Cyber Risk Assessment
A posture review aligned to NIST CSF or ISO 27001. Written report, prioritized risk register, and a remediation plan keyed to your budget and headcount.
See engagementInformation Security & Compliance ConsultingOrlando, Florida
A cybersecurity consultancy built for the mid-market.
Strategic cybersecurity services for businesses from 25 to 1,000+ employees. Headquartered in Orlando, FL, we design and operate the security programs that growing companies need but rarely have the in-house bench to run: risk assessments, audit and compliance readiness, virtual CISO leadership, and incident response, delivered by senior practitioners who stay accountable for the outcome.
What we do
Four practice areas. One firm to call.
Each engagement is scoped to a one-page statement of work before any meter starts. Senior consultants only. No offshore handoff on assessment or compliance work.
Audit and Compliance Readiness
SOC 2, HIPAA, PCI DSS, CMMC, and NIST 800-171. Gap analysis, policy authoring, evidence runbook, and direct audit support.
See engagementVirtual CISO
Senior security leadership on a monthly retainer. Strategy, board reporting, vendor reviews, architecture sign-off, customer questionnaires.
See engagementIncident Response
Same-day retainer for ransomware, business email compromise, and data loss events. Containment through post-incident hardening.
See engagementBy the numbers
A small firm built around the work, not the headcount.
25+
Years of combined practitioner experience across federal cyber operations, enterprise security engineering, and audit.
5
Compliance frameworks delivered end to end. NIST CSF, ISO 27001, SOC 2, HIPAA, and CMMC.
100%
Engagements scoped in writing with a fixed price or capped retainer before the first meeting.
0
Junior bench, offshore subcontract, or proprietary platform lock in. The files belong to the client.
The firm
Senior practitioners. Plain English. Written deliverables.
Cybersecurity Group, LLC serves mid-market businesses across Florida, the Southeast, and remote engagements nationwide. Our consultants hold CISSP, CGRC, and CISA credentials and come from federal cyber operations, enterprise security engineering, and Big Four audit backgrounds.
Every engagement is scoped, priced, and delivered in writing. When the work is done, the artifacts (policies, runbooks, risk registers, network diagrams) transfer to the client as editable source files. No platform dependency.
General cybersecurity consulting
When a defined service is not the right shape.
Not every problem fits a four-week SOC 2 sprint or a twelve-month vCISO retainer. Some questions are smaller. Some are bigger. Some are urgent and need a senior practitioner in the room for an afternoon. We engage on those, too.
Hourly and project-based consulting for the work that sits between the named services. Architecture review before a launch. A second opinion on a vendor proposal. A tabletop scripted around your board's actual risk concerns. A program design for a business unit that is starting from zero.
01 / Advisory
Board readouts, second opinions, security strategy memos.
02 / Architecture
Identity, network, and cloud reviews before a build or migration.
03 / Vendor selection
Technical scoring for SIEM, EDR, MDM, IAM, and backup tooling.
04 / Diligence
Pre-acquisition cybersecurity diligence and post-merger integration.
05 / Tabletops
Ransomware, BEC, and insider-threat exercises for leadership teams.
06 / AI security
NIST AI RMF, model governance, and acceptable-use policy for LLM adoption.
How we engage
Three commitments that hold across every engagement.
01
Scoped before it starts
Every engagement opens with a one-page statement of work that names the deliverables, the timeline, and the cost. Scope changes go in writing first.
02
Senior practitioners only
Engagements are delivered by senior consultants. When work calls for a specialty outside our practice (a C3PAO, a breach attorney, a forensic recovery vendor), we flag it up front and refer.
03
The files are yours
Policies, runbooks, reports, and diagrams ship as source files in standard formats. Word, Markdown, draw.io, Visio. If you ever change firms, the work travels with you.
Where we work
Florida and remote United States.
- Central Florida Orlando, Winter Garden, Winter Park, Lake Mary, Altamonte Springs. On-site travel is included in the engagement price.
- Statewide Florida Tampa, Jacksonville, Miami, Fort Lauderdale, and the Space Coast. On-site is quoted per visit.
- United States Remote engagements nationwide. Travel is scoped and quoted at the start of the engagement.
- Sectors Healthcare, financial services, SaaS and technology, professional services, defense contractors, and public sector adjacencies.
Long-form
Reading for security and engineering leaders.
Practical writing on programs, frameworks, and incidents. No vendor placements. No content marketing.
A founder's guide to SOC 2 for companies under 50 employees.
What Type I requires, what evidence you need before the audit window opens, and how to run the engagement without hiring a full-time compliance manager.
Read articleWhy SMBs became the primary cyber target in 2025.
The economics that drove attackers downmarket, the attack patterns now dominant against 20 to 200 person businesses, and the controls that move the needle.
Read articleZero Trust architecture, without the marketing.
A practical Zero Trust reference for mid-market networks. What the principle means, which NIST 800-207 components matter, and what to ignore.
Read articleEngage the firm
Tell us what you are working on.
A thirty-minute call to understand your business and the pressure behind the question. If we are not the right firm, we will say so on the call and point you toward a firm that is.
- Email gino@cybersecuritygp.com
- Phone (352) 650-0088
- Location Orlando, Florida
- Response Same business day
- Client Client portal sign in