Services & Pricing

Security Leadership on Your Terms

Transparent, right-sized CISO engagements from startup to enterprise. Plus our AI-powered NIST policy generator — policies built in 60 seconds, not weeks.

Fractional CISO Services

Three tiers. No hidden fees.

Every engagement includes direct access to a senior security executive. You get expertise on demand, priced for where you are today.

Startup
Security foundations for early-stage companies
$999 /mo
Billed monthly
  • Policy templates (NIST CSF aligned)
  • Quarterly security posture reviews
  • Compliance roadmap (SOC 2 prep)
  • 2 advisory calls/month (30 min each)
  • Vendor risk questionnaire review
  • Slack/email security guidance
  • Incident response plan outline
Start with Startup
Growth
Full fractional CISO for scaling companies
$5,000 /mo
Billed monthly
  • Fractional CISO 1–2 days/week
  • SOC 2 / ISO 27001 preparation
  • Board-ready security reports
  • Incident response planning & runbooks
  • 4 advisory calls/month (60 min each)
  • Security awareness training oversight
  • Vendor & third-party risk program
  • Policy & procedure library (full)
  • Quarterly executive briefings
Start with Growth
Enterprise
Full vCISO with dedicated team coverage
$12,000+ /mo
Billed monthly — custom scope
  • Full vCISO + extended team
  • Multi-framework compliance programs
  • 24-hour incident response SLA
  • Board & investor presentations
  • CMMC, HIPAA, PCI DSS as needed
  • Security program build-out
  • Dedicated Slack channel
  • Monthly strategy sessions
  • M&A due diligence support
Start with Enterprise
AI-Powered Product

NIST Security Policy Package

Stop paying consultants $20,000 to draft policies you'll spend 6 months reviewing. Our AI engine generates 8 NIST CSF-aligned security policies — customized to your industry, company size, regulatory environment, and risk appetite. Done in under 60 seconds.

  • 📈
    Access Control Policy
  • 🛡
    Incident Response Policy
  • 🔒
    Data Protection Policy
  • Risk Management Policy
  • 🎓
    Security Awareness & Training Policy
  • 💾
    Asset Management Policy
  • 🔁
    Business Continuity Policy
  • 🤝
    Vendor Risk Management Policy
AI-generated in under 60 seconds
One-Time Purchase

NIST Policy Package

Access Control Incident Response Data Protection Risk Management Security Training Asset Management Business Continuity Vendor Risk Mgmt
$2,500 one-time
Policies tailored to your profile via AI — no consultant hours, no weeks of back-and-forth.
Get Your Policies
Across All Tiers

What's included

Every engagement is built around your business, not a template. Here's what you get regardless of tier.

🌟

Senior Security Executive

Not a project manager or junior analyst. You work directly with a practitioner who has built and run security programs at scale.

📋

Clear Documentation

Policies, procedures, and roadmaps you can actually use. No binders collecting dust on a shelf.

💬

Direct Communication

Slack, email, and calls — not a ticketing system. You reach the person doing the work.

📊

Progress Reporting

Quarterly reviews with metrics that matter to your business, not generic compliance checklists.

🛡

Incident Response

When something goes wrong, you have a seasoned responder on the line — not a panic button that rings an answering service.

🌐

Flexible Engagement

Scale up or down as your needs evolve. No multi-year contracts locking you in before you've seen results.

Find the right fit for your business

A free 30-minute assessment to map your security needs to the right tier. No pitch deck, no pressure — just a conversation about where you are and where you need to go.

Book a Free Assessment
Typical response within 24 hours
FAQ

Common questions

Straight answers to the questions we hear most from prospects evaluating fractional CISO services.

All tiers are month-to-month after an initial 3-month term. We ask for 90 days to establish baseline and show meaningful progress — after that, you're free to adjust or exit with 30 days notice.
Managed security providers (MSSPs) operate tools and respond to alerts. We provide strategic direction — the person who decides which tools to buy, what compliance means for your roadmap, and how to communicate security to your board. Think of us as the CISO, not the SOC.
Startup tier works best for Seed to Series A companies under 50 people. Growth is designed for 50–500 person companies navigating SOC 2 or early compliance requirements. Enterprise is built for Series B+ companies with complex regulatory needs or active board/investor pressure on security posture.
Yes. The NIST Policy Package is available as a standalone one-time purchase for $2,500. It's also included at no additional cost in Growth and Enterprise engagements — we build it into your program from the start as your policy foundation.
Yes. We routinely sign BAAs for HIPAA-regulated clients and can accommodate other standard contractual security requirements. Enterprise engagements typically include a full security questionnaire response process.
Common scenario. We embed as a senior advisor who mentors your team, fills gaps in expertise (cloud security, incident response, compliance), and handles things your team doesn't have bandwidth for. You keep the institutional knowledge; we bring the depth.