Security advisory.
Retained security leadership for SaaS, fintech, and technical-founder teams. AppSec programme build, threat modelling, and code review.
Para quién es
SaaS, fintech, fundadores técnicos.
Series Seed through Series B, twenty to two hundred engineers, no full-time security leader yet. Enterprise prospects asking pointed security questions. A security incident the board now asks about every quarter.
If you already have a CISO, this works as a wing-mate for the appsec side — code reviews, threat modelling, programme reviews, vendor selection. Reporting lines stay where they are.
Incluido
Horas en retainer, construcción de programa, preparación de auditoría.
Horas en retainer
A fixed block per month for code review, threat models, design review, on-call backup. Hours roll between months within the quarter.
Construcción de programa
Secure SDLC, code review process, vulnerability management, on-call rotation, incident response runbook. Built around the engineers you have today.
Gestión de proveedores y vulnerabilidades
Security review of critical SaaS vendors before you onboard them. Vulnerability triage and prioritisation across your stack. Patch hygiene baked into the engineering cadence.
Apoyo de contratación
When you're ready for your first security hire I help you pick the role and interview. Until then, you have a senior practitioner in the seat.
Cadencia
Retained, on call.
Regular calls with your engineering and trust leads, async access in between, and a written review of the risk register and roadmap each quarter.
Retained advisory.
Tell me your stage, team size, and the audit on the horizon. I'll come back with a retainer shape that fits.