My typical engagements are advisory retainers with the following focus areas:
- Crisis: Incident response advisory and referrals in the event of a breach.
- Risk: Advisory on risks and control prioritization.
- Organization: Bootstrap strategy, growth, first hires and leadership planning.
The contract is month-to-month. Pricing depends on client and expectations:
- $6k / Month: An asynchronous resource for early companies.
- $8k / Month: Needing onboarding work and regular check-ins.
- $12k / Month: For complex organizations.
My time will be retained for agreed upon meetings and projects. My day rate ($4k) applies after the retainer for mutually agreed upon projects or tasks.
My expectation is to be replaced when you have developed internal security resources, though I am happy to support teams afterward.
About Me
I have ~20 years of incident response leadership experience. My personal network includes security teams at major technology and cryptocurrency companies, forensic resources, legal and communications support, private investigative, and physical security contacts. Incident response can be organized quickly through this network, and we all rely on each other to keep the internet safe for everyone.
I've run, built, and operated security teams at technology companies as well as advised Engineering teams, Chief Security Officers, CEOs, and the White House. I'm a co-founder, advisor, and investor to several security startups in addition to my work with security teams.
I have deep experience in risks that tech companies face. This includes trust and safety, vulnerability disclosure, data breaches, attribution, investigations, and cryptocurrency.
Through my work I have either supported or directly commanded the response to some of the highest profile, most complex incidents in history.
I hope we can work together! If you have questions please let me know.