Get professionalresults-focused
guidance when you need it.
Get professionalresults-focused
guidance when you need it.
Understand risk, set priorities, and strengthen your organisation’s security with flexible, part-time information security leadership.
Overview
For organisations in need of information security services but constrained by a lean budget, a Virtual Chief Information Security Officer (vCISO) can offer guidance and leadership on a flexible and part-time basis.
At Liverton Security, we offer vCISO services through a highly skilled and experienced team of cybersecurity specialists, bringing expert direction to organisations, without the full-time cost.
Working with you or your service provider, we provide advice and direction that aligns with:
- the risk profile of your business
- the work you do
"One of the most valuable parts of a vCISO's role is translating technical risk into language leaders can act on."
Murray Wills, GM Consulting
Our vCISO Services
Our vCISO services offer practical security leadership to help organisations understand risk, set direction, and improve security over time.
Assess and Manage Risks
Risk Management & Compliance
We liaise with your Risk and Audit Committee and Board to help identify and manage risks. We conduct risk assessments, establish risk mitigation plans, and ensure compliance with NZISM/PSR (if relevant), as well as other regulations and standards.
Vendor Management & Third-Party Risk
We assess the security practices of your vendors and third-party service providers, helping to minimise the risks associated with these relationships. We help establish robust vendor management frameworks, including due diligence, contract reviews, and ongoing monitoring.
Vulnerability Assessment
We use our consultants and penetration testing resources to monitor and assess your systems on a one-off or ongoing basis. Leverage our expertise and knowledge to stay up to date with the latest threats and trends that may affect your organisation.
Guidance for Teams
Security Program Development
We work closely with your IT and security teams to help your business align with industry-standard practices. We help you set up and enhance your information security program, including the implementation of security controls, incident response plans, and business continuity plans.
Incident Response & Training
We provide guidance in response to a security incident, helping your organisation respond swiftly and effectively. We also offer training programs to help educate employees and promote a security-conscious culture.
Other
Not sure which service you need?
Our team at Liverton Security can help review your current security practices and recommend the most appropriate vCISO service.
Protect your assets and reputation.
Security starts with understanding where you are. Let us map the way forward.
Let's Chat
Why Liverton Security?
Access senior-level information security leadership without the cost or long-term commitment of a full-time Chief Information Security Officer.
Receive guidance that aligns with your organisation’s size, risk profile, maturity, and budget—ensuring security efforts are practical and achievable.
Make progress quickly using established methodologies and proven frameworks that provide structure, clarity, and momentum from day one.
Benefit from insights gained across a diverse range of organisations and industries, with a focus on delivering measurable improvements—not just advice.
We’re an approved supplier on the DIA MarketPlace, known for:
- Information Security Risk Management & Assessment
- Information Security Governance & Strategy
- Information Security Assurance.
You can also find us on the DIA Trust Framework, listed as an Independent Security Evaluator and Privacy Evaluator.
Trusted Expertise
We deliver high-quality cybersecurity expertise to government agencies and complex enterprise environments.
Case Studies & Insights
Explore real-world examples and insights about organisational risks, priorities, and security.
The Human Firewall: Why Your Team is Your Best Defence Against Cyber Attacks (Part 1)
In boardrooms across the globe, organisations are pouring millions into sophisticated security tools, yet they are overlooking their most powerful defence mechanism, their people. The disappointing reality is that most cyber awareness training treats employees as potential liabilities rather than assets, delivering dry, tick-box sessions that fail to connect the dots between individual actions and organisational survival.
One of the biggest security risks in New Zealand isn’t technology. It’s misplaced responsibility
Many organisations assume cybersecurity is handled by their IT or network provider, but IT operations and security are not the same discipline. While firewalls, endpoint tools, and cloud controls are important, security fails when it becomes technology-led instead of risk-led. Real security requires governance, skilled people, and continual review—not just tools left to run on default settings. Without dedicated security leadership and maturity assessment, organisations can appear secure on paper while remaining exposed in practice.
Complexity of Security (Part 1)
Security doesn’t fail because people don’t care—it fails when it’s too complex. With organisations juggling dozens of security tools, confusion has become a hidden vulnerability. Cybersecurity expert, Andrew Johnston, explains how over-engineered systems and technical language drive people to bypass security, and why simplicity—not more controls—is the key to building security that actually works.