Information Security expertise for Scotland
Expert, proportionate and pragmatic information security guidance, delivered flexibly and cost-effectively.
Senior Cyber Security Leadership, without the cost of a full-time CISO
My name is Drew Wagar and I help organisations understand cyber risk, strengthen governance and resilience, and turn complex security issues into practical, proportionate action.
As a CISM-certified Fractional CISO and former CISO at Lloyd’s of London, I work with boards, executives and technical teams directly, or alongside consultancies and managed-service providers.
I have worked with dozens of clients across multiple industries and hold the CISM certification. I am effective from day one, giving you the leadership needed to protect your business, meet compliance obligations and build customer trust, at a fraction of the cost of hiring in-house.
Whether you need Fractional CISO support, an independent cyber review, crisis-readiness advice or partner delivery support, I’d be happy to have an initial conversation.
Fractional CISO and Board Advisory
I provide guidance for boards, risk professionals and technical implementation teams, helping them develop security strategies aligned with organisational goals and objectives.
I am always mindful of an organisation’s position and outlook, ensuring my advice is both pragmatic and proportional, avoiding the tendency to “gold plate” or over “technologise.”
Cyber Assurance and Maturity Reviews
I can quickly assess your business and advise you on your areas of weakness, allowing you to focus your effort on dealing with the riskiest issues first.
Reviews can be aligned to ISO 27001, NIST CSF, DORA, SOC 2, Cyber Essentials or a combination of frameworks.
Security Strategy and Improvement Roadmaps
I can help you prioritise information security investment and develop a programme of initiatives aimed at reducing risk and exposure.
Alternatively I can advise on or help steer existing programmes to ensure you get the best out of existing strategies.
Training, Awareness and Executive Briefings
I can deliver tailored and bespoke training to key individuals and teams within an organisation, while also assessing the effectiveness of existing in-house training.
System administrators, finance teams, HR teams and board members may all need additional training about cyber risk.
Governance, Risk and Compliance
I can assist you in ensuring that your Information Security governance arrangements are effective in identifying, managing and dealing with risk.
I aim not to make this a paper-based or “box-ticking” exercise, but to ensure that compliance is a natural outcome of effective, lightweight and proportionate governance.
Incident Readiness and Crisis Support
I can deliver crisis management training, simulations and tabletop exercises, combined with advice on disaster recovery and business continuity arrangements.
Should you be unfortunate enough to suffer a cyber attack or data breach, I can also support you in managing the impact.
Working with Partners
I can work directly with client organisations, or as an introduced specialist, subcontractor or white-label extension of an existing consultancy, MSP or technology provider.
This allows partners to offer senior cyber leadership, independent assurance and board-level support without having to build that capability in-house.
I am a member of ScotlandIS, Scotland’s digital economy membership organisation, which aims to build, support and enable the digital technology ecosystem in Scotland.
What is a Fractional CISO?
A Fractional CISO, also known as a Virtual CISO or vCISO, provides senior cyber security leadership to organisations that need experienced guidance without the cost of hiring a full-time CISO.
This gives businesses access to objective advice on cyber risk, governance, security strategy, technology choices and regulatory obligations.
A Fractional CISO can provide flexibility, scalability and specialist expertise, helping organisations improve resilience and make proportionate security decisions.
Why me?
I have worked in information security, technology and professional services for more than three decades, and hold the CISM certification.
I have served as a full-time CISO, including at Lloyd’s of London, and have supported dozens of organisations across multiple sectors as a Fractional CISO and cyber security adviser.
I bring a rare combination of board-level risk leadership, practical security governance, operational experience and technical understanding. My focus is on helping organisations improve security in a way that is proportionate, commercially aware and deliverable.
Whether you need Fractional CISO support, an independent cyber review, crisis-readiness advice or partner delivery support, I’d be happy to have an initial conversation.
