Services

Four offerings. Fixed scope, fixed price.

No hourly billing, no scope creep, no consultant theater. Every engagement leaves you measurably more secure with documentation an auditor can read without complaint.

01 / AUDIT
SOC 2 / ISO 27001 Readiness
For startups whose first enterprise customer just asked the security question.
Contact for pricing
What's included
  • Full Workspace + GCP control audit
  • Endpoint & IAM posture review
  • PHI/PII data flow mapping
  • BAA & vendor risk inventory
  • Control matrix vs SOC 2 / ISO Annex A
You'll receive
  • Board-ready executive summary
  • Detailed audit report (25–40 pp)
  • Prioritized remediation roadmap
  • 30-day post-engagement support
2–3 weeks timeline Fixed scope Board-ready deliverable
02 / SPRINT
Workspace + GCP Hardening
One week, hands-on. We leave you measurably more secure with a runbook to maintain it.
Contact for pricing
What we'll harden
  • OU restructure & tiered policy
  • 2SV / passkey enforcement
  • OAuth third-party app governance
  • Context-Aware Access policies
  • DLP for PHI / PII / financial data
You'll receive
  • Hardened Workspace + GCP config
  • Before/after posture report
  • Admin runbook & maintenance guide
  • 30-day email support
1 week timeline Hands-on implementation 30-day support
03 / BUILD
Custom IT Automation
For teams with a specific painful workflow they want gone. Scoped per project.
Contact for pricing
Common builds
  • Onboarding / offboarding automation
  • Audit log pipelines (BigQuery + Looker)
  • Custom Cloud Run security detectors
  • Apps Script approval workflows
  • Telegram / Slack alerting systems
Every build includes
  • Working code in a Git repo you own
  • Deployment guide & runbook
  • 60-min handoff session
  • 30-day bug-fix warranty
2–6 weeks per build Code you own Optional 10–15%/mo retainer
04 / RETAINER
Fractional IT & Security
For 50–200 person startups with no dedicated IT or security headcount.
Contact for pricing
What's included
  • 4–8 hours per week of advisory
  • Quarterly posture reviews
  • Incident response on call
  • Policy upkeep & auditor questions
  • Vendor / BAA review as needed
Best fit
  • No CISO or security engineer yet
  • Selling to enterprise buyers
  • Need consistent posture upkeep
  • Cannot justify full-time hire yet
Monthly retainer Cancel anytime after 3 months vCISO-lite advisory

Not sure where to start?

Book a free 20-minute review. We'll tell you honestly which offering fits — or whether you don't need us yet.

Book a free review →