Contact Us

What is a CISO?

Technology Leadership

What Is a CISO? Security Leadership Explained for Business Leaders

The Chief Information Security Officer: what they own, what they cost, and whether a full-time hire is right for your business.

Get Expert Advice

Common Misconceptions

The most common misconceptions about this role:

  • Cyber is now a board-level risk.
  • You don’t have anyone accountable.
  • You don’t know if you need a CISO or something cheaper.

How We Approach This

The CISO Accountability Stack:

  1. Phase 1: Risk ownership.
  2. Phase 2: Policy and compliance.
  3. Phase 3: Incident response.
  4. Phase 4: Board reporting.

What Starkhorn Brings

Most CISO content is written by vendors selling tools. This is written by a practitioner who has held the role.

Starkhorn does not subcontract or use associate networks. You work directly with Daniel Jacobs from the first conversation through to delivery.

Who This Is For

This service is designed for:

  • Boards and CEOs at regulated businesses
  • PE-backed firms
  • and fast-scaling SMEs

This is not the right fit for: Businesses needing a basic IT security audit only.

Frequently Asked Questions

What is a cyber security risk assessment and why does my organisation need one?

It is a structured way of identifying what could harm your organisation digitally, how likely it is, and how much it would hurt, so you can decide what to fix first. Recognised methods such as ISO/IEC 27005:2022 and NIST SP 800-30 set out how to do this rigorously. This free tool gives you a fast, scored starting view across seven domains.

Is this a real risk assessment or a quick check?

It is an honest self-assessment that scores your posture and points to your weakest areas. It is a board-ready signal and a useful starting artefact, but it is not a formal risk assessment, audit or certification, and it does not replace one. A real assessment looks at your specific assets, threats and context in depth.

Can I use this as a risk assessment template or checklist?

Yes. The seven domains and 21 questions work as a plain-language checklist of the controls that matter most, mapped to NCSC, ISO, NIST and CIS guidance. Many organisations use the output to frame their first proper risk assessment or to brief a board.

Which frameworks is this based on?

The structure draws on the NCSC 10 Steps to Cyber Security, ISO/IEC 27005:2022 and NIST SP 800-30 (risk assessment method), the NIST Cybersecurity Framework 2.0 (Govern, Identify, Protect, Detect, Respond, Recover), the CIS Critical Security Controls v8.1, and Cyber Essentials control areas. Sources are listed in the methodology note below.

What does a typical Starkhorn engagement cost?

Engagements are structured as monthly retainers or fixed-term day-rate assignments. The cost depends on scope and time commitment. We are transparent about pricing from the first conversation and will give you a clear indication on the call.

What experience does Starkhorn bring?

Starkhorn is led by Daniel Jacobs, with 20+ years in technology and security, 15+ of them in leadership roles. He has served as CIO, CISO, and interim technology director for organisations including VetPartners (BC Partners-backed, GBP1.2bn) and Jardine Motors Group (GBP2bn turnover). He holds PRINCE2, ITIL Foundation, and is a Full Member of the Institute of Interim Management.

Does Starkhorn work with businesses outside London?

Yes. We work with clients nationally and, for some engagements, internationally. Much of our advisory work is delivered remotely, with on-site presence when needed. Location has not been a barrier for any of our clients.

What is the first step to working with Starkhorn?

Book a no-obligation conversation using the link on this page. In 30 minutes we will understand your situation, tell you honestly whether we are the right fit, and outline what a first engagement would look like. There is no sales process and no pressure.

Next step

Talk to a Senior Technology Leader

Starkhorn provides fractional CIO, CISO, and interim technology leadership for growing businesses. If you would like to understand whether this kind of support makes sense for your situation, book a no-obligation conversation.

Book a Conversation

Related at Starkhorn