CISO Marketplace Sourcing runs on a five-step process. You do steps 1 and 3. We do the rest. Here's exactly what happens between submitting a brief and receiving vendor proposals.
Ten free TCO calculators and risk assessors cover the most common sourcing categories — SASE readiness, SOC build vs buy, firewall throughput, SD-WAN vs MPLS, endpoint licensing, IAM/Zero Trust TCO, cloud egress cost, UCaaS vs on-prem, mobility audit, and IoT/OT risk. Each takes 2–5 minutes and produces a PDF with a vendor shortlist and the math behind it.
The tool output pre-fills your sourcing brief with your gap profile, sizing numbers, and category — so you don't have to explain the problem twice. If you skip the tool, the brief takes a few more minutes.
Browse all 10 tools →The brief is 8 fields — company size, what you're solving for, current stack, contract timing, decision authority, compliance drivers, budget range, and context notes. That's enough for a certified SE to understand your environment without another discovery call.
If you came from a sizing tool, your scores and gap profile are pre-loaded. If you came from a category or supplier page, your category is pre-selected. Either way, the brief takes about 10 minutes.
Start a brief →A human reviews your brief — not a routing algorithm making final decisions. We validate the fit, assess the category against the advisor network's supplier catalog, and produce an initial shortlist of 2–3 vendors with context: why each one, where they fit your specific gaps, and what the technical conversation will focus on.
You receive the shortlist by email with a proposed time for the Discovery call.
Call 1 (30–45 min): CISO Marketplace Lead. We confirm the brief, ask clarifying questions, and lock down the actual problem vs. the stated problem. You walk away with a written gap summary and refined shortlist.
Call 2 (45–60 min): CISO Marketplace Lead + CISSP-credentialed solutions engineer from our advisor network. Architecture options walk-through, vendor shortlist refinement, RFP specification preparation. The engineer isn't paid by any vendor — they work the architecture conversation on your behalf.
How our engineers work →The engineer translates the architecture conversation into vendor-quotable specifications — throughput numbers, user counts, integration requirements, compliance scope, geographic coverage — and sends those into the supplier portfolio. Each vendor in the shortlist receives the same specifications and returns proposals on the same timeline.
You receive the proposals with the engineer's read on each: where the pricing looks market-rate, where to push back, what the implementation complexity actually looks like. Then you decide.
The sourcing service is free for security buyers. Tools, brief submission, SE consultation, vendor shortlist, proposal management — all free. No membership required to start.
No vendor pays to appear in the sourcing catalog. Catalog position is earned through the advisor vetting process — capability, reference, and category fit. Not payment.
Standard channel residuals when a deal closes — the same model every technology advisor network has operated on for 30 years. It structurally aligns our incentive with your long-term fit, not the commission on this quarter's close.