in IoT services by a leading independent researching firm, and some of the firm's C-suite staff were recognized as industry leaders. 

• Deloitte does not publicly reveal their pricing options for its Chief Information Security Officer-as-a-Service on the cybersecurity section of their website, or anywhere else. Clients have to request for the pricing by getting in touch with a cybersecurity manager.

Rapid7

• Rapid7 was formed 20 years ago, and they provide cybersecurity services to organizations of any size.
• They simplify the complexities of cybersecurity through shared visibility, analytics, and automation. 
• Rapid7 has between 1,001 to 5,000 employees, 1,649 of whom are on LinkedIn, according to their LinkedIn profile.

• Rapid7 offers the following products that accelerate insights for security and IT teams:
• The Rapid7 Insight platform for general insights
• insightVM for Vulnerability Management
• insightIDR for User Behavior Analytics and SIEM
• insightAppSec for Application Security in the Cloud
• insightOps for IT Operations.
• metasploit for Penetration Testing
• Rapid7 offers the following services: service consulting, product consulting, managed services, training and certification, and support and CSM.
• Part of Rapid7's advisory services is the vCISO, where the company leverages the expertise of former security leaders to provide clients with a virtual CISO.  

• From their website, Rapid7 only reveals the pricing information for a few of their products, but there are no pricing details on their vCISO offering.

Avalon Cyber

• Overview:
• Avalon Cyber provides cybersecurity services to businesses around the world. They help companies with investigations, litigation, and network security.
• They do basic and deep security assessments and provide CIO on-demand services, as well as policy assessment and writing.
• Employees: 150 
• Products and Services:
• Managed Detection & Response is an endpoint monitoring solution that scans each endpoint for malicious activity, resulting in comprehensive alerts and action to shut down a threat.
• With their Vulnerability Assessments solution, their engineers scan internal and external environments in a company for potential risks, and provide insights and plans to help make improvements.
• Penetration Testing is where the efficiency of a company's security resources are put to the test through this program. Avalon's experts simulate cybercriminal actions to exploit critical systems and access sensitive data.
• With Incident Response, the team conducts digital forensics to provide comprehensive responses to cyberattack.
• Security Advisory Services is done in conjunction with SideChannel Security, where they provide advisory services including risk assessments, guided incident response tabletop exercises, high net worth advisement, home cybersecurity, personal cybersecurity, and others.
• vCISO is their virtual CISO offering which is offered in conjunction with SideChannel Security. It provides expert services to a company's management team and board. These vCISOs do activities such as coaching the board and management team on security issues and planning and reviewing budgets for security.
• Dark Web Monitoring is their service monitors and scans for compromised data on the deep web.
• Phishing Simulation and Training is a program that runs simulated phishing attacks to test employee preparedness and awareness.
• Company Advantage:
• The company has a wide portfolio of cybersecurity offerings.
• It has nine offices across five states.
• They have deep roots and experience in crime-fighting.
• Apart from cybersecurity services, they do policy writing and CIO services.
• Pricing options:
• No pricing page, just a link that redirects to a contact form.

CoalFire

• Overview:
• Coalfire is a Westminster, Colorado cybersecurity company that helps organizations to avert threats and mitigate risk.
• They have been operating for 16 years, providing services to companies across the United States and Europe.
• Employees: 730 
• Products and Services:
• Coalfire Labs is a service that mimics techniques and strategies used by adversaries and cybercriminals to attack the information technology infrastructure of a business.
• CoalfireOne is an online platform that is offered to each client. This platform helps businesses view insights and do analysis and administrative management.
• Compliance Services is a suite that helps businesses address compliance issues and find security risks, accelerate alignment, and helps to strengthen their brand.
• Cyber Engineering services help businesses to design, integrate, optimize, and monitor security systems to operate effectively.
• The Cyber Risk Advisory offers assessment, advisory, and assurance services to executive teams and boards of companies. Their CISO program management falls under this category.
• Secure Cloud services help companies to secure their cloud infrastructure.
• Company Advantage:
• They have large well-known clients such as Diebold, 3M, AWS, Azure, and The Carlyle Group.
• Their Secure Cloud services serve seven of the top ten SaaS companies and nine of the ten IaaS companies.
• They have more than 17 years of experience in IT security and compliance serving both public and private organizations.
• They offer services to thousands of clients across the US and Europe and have multiple accreditations including Amazon Web Services Certified Solutions Architect — Associate and Professional, Certified of Cloud Security Knowledge (CCSK), Certified Information Security Manager® (CISM®), Palo Alto Networks Accredited Configuration Engineer (ACE), and VMware Certified Professional (VCP5-DCP).
• Pricing options:
• They only offer a contact page for inquiring about prices.

Research Strategy