Engagement tiers
Fixed-fee engagements. Clear deliverables. No surprises.
Six tiers — five fixed-fee productized engagements plus an ongoing retainer. Every tier has a defined scope, duration, and deliverable. Start with the Posture Check; we will tell you honestly which tier fits from there.
Compare tiers
Use this table to understand which engagement matches where you are.
| Tier | Scope | Duration | Deliverable | Price | Best for |
|---|---|---|---|---|---|
| Posture Check | Identity, email, endpoint, file-sharing, monitoring, access, training, incident readiness — twelve specific check items ... | Two weeks. | Posture report (PDF), prioritized 90-day roadmap, executive summary. | Fixed fee | Buyers who want to know exactly where they stand before committing to a broader ... |
| Tune-Up | MFA enforcement at scope; conditional access policies; OAuth third-party app inventory and revocation; identity protecti... | Four to six weeks. | Hardened tenant + documented control changes + evidence package + handoff playbook. | Fixed fee | Buyers with a known identity-attack-surface problem — recent incident, customer ... |
| Prep Sprint | Framework selection and scoping; control gap analysis; remediation roadmap; control implementation (in scope of what we ... | Ninety days fixed-fee for phase 1 (gap analysis + roadmap); execution priced per quarter thereafter. | Audit-ready posture + complete evidence library + auditor-friendly attestation packet. | Fixed fee for phase 1 | Compliance hook, customer-review hook. |
| Insurance Ready | Carrier questionnaire response; control gap closure for required controls; carrier-friendly attestation package; documen... | Three to four weeks. | Completed renewal questionnaire + attestation document + control evidence + carrier presentation if ... | Fixed fee | Buyers in active renewal cycle, especially those facing tightening carrier requi... |
| Incident Triage | Initial triage call; scope assessment (blast radius determination); containment guidance; evidence preservation steps; r... | Triage call + one week of follow-up. | Incident summary + containment guidance + remediation roadmap + (if applicable) communication recomm... | Fixed fee for triage | Active or recent incidents where the buyer needs immediate, calm expertise. |
| White Glove Concierge | Ongoing vCISO advisory + continuous monitoring + monthly scorecards + quarterly executive readouts + on-call response + ... | Monthly retainer, twelve-month minimum. | Monthly posture scorecard, quarterly briefing, on-call availability, evidence library maintained, au... | Starting at — tiered by company size | Organizations that need ongoing security leadership, continuous monitoring, and ... |
Posture Check
Duration: Two weeks.
Price: Fixed fee
Identity, email, endpoint, file-sharing, monitoring, access, training, incident readiness — twelve specific check items executed with tenant-level review.
Tune-Up
Duration: Four to six weeks.
Price: Fixed fee
MFA enforcement at scope; conditional access policies; OAuth third-party app inventory and revocation; identity protection enabled; admin role review; sign-in risk policies; emergency access account; baseline DLP for sensitive labels.
Prep Sprint
Duration: Ninety days fixed-fee for phase 1 (gap analysis + roadmap); execution priced per quarter thereafter.
Price: Fixed fee for phase 1
Framework selection and scoping; control gap analysis; remediation roadmap; control implementation (in scope of what we can do; auditor-side handoff for the rest); evidence collection; auditor liaison.
Insurance Ready
Duration: Three to four weeks.
Price: Fixed fee
Carrier questionnaire response; control gap closure for required controls; carrier-friendly attestation package; documentation of any compensating controls.
Incident Triage
Duration: Triage call + one week of follow-up.
Price: Fixed fee for triage
Initial triage call; scope assessment (blast radius determination); containment guidance; evidence preservation steps; recommended remediation; if-needed handoff to a full DFIR firm.
White Glove Concierge
Duration: Monthly retainer, twelve-month minimum.
Price: Starting at — tiered by company size
Ongoing vCISO advisory + continuous monitoring + monthly scorecards + quarterly executive readouts + on-call response + control roadmap execution.
Tier details
Each engagement has a defined scope, timeline, and set of deliverables. No billable-hour uncertainty. No scope creep.
Posture Check
Twelve-point SaaS security inspection.
- Scope
- Identity, email, endpoint, file-sharing, monitoring, access, training, incident readiness — twelve specific check items executed with tenant-level review.
- Duration
- Two weeks.
- Deliverable
- Posture report (PDF), prioritized 90-day roadmap, executive summary.
- Price
- Fixed fee
- Best for
- Buyers who want to know exactly where they stand before committing to a broader security program.
- Trigger match
- Customer reviews, Compliance, Incidents
Typical next: Tune-Up or Prep Sprint.
Tune-Up
Identity hardening sprint for Microsoft 365 or Google Workspace.
- Scope
- MFA enforcement at scope; conditional access policies; OAuth third-party app inventory and revocation; identity protection enabled; admin role review; sign-in risk policies; emergency access account; baseline DLP for sensitive labels.
- Duration
- Four to six weeks.
- Deliverable
- Hardened tenant + documented control changes + evidence package + handoff playbook.
- Price
- Fixed fee
- Best for
- Buyers with a known identity-attack-surface problem — recent incident, customer review pressure, audit prep.
- Trigger match
- Customer reviews, Compliance, Incidents
Typical next: Concierge.
Prep Sprint
Audit-ready in ninety days. SOC 2, PCI, HIPAA, CMMC, or customer-driven security review.
- Scope
- Framework selection and scoping; control gap analysis; remediation roadmap; control implementation (in scope of what we can do; auditor-side handoff for the rest); evidence collection; auditor liaison.
- Duration
- Ninety days fixed-fee for phase 1 (gap analysis + roadmap); execution priced per quarter thereafter.
- Deliverable
- Audit-ready posture + complete evidence library + auditor-friendly attestation packet.
- Price
- Fixed fee for phase 1
- Best for
- Compliance hook, customer-review hook.
- Trigger match
- Compliance, Customer reviews
Typical next: Concierge for ongoing.
Insurance Ready
Cyber insurance renewal preparation.
- Scope
- Carrier questionnaire response; control gap closure for required controls; carrier-friendly attestation package; documentation of any compensating controls.
- Duration
- Three to four weeks.
- Deliverable
- Completed renewal questionnaire + attestation document + control evidence + carrier presentation if requested.
- Price
- Fixed fee
- Best for
- Buyers in active renewal cycle, especially those facing tightening carrier requirements.
- Trigger match
- Compliance, Customer reviews
Typical next: Tune-Up or Concierge.
Incident Triage
Immediate expert response when an incident occurs.
- Scope
- Initial triage call; scope assessment (blast radius determination); containment guidance; evidence preservation steps; recommended remediation; if-needed handoff to a full DFIR firm.
- Duration
- Triage call + one week of follow-up.
- Deliverable
- Incident summary + containment guidance + remediation roadmap + (if applicable) communication recommendations for legal/customers.
- Price
- Fixed fee for triage
- Best for
- Active or recent incidents where the buyer needs immediate, calm expertise.
- Trigger match
- Incidents
Typical next: Tune-Up, then Concierge.
White Glove Concierge
Ongoing security leadership without the headcount.
- Scope
- Ongoing vCISO advisory + continuous monitoring + monthly scorecards + quarterly executive readouts + on-call response + control roadmap execution.
- Duration
- Monthly retainer, twelve-month minimum.
- Deliverable
- Monthly posture scorecard, quarterly briefing, on-call availability, evidence library maintained, audit support included.
- Price
- Starting at — tiered by company size
- Best for
- Organizations that need ongoing security leadership, continuous monitoring, and program execution without building internal headcount.
- Trigger match
- Customer reviews, Compliance, Incidents
Typical next: —
Not sure which tier fits?
Start with a Posture Check. We will show you exactly where you stand and recommend the right next step — no commitment, no pitch.