Senior security leadership for founders, boards, and growth-stage teams. Fractional hours, senior judgment. Elissa serves as Lorikeet's Field CISO and runs the vCISO practice directly, built for companies that need a CISO voice in the room before they need a CISO on the payroll.
You are closing enterprise deals that keep asking for a SOC 2 report, a security questionnaire, and a named executive in the room. You need a real answer, not a template.
You need a trusted security executive who can sit across multiple companies, run the program, and translate risk into numbers your LPs understand.
Your CISO left, your VP Eng is covering security on top of a day job, or you need interim leadership while you run a proper executive search.
Elissa has built, led, and shipped inside cybersecurity for most of her career. She served as Chief Product and Technology Officer at Cointelegraph, where she ran product and engineering for one of the most-read independent newsrooms in crypto, and as CTO for Global Growth Strategy at Yonex, a publicly traded company. Before that she was CEO of Faster Than Light, a static analysis platform built for developers who ship fast and still want their code audited before it hits production.
Earlier in her career she led product at Brave during its earliest growth, helped launch Geekcorps (acquired) and Everyday Health (IPO), and was a MACH37 portfolio founder with JeKuDo. She has keynoted BSidesCharm and spoken at DEF CON, PyCon events worldwide, and DevOpsDays events worldwide on container security, Kubernetes hardening, and the ethics of shipping secure software. She edited Lean Out (OR Books, 2015) and her bylines have appeared in TIME and the Christian Science Monitor. She holds a BA from Williams College.
At Lorikeet she serves as Field CISO and runs the vCISO practice directly. Bring a senior expert into your organization — the advice and hands-on operational support you need to protect the business.
Elissa specializes in right-sizing security initiatives to fit a company's budget and threat model. Whatever your resources, we can prioritize to create the most impact for the time and money spent.
A baseline assessment, a prioritized 12-month roadmap, and quarterly reviews tied to your business objectives.
SOC 2 Type I and II, ISO 27001, PCI DSS, HIPAA. Auditor liaison, evidence ownership, and clean audit outcomes.
Board decks, security questionnaire support, and the hard conversations with LPs and enterprise procurement teams.
A full policy set, built to your context and not copy-pasted from a template. Reviewed annually, updated on exception.
Vendor inventory, tiering, and an approval workflow that does not grind procurement to a halt.
An IR plan your team will actually follow, tabletop exercises, and executive-level coordination when something real happens.
Mentorship for your first security hires. We raise their ceiling instead of replacing them.
Direct pipeline into Lorikeet's pentest and ASM practices. Findings route straight into your roadmap.
Customer calls, sales cycles, due diligence, acquisition paths. A named executive answering the security questions.
A 45 minute working session. We leave with a shared picture of where you are, what is on fire, and what the next 90 days look like.
Controls review, architecture walkthrough, policy audit, and a prioritized gap analysis. You get the document. Your auditor does not.
A 12 month security roadmap, scoped to your compliance obligations, customer contracts, and engineering capacity.
Weekly execution, monthly reporting, quarterly board updates. The roadmap becomes the calendar.
Tell us what is in front of you. Audit in 60 days. Enterprise deal stuck on a questionnaire. Board asking hard questions. We will tell you honestly whether a vCISO is the right shape of help, and if it is, Elissa is on the call.
Hi, I'm Lory! Need help finding the right service? Click to chat!
