Patterns we deliver often

Eight project types you can ask us to scope.

SOC 2 readiness

End-to-end SOC 2 evidence preparation: control inventory, policy templates, access reviews, vendor risk, audit-log baselines, evidence packets. We work directly with your auditor + Vanta / Drata / Tugboat or equivalent.

Pro2 lead · Pro3 Master review · 6 – 12 weeks · fixed-fee after Discovery

Entra ID hardening

Tenant-wide identity hardening: privileged-role audit + Just-In-Time access, conditional access policy design, MFA enforcement, legacy-auth shutoff, sign-in risk policies, app-consent governance.

Pro2 / Pro3 Master · 2 – 6 weeks · fixed-fee

Cloudflare Zero Trust rollout

Replace VPN with identity-aware access: app catalog, access policies, device posture, browser-isolation, gateway DNS filtering, optional Tunnels for self-hosted apps.

Pro2 / Pro3 Master · 4 – 12 weeks · fixed-fee or T&M

M365 / Google Workspace tenant remediation

Tenant audit + remediation: identity hardening, SharePoint sharing surface, mail-flow rules, Teams policy, Defender configuration, audit-log retention. Often a precursor to SOC 2.

Pro2 lead · 3 – 8 weeks · fixed-fee

Acquisition-side IT diligence

Technology side of M&A diligence: tenant inventory, security posture, license stack, contract review, integration risk, day-1 / day-90 / day-365 plan. Confidential, fast, written.

Pro3 Master · 1 – 3 weeks · fixed-fee

Network architecture refresh

Office network redesign — switching, Wi-Fi, segmentation, firewall, VPN-replacement strategy, ISP redundancy. Documented diagrams and a phased implementation plan you keep.

Pro2 lead · Pro3 Master architecture review · 2 – 6 weeks · fixed-fee

SaaS-to-SaaS integration

Integrate two business systems that should be talking — CRM ↔ billing, identity ↔ HR, support ↔ engineering. Built on standard tooling (Workato, Zapier, native APIs) with documentation that survives the engagement.

Pro2 lead · 2 – 8 weeks · fixed-fee or T&M

Cyber-insurance underwriting representation

Sit opposite the underwriter on your behalf to defend the renewal posture. Translate your security controls into the language the underwriter scores against. Recommend remediation that materially moves the rate.

Pro3 Master · 1 – 3 weeks · fixed-fee

Education

How to brief us when you reach out.

What we need from you in 5 minutes

What you are trying to accomplish (the outcome, not the technology). What you have tried so far. What is at stake (timing, dollars, audit, customer commitment). Who the internal owner is. The rest we will uncover in Discovery.

Skip the prep — we handle it

Arrive without a perfect requirements document, a pre-selected vendor, or a pre-decided architecture. We will do the discovery work. If you bring a pre-decided architecture, we will review it on its merits and tell you what we find.

When fixed-fee vs. T&M

Fixed-fee where the scope is clear after Discovery and the variance is on us. T&M where scope intentionally evolves through execution (research, R&D-style work, the first roll of a pattern we will iterate together). Discovery's deliverable always says which shape we recommend and why.

When we will say no

When the work is outside our depth — bare-metal hardware engineering, custom on-prem infrastructure design, anything where we would be learning on your time. We will tell you this on the Discovery call, and where we can, we will point you to a partner who is the right fit.

Tell us what you are trying to do.

One conversation, one written plan within five business days. No commitment to engage.