Services & Pricing

Transparent pricing. Senior execution.

Service products designed to match where your company is and what's driving urgency. Every engagement is scoped precisely with no retainer-for-retainer's-sake.

Security Program Maturity Review·$350Fractional CISO Retainer·$8,500/moSOC 2 / ISO Sprint·$18–25KAI Security Governance·$12–18KIR Planning & Tabletop·$8.5–12KHourly Advisory·$350/hrBoard / Fractional Advisor·$3,000/mo
Start Here

Security Program Maturity Review

Not sure where to start? This is the answer.

A structured review of your existing security program against a defined maturity framework. We work through a checklist together, score where you are today, and identify your highest-priority gaps. The written findings tell you exactly where you stand and what to address first. For many companies, this review reveals that a broader security program overhaul is the right next step and this engagement is how we scope it accurately.

$350
1-hour session + written findings
One-time

Fee applies in full toward any retainer or sprint engagement signed within 30 days.

What's Included

  • Structured session working through a security program maturity checklist across key control domains
  • Review of any existing policies, assessments, or audit reports shared in advance
  • Maturity scoring across each domain: where you are today vs. where you need to be
  • Written Security Program Maturity Report delivered within 2 business days

Deliverables

  • Written Security Program Maturity Report (3–5 pages): key findings, prioritized gaps, recommended next steps
  • Honest assessment of whether a larger engagement would add value and if needed, which one fits your situation
  • A path forward that guides next steps in reaching your organizational security goals
Best For
Companies that have some security measures in place but aren't sure if they're adequate. CEOs, COOs, or CTOs who want an independent, structured read on their security program before committing to an ongoing engagement. Companies preparing for investor due diligence, a first enterprise customer security questionnaire, or an upcoming audit. Organizations that may need a full security program overhaul but want to scope the work before committing to a broader engagement.
Book a Security Program Maturity ReviewFull Details
Anchor Service

Fractional CISO Retainer

Ongoing security program leadership for technology companies that need a senior security executive — without the $300K full-time commitment.

$8,500/month
~20 hours/month
Recommended engagement: 3 months minimum then month-to-month

What's Included

  • Monthly security program status review and roadmap update
  • Risk register review and prioritization
  • Quarterly board or executive security reporting
  • Security policy and procedure development
  • Vendor security assessment and third-party risk management
  • Incident response advisory and on-call guidance
  • Compliance framework monitoring (SOC 2, ISO 27001, HIPAA, PCI DSS)
  • Up to 2 hours ad-hoc advisory included; additional at $350/hr

Deliverables

  • Written monthly security program status report
  • Updated risk register with prioritized action items
  • Executive security summary (board-ready on request)
Best For
Series A/B SaaS companies (50–200 employees) facing SOC 2, ISO 27001, or investor/board pressure. No in-house security leadership.
Discuss This EngagementFull Details
Fixed Scope

SOC 2 / ISO 27001 Readiness Sprint

Structured readiness program with a hard audit deadline. Four consecutive SOC 2 Type II audits with zero exceptions — across two different organizations.

$18,000–$25,000
Project-based
60–90 days

What's Included

  • Gap assessment against SOC 2 TSC or ISO 27001:2022 controls
  • Risk assessment and remediation roadmap
  • Policy and procedure development (all required domains)
  • Control design and documentation
  • Audit evidence collection setup
  • Auditor selection support
  • Pre-audit internal readiness walkthrough
  • Post-audit findings remediation support

Deliverables

  • Gap Analysis Report with prioritized remediation roadmap
  • Control Documentation Package
  • Audit Readiness Report + Evidence Package
Best For
Companies with a customer-driven audit deadline, first or second SOC 2 engagement, or ISO 27001 certification requirement.
Discuss This EngagementFull Details
High Demand 2026

AI Security Governance Framework

The EU AI Act is now in effect and only 6% of organizations have an advanced AI security strategy. This engagement builds your framework before enterprise customers or auditors demand it.

$12,000–$18,000
Project-based
30–45 days

What's Included

  • AI tool and use case inventory across the organization
  • Risk assessment against NIST AI RMF and EU AI Act requirements
  • AI Acceptable Use Policy development
  • Data governance controls for AI training and inference data
  • Vendor AI risk assessment framework and questionnaire
  • Executive and board briefing on AI risk posture
  • Alignment mapping to applicable regulatory frameworks

Deliverables

  • AI Use Case Registry
  • AI Acceptable Use Policy (draft, ready for legal review)
  • AI Risk Assessment Methodology
  • Vendor AI Security Assessment Questionnaire
  • Board-ready AI Risk Summary
Best For
Any technology company using AI tools across the organization — especially those with enterprise customers asking about AI governance.
Discuss This EngagementFull Details
Fixed Scope

Incident Response Planning & Tabletop Exercise

Cyber insurance now requires documented IR plans. This engagement builds the plan, assigns the roles, validates it with a live tabletop exercise, and delivers everything in 30 days or less.

$8,500–$12,000
Project-based
30 days

What's Included

  • Review or development of Incident Response Plan (NIST SP 800-61 aligned)
  • Role and responsibility matrix development
  • Communication templates (internal, customer, regulatory, media)
  • Tabletop exercise design (2–3 hours with key stakeholders)
  • Tabletop exercise facilitation
  • Post-exercise gap analysis

Deliverables

  • Complete Incident Response Plan
  • Role assignment matrix and contact directory
  • Communication templates package
  • Post-exercise findings report with prioritized action items
Best For
Companies renewing cyber insurance, facing an enterprise customer IR requirement, or that have never tested their incident response capabilities.
Discuss This EngagementFull Details
Low-Barrier Entry

Hourly Advisory

Senior security guidance when you need a specific question answered or a decision reviewed.

$350/hour
2-hour minimum blocks
On-demand

What's Included

  • Any security topic within scope of expertise
  • Written summary of recommendations upon request
  • Follow-up questions via email for 5 business days after session

Deliverables

  • Varies by engagement — discussed at booking
Best For
Companies that need targeted guidance without an ongoing commitment. Due diligence reviews, vendor assessments, policy reviews, security architecture questions.
Discuss This EngagementFull Details
Early Stage

Board / Fractional Advisor

Security credibility and governance for early-stage startups that need to answer investor and customer security questions and do not a full security program in place.

$3,000/month
~4 hours/month
Ongoing

What's Included

  • Monthly advisory session (2 hours)
  • Investor and customer security questionnaire support
  • Security roadmap for future compliance programs
  • Ad-hoc email advisory (reasonable scope)

Deliverables

  • Security posture summary for investor/board use
Best For
Pre-Series A or Seed-stage companies where investors are asking about security posture.
Discuss This EngagementFull Details