How do you not let this happen to you...

  • You Can Hire Staff

    A full-time CISO will cost you $250K annual salary minimum, and this doesn't count the team they'll need

  • You Can Hire Consultants

    Count in tens-of-thousands of dollars you will spend for projects that hopefully meet your expectations

  • You Can Do It Yourself

    While you may have time to get done some of what needs to be done, do you really have time to learn a whole other discipline?

  • Take a Blended Approach

    1) Get done what you have time and capability to do. 2) Have a strategic guide and safety net with deep Cybersecurity, SOC2, Compliance expertise. 3) Have on-demand help at your fingertips ready.


You can use the time for Cybersecurity, SOC2, Compliance, Risk, Privacy, GRC, Policies, Audits, Regulators, Metrics, Incident Response, Vendor or Supplier Risk, etc. You are not limited in what you need to get done, and how we can help you from advisory to accountability to coaching to hands-on, or any combination.


You are the expert in your business and we are the expert in Cybersecurity, SOC2, Compliance, etc. We join forces with you in mutual respect to create your best result. We listen and respond, not dictate.


Whether you're a growing or established company, a small or larger relationship, the level of consultant and expertise is the same. You don't get shortchanged with junior talent just because you don't have endless funds.


We don't force you into doing it our way and on our terms. You get to choose how much you need, adjust it as your business grows, and be in control of how it's used and what it accomplishes. We're not going to coerce you into spending you don't need.


We don't play games where we're the expert, know everything, and you know nothing. We work with you in transparency to coach you in what you may not know, and how to best, creatively if need be, achieve that end for your business.


We don't operate that you have to be, or do as it's always been. We are flexible to help you achieve what you see as priority that adds the most value to your business, in your timeframe and pace, and at your budget. You get to be you on your individualized path.


We are straightforward in what we provide and how we work with our clients. It's your party so you get to choose the 1) availability you want, 2) level of support you want, 3) objectives you want to achieve, and 4) schedule the time how you want.

Take the next step, book your Discovery Session

Let us help you unpack it, put some structure around your priorities and what you're trying to accomplish.

In this 1 hour working strategy session, we will:
  1. Identify your top Cybersecurity, SOC2, Compliance objectives to add most value and protection for your business
  2. Prioritize to get iterative and simultaneous traction for you according to your budget
  3. Anticipate challenges, roadblocks, gotchas, constraints along with way in an ever-changing security and Compliance landscape

If you move forward with a certain level Monthly On-Demand Expert subscription, this will be credited to that upgrade.

We Help You

Not an exhaustive list, but these are listed here to get you thinking the incredible Cybersecurity, SOC2, and Compliance value you can infuse into yourself and your company without overpaying for things you don't need or trying to do everything all at once.

  • SOC2 Readiness + Gap Assessment + Remediation + Audit

  • Cybersecurity + Data Protection (PHI, PII) + Frameworks (NIST CSF, HITRUST CSF, ISO 27001)

  • Risk Assessments (Enterprise, IT, Security) + Risk Management + Risk Register + Treatment

  • Compliance (SOC2, HITRUST, HIPAA, FFIEC, PCI DSS) + Auditor Support + Regulator Support

  • Privacy (SOC2, GDPR, CCPA)

  • GRC (Governance Risk Compliance) + Tools + Automation

  • Incident Response + Breach Support

  • Vendor or Supplier Risk + Security Questionnaires

  • Policies + Processes + Best Practice + Exceptions

  • Business Continuity (BCP) + Business Impact Analysis (BIA) + Disaster Recovery (DR) + Tabletops

Meet Cheri, MBA, CPA, CISSP, BCC

Your Cybersecurity, SOC2, Compliance Expert On-Demand

Owner Principal, vCISO

Cheri Hotman

Cheri’s graduated with an MBA from the University of Texas at Dallas and her drive toward Tech and cybersecurity has only grown since then. With a Corporate career - to the Vice President level - in banking, financial services, and consulting, she has a firm grasp on the particulars of the business world. Continuing education and consultancy work has made her even more informed and effective on the topic of modern cybersecurity. Cheri is a CPA, meaning she can both perform SOC 2 audits and help companies prepare for them. She is a BCC (Board Certified Coach), and holds her CISSP (Certified Information Systems Security Professional) - the gold standard in cybersecurity. In sum, you can count on her to know her stuff!


  • Can you do my SOC2 audit, or help me get ready for a SOC2 audit?

    Yes, Cheri is a CPA registered in the state of Texas to conduct SOC2 audits. We also do SOC2 Readiness (or gap assessment) on a regular basis for companies. We can either help you evaluate yourself with an add-on template, or we can do it for you. Both of these are separate fixed fee engagements, not part of the Monthly On-Demand Expert.

  • Will you read documents, like policy, to help get them finalized or provide input? Will you attend a Board or other meeting? Will you help with me with a GRC tool?

    Yes, yes, and yes. The On-Demand Expert time is yours to choose how you use. We are here to partner our expertise with you as you drive towards creating the best Cybersecurity, SOC2, Compliance posture for your company.

  • How do I know what level I should select to start?

    What is your budget and level of commitment towards Cybersecurity, SOC2, Compliance matters? You should select a level consistent with those. And since you can always increase the number of hours (or even cancel), don't stress about the level to start. There's little risk. Just commit today to consistently prioritizing these tough items so you don't jeopardize your company's data or clients.

  • How much or little time can I book in a single meeting, and can it be rescheduled? Who will be meeting with me?

    You schedule meetings for 30, 60, or 90 minutes during business hours Central Standard Time Monday through Friday. For rescheduling, no worries, life happens. Meetings can be rescheduled within 24 hours with no loss of time. Cheri, MBA, CPA, CISSP, BCC runs the practice so she is at the forefront of serving all clients. At times she may delegate a meeting or task based upon the content and fit. She is high excellence so you can rest assured anyone she works with won't disappoint.

  • What if I run out or don't use all of my hours in a month?

    Monthly On-Demand Expert hours can be increased or decreased as often as you need to fit your objectives and priorities. Changes take effect the next calendar month. To maintain your commitment and consistency to Cybersecurity, SOC2, and Compliance, it is encouraged at the first of every month to schedule your time so it is not lost or forgotten. The hours reset at the beginning of each month with no roll over.

  • What if I need something you don't do?

    If it's related to Cybersecurity, SOC2, Compliance, Technology, and a whole host of related disciplines, we have many partners and relationships in the marketplace to help point you to the best alternative.

  • Do you offer Cybersecurity, SOC2, Compliance hands-on help beyond the monthly on-demand expert?

    Yes, Hotman Group is a full practitioner firm with many templates and tools to accelerate your Cybersecurity, SOC2, Compliance goals. In most cases, we provide fixed bids for specific projects and deliverables. Contact us so we can work with you to solution what you need in the timeframe you need it.

  • What are the other terms, or if I have additional questions?

    Subscriptions are billed automatically, and can be canceled anytime before the next billing cycle. Any payments made are non-refundable. There are links at the bottom of the page for Terms of Service and Privacy Policy. Any questions, please don't hesitate to email

  • What if I want to refer someone? Do you have an affiliate program?

    We thank you for your referrals, and yes we do have an affiliate program. Send an email to so we can get you the details and set you up.

Be Your Company's Cybersecurity, SOC2, Compliance Champion

This stuff isn't going away. Delaying it isn't helping your company either. Hitting it head on, taking charge over it is the way to go. Set up your Discovery Session so we can devise a strategy and get this going for you!