Services About Insights Book Assessment
Home / Services

How We Work With You

Security leadership and advisory services built for FinTech and crypto companies at inflection points — from Seed-stage readiness to public-company governance.

Your CISO, without the $350K salary

Most Seed–Series B companies need security leadership. Few can justify a full-time CISO at $275K–$450K + equity + benefits. A fractional CISO gives you access to the same strategic judgment at 25–40% of the cost.

This is not a consultant who drops in quarterly to review a dashboard. This is ongoing ownership of your security program.

What's included:

  • 20–32 hours/month (typically 2–3 days/week)
  • Weekly 1:1 with CEO/CTO
  • Monthly board/security committee reporting
  • Incident response leadership and tabletop exercises
  • Audit and compliance program management (SOC 2, PCI, NYDFS)
  • Security team hiring and vendor oversight
  • Regulatory relationship management
  • AI governance oversight and policy review

Investment:

Tier Hours Scope Investment
Core 20 hrs/mo Single compliance framework $10,000/mo
Growth 28 hrs/mo Multi-framework (e.g., SOC 2 + PCI) $12,500/mo
Scale 32 hrs/mo Public company readiness or multi-state regulatory $15,000/mo

6-month minimum, then month-to-month.

Who this is for:

  • Companies with 20–150 employees and one or zero security hires
  • CEOs who need a CISO in board meetings and investor calls
  • Companies with a compliance deadline 90–180 days out
  • Organizations where a failed audit or delayed diligence would cost more than the retainer

Who this is not for:

  • Companies looking for a tool implementer or pen tester
  • Organizations that need 24/7 SOC operations (we'll help you find an MSSP)
  • Founders who want security theater, not security governance
Book a Free Assessment

From "we have a policy" to "we're ready for diligence"

A 90–120 day project to build a security and compliance program that passes investor scrutiny and external audit. Not a checkbox exercise — a real program with policies, controls, evidence, and governance that scales.

Deliverables:

  • Security policies and procedures tailored to your business, not templates
  • Risk assessment and treatment plan
  • SOC 2 Type I/II roadmap and audit prep (including auditor selection guidance)
  • PCI DSS gap analysis and remediation plan (if applicable)
  • Vendor/third-party risk framework
  • Board/investor-ready security summary
  • 2 months post-audit advisory (included)

Investment:

$20,000–$30,000 (fixed fee, milestone-based billing)

  • 30% kickoff
  • 40% at midpoint (policies + controls drafted)
  • 30% at completion
The Red Flag

SOC 2 readiness projects from Big 4 firms run $40K–$80K. We deliver faster, with more operator credibility, and without the junior staff rotation.

Book a Free Assessment

Get ahead of AI regulation before it gets ahead of you

Boards and investors are starting to ask about AI risk. Regulators are 12–18 months behind. The companies that build governance now will have a strategic advantage when the rules arrive.

Deliverables:

  • AI risk assessment and inventory
  • AI governance policy and acceptable use standards
  • Model validation and monitoring framework
  • Third-party AI vendor due diligence process
  • Board reporting template for AI risks
  • Integration with existing security and compliance programs

Investment:

$12,000–$18,000 (fixed fee)

Book a Free Assessment

Security expertise for your highest-stakes moments

High-intensity, time-bounded support for M&A transactions, fundraising rounds, or SPAC processes where security is a diligence workstream.

Scope:

  • Security diligence questionnaire (DDQ) response
  • Management presentation on security posture
  • Gap remediation against buyer/investor requirements
  • Regulatory and compliance documentation review
  • Board and investor call participation
  • Post-close security integration planning (if M&A)

Investment:

Scenario Investment
Fundraising diligence (Series A/B) $25,000
M&A sell-side support $35,000
Public offering / SPAC security workstream $40,000
Book a Free Assessment

CISO-level guidance at the scale of a growing company

Not every company is ready for a $10,000/month retainer. But that doesn't mean you should figure out security and compliance alone.

Security Office Hours is a small group advisory membership for CEOs, COOs, and CFOs at FinTech and crypto companies who need access to CISO-level judgment without the full retainer commitment.

What's included:

  • 2 group advisory calls per month (90 minutes each): 1 open Q&A, 1 deep-dive topic (e.g., "NYDFS Part 500 changes," "How to read your SOC 2 report")
  • Private member community (Slack): Ask questions, share challenges, get feedback between calls
  • Monthly security briefing memo: Regulatory updates, breach analysis, investor diligence trends
  • Access to the Operator's Vault: Policy templates, board decks, vendor DDQs, tabletop guides, compliance roadmaps

Who this is for:

  • Companies with 10–50 employees that need security direction but not full-time leadership
  • Founders who want to get smart on security before their Series A
  • CFOs and COOs who suddenly own compliance and need a sounding board
  • Companies between projects that need maintenance-level guidance

Who this is not for:

  • Companies with an active security incident (you need a retainer, not a group call)
  • Organizations that need hands-on control implementation (this is advisory, not consulting)
  • Anyone looking for a substitute for legal or audit advice

Investment:

$995/month, per company

Important: We cap membership at 10 companies. This ensures every member gets attention and keeps the calls high-signal.

How to join:

We don't use a shopping cart. Every applicant is reviewed to ensure the group stays relevant and valuable.

Apply for Security Office Hours