Antares
All insights
Case studySecurity Leadership & vCISOJune 24, 2026·7 min read

vCISO Engagement — Specialty Services Company

How vCISO advisory support rebuilt security decision-making across a complex specialty services company following CISO departure and organizational restructuring.

The Engagement

A specialty commercial services company with a complex organizational structure and a distributed third-party delivery model retained vCISO advisory support following the departure of its internal CISO. The company was simultaneously managing acquisition integration across multiple business units, a workforce reduction that included IT security staff, and fragmented security ownership across a broad vendor network.

An Antares principal contributed senior vCISO advisory capacity to this engagement alongside a national advisory firm.

Security responsibility was divided among internal IT, a security function, and multiple third parties — none with a clear mandate over the others. The fragmentation created accountability gaps that weren't visible from any single team's vantage point.

Layer 01 — Decision Formation

The core problem wasn't controls. It was the decision structure behind them.

The engagement opened with a structured assessment of how security decisions were actually being made — across technology assets, staff capability, policies, and organizational culture.

Key findings: conflicting decision-making among multiple leadership teams on core security issues; no consistent governance structure for cross-functional security decisions; a prevailing belief among leadership that the organization was not a material target; active resistance to fundamental controls — including MFA — with no clear owner responsible for driving adoption; and security exposure across a third-party delivery network with no formal risk management program in place.

The breakdown was happening at the formation layer — before execution could begin.

Layer 02 — Decision Integrity

Whether the decisions already on paper would hold up under real conditions.

Before recommending a path forward, the engagement team evaluated whether existing policies and procedures would hold up under real operational pressure — not just auditor review. This included assessing actual security posture against documented stance and leading an incident response tabletop exercise with the security committee and technical teams.

The tabletop exercise was instructive. It surfaced significant gaps between documented response procedures and the organization's actual capacity to execute them — gaps that existed not because the procedures were wrong, but because ownership and coordination had never been tested under realistic conditions.

The organization's documentation said one thing. Its operational reality said another.

Layer 03 — Operational Execution

Restructuring how decisions were made, owned, and held.

The advisory work focused on clarifying how security decisions would be made and held across the organization — not on adding controls in isolation.

Key outcomes: restructured the security function under the general counsel to align security decision-making with risk management authority; reconstituted the security committee with cross-functional representation to support coordinated, consistent decisions across leadership; developed and implemented a third-party cyber risk management program — including vendor tiering, risk questionnaires, and ongoing monitoring protocols; updated and formalized information security policies to reflect the organization's actual operating environment; established a prioritized threat detection and response strategy based on the organization's specific risk profile; and led an incident response tabletop simulation that produced actionable insights and drove a measurable shift in leadership posture.

The Outcome

The engagement produced a security program structured around the actual decision-making requirements of the organization — not a generic controls framework applied without context.

Security ownership was clarified. Governance carried real organizational weight. The incident response function had been tested and could be executed. Third-party risk was actively managed rather than periodically acknowledged.

The gap between documented security posture and operational reality narrowed significantly — and the organization had a governance structure capable of sustaining that alignment as the environment changed.

The challenge this organization faced is common in mid-market environments: fragmented ownership, unclear decision authority, and controls that are technically present but operationally unsupported. That's the gap Antares operates inside. Read more about Our Approach or Schedule a Consultation.

About the author
Branden Rowe, Founder and Managing Director of Antares Security

Branden Rowe

Founder & Managing Director, Antares Security

Branden Rowe is the Founder and Managing Director of Antares Security, a cybersecurity advisory practice focused on governance, operational security, risk management, and executive-level security leadership. His career spans security and risk leadership across regulated and enterprise environments including Northern Trust, Baker Tilly, Wolters Kluwer, and Cushman & Wakefield.

Leadership profile →LinkedIn →
Related insights
All insights →

Need a senior advisory perspective on your security program?

A 30–45 minute advisory call covers operating context, current posture, and the decisions forcing the work. If a fit exists, we propose scope.

Schedule a Consultation