Security advisory.
Retained security leadership for SaaS, fintech, and technical-founder teams. AppSec programme build, threat modelling, and code review.
Pour qui
SaaS, fintech, fondateurs techniques.
Series Seed through Series B, twenty to two hundred engineers, no full-time security leader yet. Enterprise prospects asking pointed security questions. A security incident the board now asks about every quarter.
If you already have a CISO, this works as a wing-mate for the appsec side — code reviews, threat modelling, programme reviews, vendor selection. Reporting lines stay where they are.
Inclus
Heures sous retainer, construction de programme, préparation à l’audit.
Heures sous retainer
A fixed block per month for code review, threat models, design review, on-call backup. Hours roll between months within the quarter.
Construction de programme
Secure SDLC, code review process, vulnerability management, on-call rotation, incident response runbook. Built around the engineers you have today.
Gestion des fournisseurs et des vulnérabilités
Security review of critical SaaS vendors before you onboard them. Vulnerability triage and prioritisation across your stack. Patch hygiene baked into the engineering cadence.
Soutien au recrutement
When you're ready for your first security hire I help you pick the role and interview. Until then, you have a senior practitioner in the seat.
Cadence
Retained, on call.
Regular calls with your engineering and trust leads, async access in between, and a written review of the risk register and roadmap each quarter.
Retained advisory.
Tell me your stage, team size, and the audit on the horizon. I'll come back with a retainer shape that fits.