Engagement tiers
Fixed fees. Published prices. No surprises.
Six tiers — five fixed-fee productized engagements plus an ongoing retainer. Every tier has a defined scope, duration, and deliverable. Start with the Posture Check; we will tell you honestly which tier fits from there.
Compare tiers
Use this table to understand which engagement matches where you are.
| Tier | Scope | Duration | Deliverable | Price | Best for |
|---|---|---|---|---|---|
| Posture Check | Identity, email, endpoint, file-sharing, monitoring, access, training, incident readiness — twelve specific check items ... | Two weeks. | Posture report (PDF), prioritized 90-day roadmap, executive summary. | $4,950 fixed fee | Buyers who want to know exactly where they stand before committing to a broader ... |
| Tune-Up | MFA enforcement at scope; conditional access policies; OAuth third-party app inventory and revocation; identity protecti... | Four to six weeks. | Hardened tenant + documented control changes + evidence package + handoff playbook. | $9,500 fixed fee | Buyers with a known identity-attack-surface problem — recent incident, customer ... |
| Prep Sprint | Framework selection and scoping; control gap analysis; remediation roadmap; control implementation (in scope of what we ... | Ninety days fixed-fee for phase 1 (gap analysis + roadmap); execution priced per quarter thereafter. | Audit-ready posture + complete evidence library + auditor-friendly attestation packet. | $14,500 fixed fee for phase 1 | Compliance hook, customer-review hook. |
| Insurance Ready | Carrier questionnaire response; control gap closure for required controls; carrier-friendly attestation package; documen... | Three to four weeks. | Completed renewal questionnaire + attestation document + control evidence + one-page carrier-ready s... | $4,500 fixed fee | Buyers in active renewal cycle, especially those facing tightening carrier requi... |
| Close Call Cleanup | Review of the suspicious activity; indicators-of-compromise sweep across identity, email, file-sharing, and endpoint; ro... | Investigation + one week of follow-up. | Findings summary (what happened, what was exposed) + indicators-of-compromise report + prioritized p... | From $6,500 | Businesses that had a scare — a clicked phish, a suspicious sign-in, an accident... |
| White Glove Concierge | Ongoing vCISO advisory + continuous monitoring and alerting + monthly scorecards + quarterly executive readouts + contro... | Monthly retainer, twelve-month minimum. | Monthly posture scorecard, quarterly briefing, evidence library maintained, audit support included. | Starting at $1,950/mo — tiered by company size | Organizations that need ongoing security leadership, continuous monitoring, and ... |
Posture Check
Duration: Two weeks.
Price: $4,950 fixed fee
Identity, email, endpoint, file-sharing, monitoring, access, training, incident readiness — twelve specific check items executed with tenant-level review.
Tune-Up
Duration: Four to six weeks.
Price: $9,500 fixed fee
MFA enforcement at scope; conditional access policies; OAuth third-party app inventory and revocation; identity protection enabled; admin role review; sign-in risk policies; emergency access account; baseline DLP for sensitive labels.
Prep Sprint
Duration: Ninety days fixed-fee for phase 1 (gap analysis + roadmap); execution priced per quarter thereafter.
Price: $14,500 fixed fee for phase 1
Framework selection and scoping; control gap analysis; remediation roadmap; control implementation (in scope of what we can do; auditor-side handoff for the rest); evidence collection; auditor liaison.
Insurance Ready
Duration: Three to four weeks.
Price: $4,500 fixed fee
Carrier questionnaire response; control gap closure for required controls; carrier-friendly attestation package; documentation of any compensating controls.
Close Call Cleanup
Duration: Investigation + one week of follow-up.
Price: From $6,500
Review of the suspicious activity; indicators-of-compromise sweep across identity, email, file-sharing, and endpoint; root-cause determination; and a prioritized set of changes to prevent a repeat. Not full incident response — if a live breach needs containment, we help you engage a DFIR firm.
White Glove Concierge
Duration: Monthly retainer, twelve-month minimum.
Price: Starting at $1,950/mo — tiered by company size
Ongoing vCISO advisory + continuous monitoring and alerting + monthly scorecards + quarterly executive readouts + control roadmap execution.
Tier details
Each engagement has a defined scope, timeline, and set of deliverables. No billable-hour uncertainty. No scope creep.
Posture Check
Twelve-point SaaS security inspection.
- Price
- $4,950 fixed fee
- Duration
- Two weeks.
- Scope
- Identity, email, endpoint, file-sharing, monitoring, access, training, incident readiness — twelve specific check items executed with tenant-level review.
- Deliverable
- Posture report (PDF), prioritized 90-day roadmap, executive summary.
- Best for
- Buyers who want to know exactly where they stand before committing to a broader security program.
- Trigger match
- Customer reviews, Compliance, Incidents
Typical next: Tune-Up or Prep Sprint.
Tune-Up
Identity hardening sprint for Microsoft 365 or Google Workspace.
- Price
- $9,500 fixed fee
- Duration
- Four to six weeks.
- Scope
- MFA enforcement at scope; conditional access policies; OAuth third-party app inventory and revocation; identity protection enabled; admin role review; sign-in risk policies; emergency access account; baseline DLP for sensitive labels.
- Deliverable
- Hardened tenant + documented control changes + evidence package + handoff playbook.
- Best for
- Buyers with a known identity-attack-surface problem — recent incident, customer review pressure, audit prep.
- Trigger match
- Customer reviews, Compliance, Incidents
Typical next: Concierge.
Prep Sprint
Audit-ready in ninety days. SOC 2, PCI, HIPAA, CMMC, or customer-driven security review.
- Price
- $14,500 fixed fee for phase 1
- Duration
- Ninety days fixed-fee for phase 1 (gap analysis + roadmap); execution priced per quarter thereafter.
- Scope
- Framework selection and scoping; control gap analysis; remediation roadmap; control implementation (in scope of what we can do; auditor-side handoff for the rest); evidence collection; auditor liaison.
- Deliverable
- Audit-ready posture + complete evidence library + auditor-friendly attestation packet.
- Best for
- Compliance hook, customer-review hook.
- Trigger match
- Compliance, Customer reviews
Typical next: Concierge for ongoing.
Insurance Ready
Cyber insurance renewal preparation.
- Price
- $4,500 fixed fee
- Duration
- Three to four weeks.
- Scope
- Carrier questionnaire response; control gap closure for required controls; carrier-friendly attestation package; documentation of any compensating controls.
- Deliverable
- Completed renewal questionnaire + attestation document + control evidence + one-page carrier-ready summary.
- Best for
- Buyers in active renewal cycle, especially those facing tightening carrier requirements.
- Trigger match
- Insurance renewal, Compliance, Customer reviews
Typical next: Tune-Up or Concierge.
Close Call Cleanup
Investigative follow-up after a close call — find what got in and shut the door.
- Price
- From $6,500
- Duration
- Investigation + one week of follow-up.
- Scope
- Review of the suspicious activity; indicators-of-compromise sweep across identity, email, file-sharing, and endpoint; root-cause determination; and a prioritized set of changes to prevent a repeat. Not full incident response — if a live breach needs containment, we help you engage a DFIR firm.
- Deliverable
- Findings summary (what happened, what was exposed) + indicators-of-compromise report + prioritized prevention roadmap + (if applicable) communication recommendations for legal/customers.
- Best for
- Businesses that had a scare — a clicked phish, a suspicious sign-in, an accidental external share — and want to know what happened and prevent a repeat.
- Trigger match
- Incidents
Typical next: Tune-Up, then Concierge.
White Glove Concierge
Ongoing security leadership without the headcount.
- Price
- Starting at $1,950/mo — tiered by company size
- Duration
- Monthly retainer, twelve-month minimum.
- Scope
- Ongoing vCISO advisory + continuous monitoring and alerting + monthly scorecards + quarterly executive readouts + control roadmap execution.
- Deliverable
- Monthly posture scorecard, quarterly briefing, evidence library maintained, audit support included.
- Best for
- Organizations that need ongoing security leadership, continuous monitoring, and program execution without building internal headcount.
- Trigger match
- Customer reviews, Compliance, Incidents
Typical next: —
Not sure which tier fits?
Take the free Posture Self-Check to see where you stand, or book a call and we will recommend the right tier — no commitment, no pitch.