Loading…
Numbers are indicative; every engagement is scoped after a short discovery. We’d rather under-promise and over-deliver.
Two-week fixed-price burst for a single, clearly defined outcome.
$15k–$25k · 2 weeks fixed
Fixed scope delivery with milestones, demos, and a clean handoff.
From $18k · typical 4–10 weeks
Embedded capacity for roadmap execution across web, AI, and cloud.
Monthly · 2+ day/week minimum
Targeted audits, designs, and proof-of-concepts when you need signal fast.
Time & materials · flexible
When you already know what you need, skip the discovery and buy the outcome. Each package is shaped around a recurring request we get.
$2k one-off · or $1.5k/mo
Findings ranked by savings vs. risk, with concrete tickets your team can ship—not a PDF.
Buy this package$5k / quarter
Threat-model refresh, IAM diff, dependency posture, and remediations scheduled with you.
Buy this packageFrom $9k · 1–2 weeks
Self-host your Next.js (standalone Docker) on ECS/Fargate behind ALB, with CI/CD, secrets, and observability.
Scope this packageFrom $12k · 2 weeks
LibreChat or OpenWebUI plus Ollama (or hosted LLMs) deployed inside your AWS, with SSO and audit logs.
Scope this package$15k · 2 weeks
OpenAPI-first Python or Express service, tests, docs, and deploy to your AWS in two weeks.
Scope this packageFrom $22k · 3–4 weeks
GuardDuty + Security Hub deployed across your AWS Organization, IAM hardening, central audit logging, and Terraform modules your team owns.
Scope this packageFrom $35k · 3–6 months
End-to-end ISMS: policy framework, risk assessment, control ownership, evidence management, and audit chaperoning through certification.
Scope this packageFrom $40k · ~2 months · 20 log sources
Google SecOps SIEM/SOAR stood up across cloud, identity, endpoint and SaaS telemetry, with detection logic, enrichment, playbooks, escalation paths, and SLA definitions.
Scope this packageFrom $4.5k/mo
Part-time CISO for senior stakeholders: governance, risk, vendor reviews, control ownership, and security advisory across cloud, identity, endpoint, and SaaS.
Scope this packageYes—when there’s a clear problem, decision-maker access, and a path to production. We’re selective about engagements that can’t ship.
We are a distributed team and work async-first. Synchronous overlap is agreed per engagement so coverage adapts to your timezone, not the other way around.
Productized packages are payable by card via Stripe Checkout. Project and retainer engagements are invoiced (Stripe Invoicing or international wire) in USD by default; AUD with 10% GST is available on request. We support multi-currency settlement (USD / AUD / EUR / GBP / CNY) for clients who prefer it.
We sign NDAs as needed, keep secrets out of prompts/logs by default, and can align to your vendor security process.
Common pattern: dedicated roles, least privilege, IaC in your repos, and auditable change management.
Yes—advisory (threat models, architecture reviews, AWS account hardening) and hands-on remediation. We close findings in the same engagement instead of handing them back as a homework PDF.
Yes. Standalone Docker on ECS/Fargate behind ALB, with CI/CD to ECR and observability wired up. Useful when you need data residency, single-tenant control, or predictable monthly cost.
Senior practitioners; our effective rate aligns with the $150–$400/hr market range for boutique studios. We prefer fixed Sprint or Project pricing so cost is clear before we start.
Prices in USD and indicative. Productized packages are payable by card via Stripe Checkout; projects and retainers are invoiced (Stripe Invoicing or international wire). Multi-currency settlement available. Engagements are contracted via Base66; default terms net 14. See our terms for the full schedule.