SOC 2 readiness, with the pentest most firms skip.
For founders looking for a SOC 2 readiness consultant who also runs the pentest and continues as vCISO after the audit. That is the entire pitch.
A 2-week productized engagement. You get a SOC 2 gap analysis, a policy inventory, a focused penetration test, and an executive readout. $2,500 flat, credited in full against your first month of retainer if you continue.
Looking for the deeper readiness write-up rather than the productized Sprint? See the SOC 2 Readiness Assessment overview. Want a free 4-minute snapshot first? Take the SOC 2 Readiness Scorecard.
Most SOC 2 assessments are paper only. This one is not.
Our founder spent over a decade in practitioner-grade offensive security. Your auditor checks that you have a policy. We check whether your policy matches what is actually running in production, and whether that is actually secure.
Gap analysis against SOC 2 TSC
Complete Trust Services Criteria checklist, prioritized by cost and effort to close. Not a generic template. Your actual gap.
Policy inventory with templates
The policies you need, the policies you have, and ready-to-edit templates for every missing one.
Light penetration test
8 to 12 hours of focused offensive work on your auth flow, API, and common web vulnerabilities. What an attacker finds in the first day.
Executive readout and deck
30-minute presentation to your leadership team. You keep the slides for your board.
Two weeks, from kickoff to readout.
We book Sprints a week in advance. Most kickoffs happen within 5 business days of payment.
Week 1, day 1
Week 1, day 1
Kickoff call
60 minutes. We confirm scope, access, and the two or three things that matter most to your audit date.
Week 1, days 2 – 5
Week 1, days 2 – 5
Gap analysis and pentest
We run through Trust Services Criteria and execute the focused pentest in parallel.
Week 2, days 1 – 3
Week 2, days 1 – 3
Report and roadmap
We deliver a prioritized remediation roadmap with effort estimates, policy templates, and pentest findings.
Week 2, day 4 – 5
Week 2, day 4 – 5
Executive readout
30-minute presentation to your leadership team, and a scoped retainer proposal if it makes sense.
$2,500 counts toward month one of any retainer.
If you sign a retainer within 30 days of your Sprint, the $2,500 is credited in full against your first month. The Sprint becomes the discovery work for the retainer, not a separate line item.
Ready when you are
Your next move starts with a 30 minute call.
If vCISO is not a fit, we will say so on the call and point you toward someone who is. If we are, we will scope a Sprint, the 90-Day Foundation, or a retainer right then.