vCISO case study: Retailer