Everything we do, on one page.
Engagements fall into one of four shapes: a productized Sprint, a monthly retainer, a one-time assessment, or an advisory project. If you are not sure which you need, book a call.
vCISO Retainer
Embedded security leadership, month to month.
Enterprise Sales Security Enablement
Make security a sales enabler, not a deal blocker.
Attack Surface Management
Continuous visibility into your external attack surface.
Penetration Testing
Practitioner-led offensive security engagements.
ISO 27001 Assessment
ISO 27001 readiness and certification preparation.
HIPAA Assessment
HIPAA Security Rule readiness for healthcare SaaS.
CMMC Readiness
CMMC Level 1 and Level 2 readiness for DoD contractors.
NIST CSF Assessment
NIST Cybersecurity Framework maturity assessment.
Cloud Security Review
AWS, GCP, or Azure configuration and architecture review.
Incident Response Readiness Assessment
Can you actually respond to an incident today?
Policy Compliance Review
Are your policies actually being followed?
Vulnerability Scanning
Recurring authenticated and external vulnerability scans with actionable reports.
Incident Response Planning
Runbooks, tabletops, and actual preparedness.
Security Policy Authoring
Policies you will actually follow, not template dumps.
Risk Management Program
A risk register that informs decisions, not just checks boxes.
Vendor Risk Management
Third-party security assessments that are not a 200-question form.
Vendor Security Questionnaire Support
Stop losing deals because a questionnaire took 3 weeks.
Board Security Briefing
One slide for the board. Or ten, if they ask.
Threat-Informed Security Strategy
Your security program, built around who actually attacks you.
Trust Centers
Customer-facing security transparency pages that shorten enterprise sales cycles.
Compliance Platform Setup
Vanta, Drata, or Secureframe, configured by someone who does not sell it.
Not ready to talk? Score your SOC 2 readiness.
Twenty questions, a scored PDF in your inbox, a realistic timeline to audit. Free.
Ready when you are
Your next move starts with a 30 minute call.
If vCISO is not a fit, we will say so on the call and point you toward someone who is. If we are, we will scope a Sprint, the 90-Day Foundation, or a retainer right then.