Strategic Cybersecurity for a Complex World

Our Story

Get to Know Us

Stoic Cybersecurity makes cybersecurity work for small and mid-sized organizations by building a program your team can actually run, finish, and improve. We start by identifying the most critical cybersecurity risks to your business, then turn them into a practical plan with clear owners, realistic timelines, and bite-sized deliverables. No enterprise-style red tape. No massive reports or sprawling roadmaps that never get implemented. Just the right amount of structure to drive consistent progress.

We deliver measurable outcomes and financially rational decisions. Every initiative is tied to a concrete result: reduced exposure, faster detection and response, fewer high-risk gaps, and stronger recovery. We also help you stop paying for tools you do not need, leverage our relationships to reduce the cost of the tools you do need, consolidate what can be consolidated, and invest where it actually lowers risk. The goal is to build an effective security program you can sustain, with straightforward vCISO guidance based on trust, transparency, and results, not fear, exploitation, or rent-seeking.

Meet our Experienced Cybersecurity Team

Managing Director

Susan Sons

Susan E. Sons serves as Managing Director at Stoic Cybersecurity, where she leads vCISO services and SOC/incident response operations, provides cybersecurity leadership for clients, and mentors developing vCISOs and emerging CISOs. She is known for building security programs that are mission-aligned, measurable, and sustainable.

With more than two decades experience in IT and over a decade in cybersecurity, Susan has built and scaled 24/7 security operations and incident response capabilities for complex environments spanning higher education and research, critical-services ecosystems, and small and mid-sized businesses. Susan built a research-focused SOC and transitioned it from grant funding to a durable fee-for-service model. As part of that work, she established fractional CISO and CISO advisory offerings and helped develop three new CISOs in two years.

Susan blends strategic leadership with hands-on technical depth across secure architecture, software security, and operational technology (ICS/SCADA). Results from past cybersecurity leadership roles include cutting incident response times by 91%, reducing personnel costs by 60%, and implementing automation that shortened certificate turnaround from about two weeks to under two hours. She has trained 800+ professionals and students through trainings and bootcamps, contributed to cybersecurity practice guidance and publications, and holds the CISSP. Comment end

Technical Director

Andrew D. Kirch

Andrew Kirch, CISSP, is a co-founder of Stoic Cybersecurity. As Stoic’s Director of Technology, Andrew is architect and keeper of our technical infrastructure, and a key player in our vCISO program.

Before moving into management, he leveraged deep technical expertise to design and implement programs that reduced attack surface, improved resilience, and strengthened governance.

He led PCI-aligned network redesign and segmentation to shrink compliance scope and limit lateral movement. He modernized defensive controls by establishing structured patching and layered protections, including endpoint detection, IDS/IDP, WAF, and CDN, improving prevention and detection across the environment. He strengthened ransomware- and outage-ready recovery by replacing legacy virtualization and implementing modern backup and disaster recovery patterns, improving recoverability and operational continuity. He built executive-grade monitoring and reporting to increase visibility into system health and security posture, enabling faster, better-informed decisions. He also implemented cloud governance that significantly reduced spend while improving accountability, control, and consistency in cloud operations.

Peace of mind starts here

You don’t need an enterprise budget to get enterprise-grade thinking.

Let’s talk about what’s keeping you up at night, and how we can help.