Security advisory.
Retained security leadership for SaaS, fintech, and technical-founder teams. AppSec programme build, threat modelling, and code review.
Für wen es ist
SaaS, Fintech, technische Gründer.
Series Seed through Series B, twenty to two hundred engineers, no full-time security leader yet. Enterprise prospects asking pointed security questions. A security incident the board now asks about every quarter.
If you already have a CISO, this works as a wing-mate for the appsec side — code reviews, threat modelling, programme reviews, vendor selection. Reporting lines stay where they are.
Im Lieferumfang
Retained-Stunden, Programm-Aufbau, Audit-Vorbereitung.
Retained-Stunden
A fixed block per month for code review, threat models, design review, on-call backup. Hours roll between months within the quarter.
Programm-Aufbau
Secure SDLC, code review process, vulnerability management, on-call rotation, incident response runbook. Built around the engineers you have today.
Vendor- & Schwachstellenmanagement
Security review of critical SaaS vendors before you onboard them. Vulnerability triage and prioritisation across your stack. Patch hygiene baked into the engineering cadence.
Hiring-Backup
When you're ready for your first security hire I help you pick the role and interview. Until then, you have a senior practitioner in the seat.
Rhythmus
Retained, on call.
Regular calls with your engineering and trust leads, async access in between, and a written review of the risk register and roadmap each quarter.
Retained advisory.
Tell me your stage, team size, and the audit on the horizon. I'll come back with a retainer shape that fits.