// Engagement

Pricing that scales with your risk profile.

Every tier is fixed-fee with a written scope. No surprise hourly billing, no retainer minimums you cannot use, and no procurement theater. Pick the level of engagement that matches where you are today.

Fixed feeWritten scopeNo long-term lock-inUS-based delivery

Baseline

TIER-01

A point-in-time security posture audit for teams that need a clear starting line.

From $4,800
one-time engagement
Best for
Teams 10 to 100 people, first formal security review.
SLA
Findings delivered within 10 business days.
Starts in
Kickoff within 5 business days of signature.
  • Identity and access review across SSO, email, and SaaS
  • Cloud posture scan for a single provider (AWS, Azure, or GCP)
  • External attack surface mapping and exposure inventory
  • Endpoint and MDM coverage review
  • Prioritized remediation roadmap with effort estimates
  • Read-out call with leadership and written executive summary
Scope a baseline
Most chosen

Vigilance

TIER-02

Continuous monitoring, quarterly tabletop exercises, and a security partner on retainer.

From $3,200
per month, billed monthly
Best for
Growing SMBs with regulatory pressure or active customer-security reviews.
SLA
Alert triage within 1 business hour during business days.
Starts in
Onboarding completed within 14 days.
  • Everything in Baseline, refreshed continuously
  • Continuous posture and credential monitoring
  • Monthly threat intelligence brief tailored to your stack
  • Quarterly tabletop exercises and after-action reports
  • Shared Slack or Teams channel with office hours
  • Incident triage and containment included
  • Vendor and customer security questionnaire support
Talk to security

Sentinel

TIER-03

Managed SOC capabilities and an incident response retainer for regulated industries.

Custom
annual partnership
Best for
Healthcare, fintech, and legal teams with audit obligations or board oversight.
SLA
24/7 alert triage with a 4-hour incident response SLA.
Starts in
Custom kickoff timeline, typically 30 days.
  • Everything in Vigilance, delivered around the clock
  • 24/7 alert triage and detection engineering
  • Incident response retainer with named responders
  • Compliance program ownership (SOC 2, HIPAA, PCI)
  • Quarterly executive and board briefings
  • Custom detections, playbooks, and purple-team exercises
  • Dedicated security advisor on retainer
Request a proposal

Indicative pricing for typical SMB environments (50 to 500 employees). Final scope depends on your stack, regulatory profile, and existing tooling.

// Compare tiers

A side-by-side look

FeatureBaselineVigilanceSentinel
Engagement modelOne-time auditMonthly retainerAnnual partnership
Posture monitoringPoint-in-timeContinuousContinuous + 24/7 SOC
Incident responseNot includedTriage includedNamed responders, 4h SLA
Compliance supportGap analysisProgram guidanceProgram ownership
Tabletop exercisesOptional add-onQuarterlyQuarterly + custom drills
Executive reportingRead-out callMonthly briefBoard-ready quarterly
Shared communicationEmail + callsSlack/Teams office hoursDedicated advisor

// Frequently asked

Pricing questions, answered

How does billing work?+

Baseline is a fixed-fee, one-time engagement billed at kickoff. Vigilance is billed monthly with a 90-day initial term and 30-day notice afterward. Sentinel is an annual agreement with quarterly invoicing.

Can I switch tiers later?+

Yes. Clients commonly start with a Baseline engagement and roll the credit into the first month of Vigilance. Upgrading to Sentinel mid-engagement is prorated.

Are there hidden fees?+

No. Every engagement is fixed-fee. Travel, third-party tooling, and out-of-scope incident hours are quoted in writing before any work begins.

Do you offer a free assessment?+

We offer a free 20-minute consultation to understand your environment and recommend a fit. All paid engagements start with a signed scope and statement of work.

What if I only need an incident response retainer?+

Standalone IR retainers are available under the Sentinel tier. Contact us to scope hours and SLA based on your environment.

// Add-on

Need a security leader, not just a program?

Layer a virtual CISO onto any tier for fractional security leadership, board reporting, and compliance program ownership.

Explore vCISO services