Oak Security
Security audits Operational security review Continuous audit vCISO service Penetration testing Op-sec training Security & economic advisory Technical due diligence Research TRACE framework Pre-Audit Agent Op-Sec Academy Request a quote

Virtual Chief Information Security Officer

On-demand,
in-house security.

Hiring a CISO with real Web3 experience is slow and expensive. Our vCISO gives you that person now, without the full-time cost. The one your founders call before an architecture decision, before a token launch, and at 2am when something breaks.

Talk to us

What's included

Your threat-model steward

The vCISO owns your living TRACE threat model as the protocol changes, the team changes, and new risks show up. Continuous coverage across all three pillars: protocols, systems, and organisations.

Threat model ownership

A living TRACE model of your assets, roles, invariants, and trust boundaries, updated as you ship, hire, and launch.

Architecture review before build

Design input before any code is written. The cheapest point to remove a whole class of attacks.

Governance & multisig oversight

Signer policies, quorum design, timelock placement, and review of every change to privileged authority.

Incident response

Pre-agreed runbooks and a senior responder on call when something breaks at two in the morning.

Board & investor reporting

Your security posture in plain language for non-technical stakeholders: funds, audits, coverage, and open risks.

Reserved audit capacity

Guaranteed access to our audit teams for new features and major releases, scheduled around your roadmap.

Who is this for

Lean teams with serious assets

Building and fundraising

Teams that lack in-house security resources but are about to put significant value on the line, and need solid security practices without slowing down the build.

Established and lean

Teams that want senior security leadership and continuous coverage without hiring a full-time executive. The engagement grows with your needs.

The starting package includes a security foundations course for your team, weekly office hours with a senior Oak Security expert, and review of key internal material such as security policies, deployment procedures, and onboarding workflows. Engagements are flexible, and most clients start after a full audit, once they have seen how we work.

Talk to us

Tell us about your project and we will get back to you within one business day.

Subscribe to our newsletter

Security research, audit insights, and ecosystem analysis — straight to your inbox.