
Get professionalresults-focused
guidance when you need it.
Get professionalresults-focused
guidance when you need it.
Understand risk, set priorities, and strengthen your organisation’s security with flexible, part-time information security leadership.

Overview
For organisations in need of information security services but constrained by a lean budget, a Virtual Chief Information Security Officer (vCISO) can offer guidance and leadership on a flexible and part-time basis.
At Liverton Security, we offer vCISO services through a highly skilled and experienced team of cybersecurity specialists, bringing expert direction to organisations, without the full-time cost.
Working with you or your service provider, we provide advice and direction that aligns with:
- the risk profile of your business
- the work you do

"One of the most valuable parts of a vCISO's role is translating technical risk into language leaders can act on."
Murray Wills, GM Consulting
Our vCISO Services
Our vCISO services offer practical security leadership to help organisations understand risk, set direction, and improve security over time.
Assess and Manage Risks
Risk Management & Compliance
We liaise with your Risk and Audit Committee and Board to help identify and manage risks. We conduct risk assessments, establish risk mitigation plans, and ensure compliance with NZISM/PSR (if relevant), as well as other regulations and standards.
Vendor Management & Third-Party Risk
We assess the security practices of your vendors and third-party service providers, helping to minimise the risks associated with these relationships. We help establish robust vendor management frameworks, including due diligence, contract reviews, and ongoing monitoring.
Vulnerability Assessment
We use our consultants and penetration testing resources to monitor and assess your systems on a one-off or ongoing basis. Leverage our expertise and knowledge to stay up to date with the latest threats and trends that may affect your organisation.
Guidance for Teams
Security Program Development
We work closely with your IT and security teams to help your business align with industry-standard practices. We help you set up and enhance your information security program, including the implementation of security controls, incident response plans, and business continuity plans.
Incident Response & Training
We provide guidance in response to a security incident, helping your organisation respond swiftly and effectively. We also offer training programs to help educate employees and promote a security-conscious culture.
Other
Not sure which service you need?
Our team at Liverton Security can help review your current security practices and recommend the most appropriate vCISO service.
Protect your assets and reputation.
Security starts with understanding where you are. Let us map the way forward.
Let's Chat
Why Liverton Security?
Access senior-level information security leadership without the cost or long-term commitment of a full-time Chief Information Security Officer.
Receive guidance that aligns with your organisation’s size, risk profile, maturity, and budget—ensuring security efforts are practical and achievable.
Make progress quickly using established methodologies and proven frameworks that provide structure, clarity, and momentum from day one.
Benefit from insights gained across a diverse range of organisations and industries, with a focus on delivering measurable improvements—not just advice.
We’re an approved supplier on the DIA MarketPlace, known for:
- Information Security Risk Management & Assessment
- Information Security Governance & Strategy
- Information Security Assurance.
You can also find us on the DIA Trust Framework, listed as an Independent Security Evaluator and Privacy Evaluator.
Trusted Expertise
We deliver high-quality cybersecurity expertise to government agencies and complex enterprise environments.






Case Studies & Insights
Explore real-world examples and insights about organisational risks, priorities, and security.

The Human Firewall: Why Your Team is Your Best Defence Against Cyber Attacks (Part 1)
Despite significant investment in technical controls, people remain one of the most important and most targeted elements of cybersecurity. This article explores how attackers exploit human behaviour and why building a “human firewall” through awareness and training is critical to reducing organisational risk.

One of the biggest security risks in New Zealand isn’t technology. It’s misplaced responsibility
When cybersecurity responsibility is unclear or poorly defined, gaps emerge across governance, operations and decision-making. This article explores how accountability structures impact organisational security outcomes.

Complexity of Security (Part 1)
Security rarely fails because organisations lack controls—it fails when security becomes too complex to manage effectively. As organisations adopt more tools, processes and frameworks, complexity itself becomes a hidden vulnerability that can reduce visibility, consistency and control.