Pricing
Published anchors for the bounded work.
We publish starting prices for clean, repeatable offers and keep messy, multi-framework work scoped. No surprise quotes for the standard path.
Retainers
Security leadership, monthly.
| Plan | Price |
|---|---|
| Startup Security | from $2,000/mo |
| Core Security | from $4,000/mo |
| Growth / Multi-Framework | from $7,500/mo |
| Regulated / Heavy Execution | from $12,000/mo |
| Interim CISO (bridge, defined term) | from $18,000/mo |
Projects & sprints
Scoped work.
| Offer | Price |
|---|---|
| Compliance Scoping (credited) | from $2,500 |
| Compliance Readiness Package | from $12,000 |
| Ongoing Compliance (in vCISO retainer) | from $4,000/mo |
| Security Engineering Sprint | from $8,000/week |
| Security Engineering (embedded team) | from $20,000/mo |
| Fraud / Abuse Review | $5,000–$12,000 |
| Incident Response | $10,000 min · $350–$500/hr |
| Secure AI Transformation Discovery | from $5,000 |
| AI / Software Build Sprint | from $12,000/week |
| Engineering (embedded build team) | $12,000–$25,000/week |
Compliance covers SOC 2, ISO 27001, HIPAA, PCI, CMMC, and global privacy, see the compliance hub. Most audits also expect a technical test, run by DeepExploit ($3,500). Annual plans may include one annual Audit Security Test, subject to scope.
Want a number for your situation?
Most of the standard path is published above. For anything messy or multi-framework, a short call gets you a real scope.