Work with me

Work with me. Pick the right engagement.

Four engagement shapes, sized to four different problems. Most buyers know they need security help; not everyone knows which shape of help they actually need. Two minutes of reading saves you a discovery call.

If none of the four below feel right, book a discovery call anyway. We will scope something that fits, or tell you honestly that we are not the right firm for what you need.

Book a discovery callTake the scorecard first
Decision tree

Pick the engagement that matches what is driving your timeline.

If: Audit on the calendar in 6-12 weeks

SOC 2 Sprint

$2,500 one-time

Two-week productized engagement. Gap analysis tied to production evidence, light pentest, policy templates, executive readout. Sprint cost credits in full toward retainer if you continue.

See the SprintBook a kickoff

If: Need ongoing program ownership

Strategic vCISO retainer

$5,000 / month

Monthly cadence. Strategic ownership, policy authoring, customer security questionnaires, annual IR + DR tabletop. 48-hour response SLA. Default for growth-stage SaaS, healthtech, fintech.

See pricingBook a discovery call

If: Hands-on weekly engagement, board cadence

Embedded vCISO retainer

Inquire

Custom-scoped engagement for audit prep, M&A diligence, post-incident program rebuilds, or Series B/C in regulated industries. Weekly cadence. Hands-on policy authoring, board briefings, compliance platform admin, same-day response SLA, on-call IR leadership.

Inquire about availabilityBook a discovery call

If: Want 50% off retainer for 12 months

Founding Cohort

$2,500 / mo

Five founding retainer slots: Strategic vCISO at $2,500/mo for 12 months (50% off the $5,000 list rate). Plus the Sprint at $500. Embedded vCISO custom-scoped and negotiated case-by-case for cohort members. Trade: testimonial, case study rights, reference call. Year two reverts to list.

Apply for a founding slot
Honest disqualifiers

When we are not the right firm.

Three scenarios where we will tell you so on the discovery call and point you toward the right alternative.

Your procurement requires a Big 4 brand

If your buyer or audit committee specifically requires Deloitte / KPMG / EY / PwC on the contract, we are not it. Some procurement gates are immovable. Pick a Big 4 firm and accept the partner-rate, associate-staffed delivery model.

You need 24/7 SOC monitoring

We do not run a security operations center. If you need eyes-on-glass alert triage, hire a managed detection and response provider (Arctic Wolf, Expel, ReliaQuest) and pair them with a vCISO for the program-level work. We have referred clients to MDRs many times.

You want hourly contractor pricing

We are not a $30 to $50 per hour shop. If your budget is at that ceiling, you are looking for a freelancer rather than a senior firm. Several legitimate freelancer marketplaces exist; we can recommend one if you ask.

Still not sure?

Take the 4-minute SOC 2 Readiness Scorecard. The scored PDF tells you which engagement shape fits your current posture, with no sales pitch attached. Or book a 30-minute discovery call and we will scope it together.

Take the scorecardBook a discovery call

Not ready to talk? Score your SOC 2 readiness.

Twenty questions, a scored PDF in your inbox, a realistic timeline to audit. Free.

Start the scorecard