Security Programs

Programs That Grow
With Your Business.

vCISO-led security programs for different stages of maturity. Every program includes a named advisor, documented deliverables, and a clear path to your next level of readiness.

$0K+
Average full-time CISO salary. These programs deliver the advisory layer at a fraction of that cost.
0%
Lower breach costs for organizations with a tested incident response plan in place.
0%
of SMBs fear a serious cyberattack could put them out of business.
Early-Stage

Sentinel

Your secure starting point.

For founder-led businesses making their first real security investment. A named advisor, a documented foundation, and the touchpoints that keep a small business protected and ready.

$750 / month
+ $1,500 one-time onboarding
$10,500 Year One$9,000 Ongoing / yr

Onboarding (~30 Days)

Completed before the retainer begins. Establishes the baseline everything else is built on.

  • Environment assessment (Microsoft 365 or Google Workspace)
  • Email authentication review (SPF, DKIM, DMARC)
  • Access control and admin account review
  • 5 foundational policies (3 core + 2 you choose from 10 options)
  • Cyber insurance baseline controls checklist
  • Vendor security questionnaire template responses
  • Findings summary with prioritized action list

Ongoing Retainer

  • Quarterly security posture check-in (60 min) with findings summary
  • Monthly email update on posture, changes, and next steps
  • Annual phishing simulation and security awareness training
  • Cyber insurance readiness review (annual)
  • "First Response" incident checklist for immediate action
  • Ad-hoc security questions via email, no hard cap

Most Sentinel clients grow into Guardian within 12-18 months, usually when a compliance requirement appears or a customer asks for documentation the current program doesn't cover.

Growing

Guardian

A proactive security program that grows with your business.

For businesses where security is affecting deals, audits, and leadership conversations. Guardian delivers a named advisor, a maintained roadmap, and the program infrastructure that moves security from reactive to strategic.

$2,500 / month
$3,500/mo for first 90 days (program build-out)
$33,000 Year One$30,000 Ongoing / yr

First 90 Days

The elevated first-quarter rate covers the program build-out. Everything below is delivered and operational by Day 90.

Day 30
Environment assessment complete. Initial risk register populated. Policy gap analysis delivered.
Day 60
12-month security roadmap delivered. Compliance framework selected and gap assessment begun.
Day 90
Incident Response Plan delivered. Emergency contact protocol complete. Program fully operational.

What's Included

Program Leadership

  • Monthly advisory session (90 min) with documented action register
  • 12-month security roadmap, updated quarterly
  • Risk register maintained, prioritized, and tracked monthly
  • Quarterly Leadership Security Summary for stakeholders
  • Vendor security review (up to 2 per quarter)

Compliance, IR, and Awareness

  • One active compliance framework (SOC 2, HIPAA, or PCI-DSS)
  • 8-10 core security policies developed over the engagement
  • IR plan built in first 90 days, maintained ongoing
  • Phishing simulations 2x/year with campaign analytics
  • Everything in Sentinel, carried forward

Guardian clients typically grow into Archon when executive protection becomes a priority, a second compliance framework is needed, or leadership wants dedicated vCISO time beyond 8 hours/month.

High-Stakes

Archon

Leadership-grade security for high-visibility operations.

For businesses where the founder, leadership team, or client relationships create elevated risk. Archon delivers dedicated vCISO-level engagement, executive protection, and the highest-touch governance model Phylaxion offers.

$8,000 / month
$10,000/mo for first 90 days (program build-out)
$102,000 Year One$96,000 Ongoing / yr

First 90 Days

Full Archon program build-out including executive protection baseline, MDR/SIEM coordination setup, and security testing oversight framework.

Day 30
Environment assessment. Executive protection baseline. Initial risk register. MDR/SOC vendor engagement initiated.
Day 60
12-month roadmap delivered. Compliance framework(s) selected. SIEM coordination protocol established.
Day 90
IR plan delivered. Tabletop exercise scheduled. Escalation runbook complete. Program fully operational.

What's Included

Dedicated vCISO

  • 20 hours/month of dedicated security leadership time
  • Same-day priority access for urgent questions
  • Leadership and investor meeting participation (up to 2x/quarter)
  • Executive digital protection: device hardening, account security, travel briefings
  • Monthly threat intelligence briefing

Governance and Response

  • Up to 2 active compliance frameworks with audit support
  • Security testing oversight: scope review, findings translation, remediation tracking
  • MDR/SOC coordination and SIEM alert tuning (up to 2 hrs/mo)
  • IR coordination support: 2 incidents/year, up to 8 hours each
  • 2 facilitated tabletop exercises per year
  • Quarterly phishing simulations with role-based targeting
  • Everything in Guardian, carried forward

Archon is custom scoped. A second compliance framework adds $1,000-$1,500/mo. Active SIEM coordination adds $1,000-$1,500/mo. Fully loaded environments typically run $10,000-$11,000/mo at steady state.

Compare Programs

Side-by-Side Comparison

SentinelYour secure starting point$750/mo + $1,500 onboardingGuardianA proactive security program$3,500/mo → $2,500/moMost PopularArchonLeadership-grade security$10,000/mo → $8,000/mo
Advisory Hours / Month~2-3 hrs8 hrs20 hrs
Advisory CadenceQuarterly (60 min)Monthly (90 min)Monthly + priority access
Named AdvisorFoundationalActive, namedDedicated executive
Security Roadmap12-month, quarterly updates12-month, vCISO-led
Risk RegisterMonthly maintenanceMonthly maintenance
Policy Library5 policies (3+2)8-10 core policiesFull library
ComplianceChecklist only1 framework (2 hrs/mo)Up to 2 + audit support
Incident ResponseFirst Response checklistFull IR plan, maintainedPlan + exercises + IR support
Tabletop ExercisesAdd-on ($4K-$6K)2x/year included
Phishing Simulations1x/year2x/yearQuarterly
Leadership MeetingsUp to 2x/quarter
Executive ProtectionIncluded
Testing OversightIncluded
MDR/SOC Coordination2 hrs/mo included
Incident Response Support2 incidents/yr, 8 hrs each
Onboarding$1,500 one-time$3,500/mo (months 1-3)$10,000/mo (months 1-3)
Monthly (Steady State)$750/mo$2,500/mo$8,000/mo
Year One Total~$10,500~$33,000~$102,000
Add-On & Project Services

Standalone Engagements

Available across all tiers and as standalone project engagements. Clients in an active advisory tier receive project and add-on work at reduced rates reflecting the existing relationship.

Recommended Entry Point
Initial Security Risk Assessment
Organization-wide posture review across ten domains mapped to NIST CSF 2.0. Current state report, risk register, remediation plan, and cyber insurance gap analysis.
$4,500-$10,000
Technical Deep Dive
Security Architecture Review
Focused technical review of system design, trust boundaries, and structural vulnerabilities across any stack and any cloud environment.
$5,000-$14,000
Compliance Gap Assessment
Single framework: SOC 2, HIPAA, or PCI-DSS. Gap analysis, controls mapping, and remediation guidance.
$3,500-$8,000
Policy Library Creation
10-20 core security policies written for your actual business, not a generic template library.
$2,500-$6,000
Security Program Roadmap
Standalone 12-month prioritized security roadmap. Grounded in your environment, sequenced by risk and cost.
$5,000-$12,000
Tabletop Exercise
Custom scenario selection, plan review, facilitation, and post-exercise report with prioritized remediation findings.
$4,000-$6,000/session
Incident Response Retainer
Priority response SLA. Ensures Phylaxion is available with current context if an incident occurs.
$2,000-$4,000/year
Phishing/Training Campaign
Enhanced per-employee role-based phishing simulation and training curriculum.
$1,500-$3,000/year
Executive Digital Protection
Standalone principal security advisory for high-profile individuals not on the Archon tier.
$1,500-$3,500/month
Security Testing Oversight
Scope review, findings translation, and remediation accountability for a single third-party assessment engagement.
Starting at $2,500
New Business Security Setup
Fixed-scope, ~30-day project. Microsoft 365 or Google Workspace security baseline.
Starting at $3,000
Data Privacy Advisory
Privacy law applicability assessment, data mapping, and policy review.
Starting at $3,500
Vendor Risk Management
Individual vendor assessments. Quarterly vendor review program available.
Starting at $1,500/vendor
M&A Security Due Diligence
Acquirer or target assessment, pre-diligence preparation, and findings translation.
$8,000-$15,000
Engagement Terms

How Engagements Work

  • All programs are advisory and governance engagements. Managed IT services (platform administration, identity management, endpoint oversight) are available separately and can be layered on top of any tier.
  • Engagements are month-to-month after an initial 3-month commitment.
  • Tool and platform licensing is always separate. Clients may purchase independently or engage Phylaxion to procure and manage on their behalf.
  • The Initial Security Risk Assessment is recommended before or at the start of any engagement. It establishes the baseline and ensures the roadmap reflects your actual environment.
  • Clients upgrading between tiers receive a reduced onboarding rate reflecting work already completed.
  • Pricing is a fixed monthly retainer. No hourly billing, no surprise invoices.
Get Started

Not Sure Where
to Start?

Most clients begin with a short conversation about their environment, their risk, and what matters most right now. No slides, no pitch deck.

Start the ConversationView All Services