A monthly retainer for teams who want senior security guidance without hiring a full-time security engineer. The right shape for most Series A–B companies.
What’s included
- Fractional CISO — a named senior practitioner who attends your weekly security/eng review and answers Slack
- Threat modeling — quarterly half-day sessions to map what you’re shipping against what attackers want
- Architecture review — every major system gets a read before it ships
- SDLC integration — we set up the linters, the dependency scanning, the secret-detection in your CI, and tune them so they don’t get ignored
- Incident retainer — on-call coverage for the first 24 hours of any declared incident; we then hand off to a forensics partner
How it works
Eight hours/week, billed monthly. We don’t track hours within the month — this isn’t an agency.
You get a single Slack channel, a recurring weekly meeting, and a named lead. The work is not delegated to a junior — your principal is your principal.
When this is the wrong fit
- You’re pre-revenue and don’t have an engineering team yet — you don’t need us
- You’re a regulated F500 with a CISO already — we’re a vendor at that scale, not an embedded team
- You’re shopping for a logo to put on the website without real engagement — we’ll find each other a poor fit
// the practical answer
We typically work alongside an internal security lead at companies between
30 and 300 engineers. If that’s roughly you, let’s talk.