Risk Assessment
A posture review against NIST CSF 2.0 or ISO 27001. Written report, risk register, prioritized 90-day remediation plan, and executive readout.
See engagement →Practice · Four core areas
Cybersecurity consulting, in writing.
Four core practice areas and senior advisory by the hour. Every engagement starts with a one-page statement of work and ends with source files the client owns outright.
No. 01 · Practice areas
What we do.
Compliance & Audit Readiness
SOC 2, HIPAA, PCI-DSS, CMMC, and NIST 800-171. Gap analysis, policy library, evidence runbook, and audit accompaniment.
See engagement →Virtual CISO
Senior security leadership on a monthly retainer. Strategy, board reporting, vendor reviews, architecture sign-off, and incident command.
See engagement →Incident Response
Same-day response retainer. Containment, forensics, breach-notification support, and post-incident hardening.
See engagement →No. 02 · Senior advisory
By the hour
For a single decision.
One-hour minimum. Architecture review, vendor selection, tabletop, board prep, AI policy review.
Security Consulting
Architecture review, vendor selection, tabletop facilitation, policy redlines, executive coaching.
See engagement →AI Security
NIST AI RMF, OWASP LLM Top 10, model governance, AI acceptable use policy authorship.
See engagement →No. 03 · Industries
Who we work with.
Mid-market and small businesses across regulated and non-regulated industries.
HealthcareHIPAA, ePHI
SaaSSOC 2, ISO 27001
FinancialGLBA, PCI-DSS
DefenseCMMC, NIST 800-171
ProfessionalLaw, accounting
ManufacturingIP, OT security
No. 04 · Engage
Not sure which engagement fits?
A thirty-minute call to understand your business and what's pushing the question. If we're not the right firm, we'll say so.