Services

Seven services, each one scoped to your environment before you commit.

Every engagement ships with a kickoff call, a fixed scope, a written report containing the technical findings and an executive summary, and a 30-minute debrief. Pricing reflects the scope of work and the complexity of the environment.

Not sure which one

Start with what you need to solve.

If You want a fast, honest outside read on your current security posture before committing to a larger engagement.

Then Security Posture Snapshot

If You're bringing AI tools into a regulated practice and need policies, training, and a security baseline.

Then AI Readiness and Governance Starter

If You need a formal HIPAA SRA for a renewal, audit, or insurance inquiry.

Then HIPAA Security Risk Analysis

If You're adopting NIST RMF or need a documented control assessment.

Then NIST RMF Controls Assessment

If You want a fast, independent look at where you stand.

Then Vulnerability Assessment

If You have existing policies and need an honest outside review.

Then Security Program Review

If You're worried about human error and want to measure it.

Then Phishing Simulation

Still not sure? Book a free 30-minute call and I'll tell you honestly.

Assessment

Fast, pragmatic checks of your current posture.

Phishing Simulation

A controlled phishing campaign that measures how your team actually responds when it counts, paired with awareness training tailored to the specific weaknesses the campaign reveals. Your leadership receives an executive summary they can act on, and your staff finishes the engagement better prepared for the next real attempt because the training meets them where they are.

Includes

  • Custom phishing templates
  • Click and credential capture metrics
  • Awareness training guidance
  • Executive summary
  • Debrief call

Ideal for

Organizations that want to measure and improve employee security awareness, especially those in regulated industries or those that have already experienced a phishing incident and want to make sure it does not happen again.

Price range

$400 to $900

Typical duration

1 day setup, 1 to 2 week campaign

Get a quote

Vulnerability Assessment

A current, honest technical read on where your systems are exposed, combining automated scanning with hands-on analysis from a credentialed practitioner who reviews every finding personally. You receive a prioritized list of issues with severity scores and clear guidance on what to address first, so your IT team or managed service provider can act on the results without guessing or chasing false positives.

Includes

  • Automated and manual scanning
  • CVSS-scored findings
  • Prioritized remediation roadmap
  • Executive summary
  • 30-minute debrief call

Ideal for

Organizations new to security assessments, those working under time or budget constraints, and companies preparing for a deeper engagement who want a baseline read before they commit to one.

Price range

$500 to $1,500

Typical duration

1 to 2 days

Get a quote

Security Program Review

An independent, credentialed review of the security program you have in place today, measured against the framework that best fits your business (NIST CSF, CIS Controls, or SP 800-53). The deliverable is a written gap analysis paired with a prioritized roadmap your team can execute against, whether you are tightening up an existing program or building one out for the first time.

Includes

  • Policy and procedure review
  • Control gap analysis
  • NIST CSF / CIS Controls / SP 800-53 mapping
  • Written gap analysis
  • Prioritized remediation roadmap

Ideal for

Organizations with an existing security program that want a credentialed outside review, and those building out their first program who want it built correctly from the start.

Price range

$800 to $2,000

Typical duration

2 to 3 days

Get a quote

Security Posture Snapshot

A focused two-hour walkthrough of your environment paired with a five-page findings report that names your top three risks, the regulatory or insurance pressures that apply, and a prioritized next-step roadmap. The Snapshot is the right starting point for a business that wants an honest outside read on the current security posture before committing to a larger engagement.

Includes

  • 30-minute discovery call
  • Two-hour remote walkthrough
  • Five-page executive-friendly findings report
  • Top three risks named with what to do about each
  • Regulatory and insurance landscape relevant to the business
  • Prioritized next-step roadmap
  • 30-minute debrief call

Ideal for

Owners and operators that want a fast, credentialed read on their current security posture before scoping a larger engagement.

Price range

$997 fixed

Typical duration

5 business days

Get a quote

Compliance

Regulator-ready, audit-grade deliverables.

HIPAA Security Risk Analysis

Most requested

Every covered entity and business associate is required to keep a current Security Risk Analysis on file, and this engagement delivers yours in language clear enough for your leadership to act on the findings without needing a translator. The completed SRA stands up to OCR review, satisfies cyber insurance renewal requests, and leaves you knowing exactly what your top risks are and what to do about each one.

Includes

  • ePHI asset identification
  • Threat and vulnerability pair analysis
  • Likelihood and impact ratings
  • HHS-compliant written SRA report
  • Prioritized remediation roadmap
  • Debrief call

Ideal for

Healthcare covered entities (medical practices, dental offices, clinics) and business associates that need a documented, defensible SRA on file for regulatory review, a cyber insurance renewal, or a vendor compliance request.

Price range

$1,500 to $3,500

Typical duration

3 to 4 days

Get a quote

NIST RMF Security Controls Assessment

If your organization is moving toward NIST RMF compliance, this assessment gives you a structured, credentialed read on where your controls actually stand against SP 800-53 and which gaps to address first. The deliverable is a written report your leadership can hand to an auditor, an investor, or a board, with the kind of clarity that makes the next conversation easier instead of harder.

Includes

  • System characterization
  • Control gap analysis (SP 800-53)
  • Risk rating per control family
  • Written findings report
  • Prioritized remediation roadmap

Ideal for

Healthcare organizations, financial services firms, and compliance-driven businesses that want a structured, NIST-aligned look at where their security controls stand and a clear order of operations for closing any gaps.

Price range

$2,500 to $6,000

Typical duration

1 to 2 weeks

Get a quote

Strategy

Bringing AI into a regulated practice, securely.

AI Readiness and Governance Starter

New

AI is moving into your practice whether you sanction it or not, and the question is whether your team has the policies, training, and risk visibility to adopt it confidently without putting patient data or your regulatory standing at risk. This four-week engagement gives you everything you need to use AI well from day one, with clear answers on what to use, how to use it, and what to do when something goes wrong.

Includes

  • Shadow AI inventory and HIPAA-aware risk assessment of current exposure
  • Approved Tools shortlist with vendor evaluations and BAA review
  • AI Acceptable Use Policy and data classification guidance, tailored to your practice
  • Incident Response addendum covering AI scenarios
  • Live staff training session, recorded for new hires, plus a quick-reference card
  • Vendor recommendation and contract review for your first AI tool
  • 60-minute readout with your team, plus 2 weeks of email Q&A after handoff

Ideal for

Practices in regulated industries (healthcare, behavioral health, dental, legal) that are bringing AI into patient communication, operations, or clinical workflow and want to do it responsibly from the start.

Price range

From $4,800 fixed

Typical duration

4 weeks calendar

Get a quote

Every engagement

What you always get, no matter the service.

  • Scoped written proposal before work begins
  • A single point of contact. Me.
  • Executive summary readable by non-technical leadership
  • Prioritized remediation roadmap
  • 30-minute debrief call to walk through findings

Pricing philosophy

From a published range to a fixed quote in one discovery call.

The lower end of each range reflects engagements with a tighter scope or a more straightforward environment, while the upper end reflects larger scope, more complex environments, or tighter timelines.

After the 30-minute discovery call, you receive a written proposal with a fixed price and a clear scope statement that locks the engagement before any work begins.

Book a call

A focused 30-minute discovery call.