Services
Every engagement is scoped, fixed-fee, and independent — no ongoing product margin, no reseller lock-in, no vendor allegiances.
01 · Assessment
3–5 weeks
A structured evaluation of your program against NIST CSF, CIS Controls, or ISO 27001 — delivered as a written finding set with severity, effort, and sequencing, not as a shopping list.
Deliverables
02 · Leadership
6–24 months
External security leadership on retainer. Program governance, board-ready reporting, executive translation, incident stewardship, and roadmap ownership — priced as a fraction of a full-time hire.
Deliverables
03 · Compliance
8–16 weeks
SOC 2, ISO 27001, HIPAA, PCI-DSS, and NIS2 readiness — designed around your actual architecture. We prepare you for the audit; we don't perform it, which is exactly why we can be honest with you.
Deliverables
04 · Engineering
4–10 weeks
Practical hardening across identity, endpoint, network, and workload layers. We focus on the depth of a few high-leverage controls over the surface area of many low-leverage ones.
Deliverables
05 · Cloud
3–6 weeks
AWS, Azure, and GCP configuration reviews grounded in first principles: least privilege, blast radius, defensible defaults. Findings mapped to your actual workload topology.
Deliverables
06 · Rationalization
2–4 weeks
Fewer tools, better outcomes. We audit what you own, what you actually use, what overlaps, and what you can retire — a spend and complexity review no reseller will ever offer you.
Deliverables
Not sure which fits?
Start with a 45-minute briefing. We'll tell you what you actually need — even if it's less than you asked for.