Accepting new engagements

Senior security expertise, without the enterprise overhead.

MERA Security is a cybersecurity and compliance practice serving small and mid-sized businesses across the United States. From vCISO retainers to incident response, we bring the rigor of an enterprise security program to companies that actually need it — without the overhead, the jargon, or the six-month sales cycle.

Schedule a discovery call Explore services

Fixed Scope M365 Security Review — $2,500, results in 2 weeks →

Frameworks & Platforms

HIPAA

CJIS

CMMC 2.0

NIST CSF

SOC 2

M365

SentinelOne

What we do

Security work, productized.

Clear scope. Transparent pricing. Real outcomes. No retainer roulette, no surprise invoices.

01 · Retainer

Your Security Leader, On Retainer

Executive-level security leadership without the full-time hire. Strategy, risk reporting, and board-ready documentation — delivered monthly.

From $1,500 / month

Learn more →

02 · Compliance

Pass Your Next Compliance Audit

HIPAA, CJIS, CMMC Level 2 — from gap assessment through audit day. Built for organizations with a real deadline, not a wish list.

From $3,500 / engagement

Learn more →

03 · Microsoft 365

Lock Down Your Microsoft Tenant

Conditional Access, audit logging, identity protection, and tenant baselining in two weeks. Most M365 environments have gaps they don't know about.

From $2,500 / engagement

Learn more →

04 · Incident Response

Something Went Wrong. We're Here.

Forensic timeline reconstruction, containment, eradication, and an insurance-ready written report. Same-day availability for retainer clients.

$200 / hour, retainer available

Learn more →

Who we serve

Built for the middle.

Too big for break-fix IT. Too small for a Big Four engagement. We sit exactly where most SMBs live.

— 01

Healthcare

Practices, clinics, and ambulatory services managing PHI under HIPAA.

HIPAA HITRUST

— 02

Government & LE

Municipal agencies and law enforcement subject to CJIS and state mandates.

CJIS NIST

— 03

Defense Supply

Manufacturers and contractors approaching CMMC Level 2 certification.

CMMC 2.0 NIST 800-171

— 04

Professional Services

Legal, financial, and consulting firms with sensitive client data.

SOC 2 ISO 27001

Our approach

"Security shouldn't feel like theater. It should feel like infrastructure."

Richard Cugini

Founder & Principal

PRINCIPLE 01

Pricing visible. Scope clear.

Every engagement has a defined scope, a fixed or transparent price, and a written deliverable. No hourly black boxes. No surprise invoices. No scope creep dressed up as "discovery."

PRINCIPLE 02

One practitioner, one client.

No junior staff cutting their teeth on your environment. The senior practitioner who scoped your engagement is the one doing the work. That's the deal.

PRINCIPLE 03

Documentation as deliverable.

If we did the work but you can't show it to an auditor, insurer, or board, we didn't finish the job. Every engagement ends with documentation your team actually owns.

PRINCIPLE 04

Right-sized, not down-sized.

We bring senior-level thinking calibrated to SMB realities. Not enterprise frameworks force-fit onto small teams.

Get in touch

Let's talk about what you're protecting.

Free 30-minute discovery call. No pitch deck. No commitment. Just a conversation about where you are and where you need to be.

Email rcugini@merasec.com Phone (856) 300-0980