Additional menu

Dr. Preston Rich

vciso-services

The Cyber Collective
The Cyber Collective Empowering leaders, securing the future.
Preston Rich, LLC · dba The Cyber Collective
doc@prestonrich.com · 972.837.7463
Cybersecurity Services · vCISO · Risk · Compliance

Executive-level security.
Without the full-time price tag.

Dr. Preston Rich brings 30+ years of CISO-level expertise to your organization as a fractional partner — delivering the strategic security leadership of a National CISO at a fraction of the cost. Real experience. Real results. No fluff.
Proven Track Record
72% Risk reduction achieved via CIS controls implementation
200+ Properties audited — PCI-DSS Best in Industry rating
10% Cyber insurance premium reduction negotiated for client
100% SOC 2 & ISO 27001 audit compliance maintained
30+ Years leading cybersecurity programs across 5 industries
NIST CSF
ISO 27001
PCI-DSS 4.0
SOC 2
HIPAA
COBIT
GDPR
MITRE ATT&CK
CIS Controls
Zero Trust
What Dr. Rich offers Four core cybersecurity services.
One experienced partner. Every engagement is led personally by Dr. Rich — not delegated to a junior consultant. You get 30+ years of real-world CISO experience applied directly to your organization’s most pressing security challenges.
Service 01 · Most Popular

Virtual CISO
(vCISO) Services

Get expert cybersecurity leadership without the $250,000+ full-time CISO salary. Dr. Rich acts as your strategic security advisor on a retainer basis — attending board meetings, managing risk, building your security program, and aligning your security posture with your business goals.

  • Strategic security roadmap development and execution
  • Board and C-Suite advisory on cybersecurity risk thresholds
  • Security program governance and policy development
  • Vendor and third-party risk management (TPRM)
  • Incident response planning and tabletop exercises
  • Security awareness program implementation
  • Ongoing compliance monitoring and reporting
Request vCISO Consultation →
What a vCISO Engagement Looks Like
Engagement TypeMonthly Retainer
AvailabilityScheduled + On-Call
Board ReportingIncluded
Policy DevelopmentIncluded
FrameworksNIST · ISO 27001 · CIS
Industries ServedHealthcare · Finance · Hospitality · Higher Ed · Nonprofit
Contract TypeFlexible · No Long-Term Lock-In
Service 02 · Start Here

Cybersecurity
Risk Assessment

You can’t protect what you can’t see. Dr. Rich’s risk assessment process uses proven frameworks — CIS RAM, NIST, and ISO — to uncover your vulnerabilities, quantify their business impact, and build a prioritized remediation roadmap your leadership team can act on immediately.

  • Full-scope vulnerability identification and analysis
  • Business impact analysis tied to financial risk exposure
  • CIS RAM, NIST SP 800-30, and ISO 31000 methodology
  • Prioritized remediation roadmap with cost estimates
  • Executive-ready risk report for board presentation
  • Cyber insurance readiness evaluation
  • Annual re-assessment option for continuous improvement
Schedule Your Assessment →
Risk Assessment Deliverables
Executive SummaryBoard-ready risk overview
Threat InventoryFull vulnerability catalog
Risk MatrixImpact × Likelihood scoring
Remediation PlanPrioritized action roadmap
Framework GapsNIST · CIS · ISO analysis
Timeline2–4 weeks typical
Service 03 · Build Your Foundation

Cybersecurity Program
Development

Most organizations don’t have a security program — they have a collection of disconnected tools and policies. Dr. Rich designs and implements comprehensive security programs using his proprietary Comprehensive Cybersecurity Management System (CCMS™) — a proven framework built from real-world CISO experience across five industries.

  • Information Security Management System (ISMS) design
  • Security policy and procedure development
  • IT System Security Plans (SSP) development
  • Security awareness and training program implementation
  • Incident response program design and testing
  • IT Governance Committee establishment
  • Metrics framework for measuring program effectiveness
Build Your Program →
CCMS™ Framework Pillars
GovernPolicies · Procedures · Committees
IdentifyAssets · Risks · Dependencies
ProtectControls · Training · Access Mgmt
DetectSIEM · MDR · Monitoring
RespondIR Planning · Tabletop Exercises
RecoverBCP · DRP · Resilience Planning
Service 04 · Stay Compliant

Compliance & Audit
Management

Compliance isn’t a checkbox — it’s a competitive advantage. Dr. Rich has personally directed audits across 200+ hotel properties, maintained SOC 2 and ISO 27001 programs for higher education, and earned Best in Industry ratings. He brings that same rigor to your organization.

  • PCI-DSS 4.0 readiness assessment and audit management
  • SOC 2 Type I & II preparation and ongoing compliance
  • ISO 27001 certification readiness and ISMS implementation
  • HIPAA security rule compliance and risk analysis
  • NIST CSF 2.0 gap analysis and implementation roadmap
  • HECVAT audit program management (higher education)
  • Cyber insurance optimization and documentation
Start Compliance Review →
Compliance Frameworks Supported
PCI-DSS 4.0200+ properties audited
SOC 2Type I & II cycles maintained
ISO 27001ISMS design & certification
NIST CSF 2.0Gap analysis & roadmapping
HIPAASecurity rule & risk analysis
HECVATHigher education audits
Proprietary Framework

The CCMS™ — Comprehensive
Cybersecurity Management System

Dr. Rich’s proprietary framework is the backbone of every security program engagement. Built from 30+ years of real-world deployments across healthcare, hospitality, higher education, energy, and nonprofit sectors — CCMS™ integrates program management, control frameworks, and risk governance into one cohesive, defensible system.

01 Program Framework

A structured information security management system aligned to NIST, ISO 27001, and CIS — providing defensible, audit-ready documentation for every control.

02 Control Integration

Interdependent security controls mapped across technical, administrative, and physical domains — eliminating gaps that single-framework approaches miss.

03 Risk Governance

A repeatable risk management process that quantifies exposure, ties risk to business impact, and gives leadership the data they need to make informed security investments.

04 Compliance Alignment

Built-in mapping to PCI-DSS, SOC 2, HIPAA, NIST CSF, ISO 27001, and GDPR — so compliance efforts reinforce your security program rather than running parallel to it.

05 Incident Response

Pre-built IR workflows, tabletop exercise templates, and communication protocols that transform your team from reactive to resilient before an incident occurs.

06 Metrics & Reporting

Executive-ready dashboards and KPIs that translate technical security performance into business language — giving your board the visibility they need to govern effectively.

How it works From first call to full program — a clear, proven process.
01 Discovery Call

30-minute conversation to understand your organization, industry, current posture, and most pressing security challenges.

02 Assessment

A structured evaluation of your current security environment — gaps, risks, and compliance status — using proven frameworks.

03 Roadmap

A prioritized, executive-ready action plan with timelines, resource requirements, and expected risk reduction outcomes.

04 Execution

Ongoing partnership to implement, monitor, and continuously improve your security program as your organization evolves.

Industries served Deep experience across the sectors
that need security most.
🏥
HealthcareHIPAA compliance, PHI protection, and security program development for healthcare organizations.
🏨
HospitalityPCI-DSS audit management and security programs for hotel properties and hospitality groups.
🎓
Higher EducationHECVAT, FERPA, and institutional data security programs for colleges and universities.
💼
Financial ServicesSOC 2, PCI-DSS, and risk management for financial institutions and fintech organizations.
🌿
Nonprofit & NGOFoundational NIST CSF security programs for global nonprofits operating with limited security budgets.
Energy & InfrastructureSCADA and enterprise network security controls for critical infrastructure organizations.
Ready to get started?

Your security posture.
Transformed.

Whether you need a fractional CISO, a risk assessment, a compliance program, or a complete security overhaul — Dr. Rich brings the experience, credentials, and frameworks to get it done right the first time.
Schedule a Free Discovery Call → Contact Dr. Rich
booking@prestonrich.com · 972.837.7463 · Frisco, TX