Productized security. Transparent pricing.

Five core offerings designed for small and mid-sized organizations. Every engagement has a defined scope, a fixed or transparent price, and documented deliverables.

SERVICE 01

Your Security Team, On Retainer

Executive-level security oversight for organizations that have outgrown break-fix IT but aren't ready for a full-time CISO. Strategic planning, risk reporting, vendor management, and incident escalation, all on a predictable monthly cadence.

Monthly security leadership meeting with executives or board
Quarterly risk register review and threat landscape briefing
Security policy authoring, review, and version control
Vendor security review for SaaS and critical contracts
On-call security escalation during business hours
Board-ready quarterly security report

SERVICE 02

Pass Your Next Compliance Audit

Full-scope readiness engagements for organizations facing a real compliance deadline. HIPAA Security Risk Assessments, CJIS audit preparation, and CMMC Level 2 readiness with documented evidence collection.

Framework gap analysis against current state
Policy authoring or remediation against control requirements
Evidence collection plan and documentation library
Remediation roadmap with prioritized action items
System Security Plan (SSP) authoring for CMMC engagements
Audit-ready deliverables you can hand directly to assessors

SERVICE 03

Lock Down Your Microsoft Tenant

Most M365 environments are wide open by default. Conditional Access misconfigurations, missing audit logs, weak identity protection, and forgotten guest accounts are the rule, not the exception. This engagement finds and closes those gaps in two weeks.

Conditional Access policy audit and remediation
Audit logging baseline (MailItemsAccessed, SignInLogs, etc.)
Identity Protection and risk-based policies
Guest user inventory and lifecycle controls
Privileged Identity Management (PIM) implementation
Documented baseline and ongoing monitoring recommendations

SERVICE 04

Something Went Wrong. We're Here.

Account compromise, phishing-driven breach, suspicious access patterns, or a request from your insurer. Hands-on forensic work, containment, and a written report your insurer and counsel can use.

Same-day engagement for active incidents
Forensic timeline reconstruction from sign-in and audit logs
Containment guidance and eradication support
Inbox rule discovery, persistence cleanup, MFA reset orchestration
Written incident report formatted for insurance and counsel
Post-incident hardening recommendations

SERVICE 05

Know Where You Stand

A fixed-scope, written assessment of your current security posture. Not a vulnerability scan. Not a pen test. A structured walkthrough of your environment with prioritized findings and a remediation roadmap.

Identity and access posture review (M365, Okta, or Google Workspace)
Endpoint, email, and network security configuration review
Backup, recovery, and business continuity walkthrough
Stakeholder interviews to understand process gaps
Written report with prioritized findings, executive summary, and roadmap
Findings review meeting with leadership

Pick the engagement that fits where you are.

Not sure which service makes sense for your situation? Here's how to think about it.

Engagement	When it fits	Cadence	Pricing
Security Leadership	You need ongoing security oversight and reporting	Monthly	$1,500+/mo
Compliance Readiness	You have a known deadline or audit on the calendar	Project	$3,500+
M365 Security Review	Your tenant has grown organically and needs a reset	Project	$2,500+
Incident Response	Something has gone wrong, right now	Hourly	$200/hr
Security Assessment	You don't know what you don't know	Project	$1,500+

Get in touch

Not sure which fits? Let's talk.

30 minutes, no pitch. We'll tell you which engagement matches where you are, or tell you that you don't need one yet.

Email rcugini@merasec.com Phone (856) 300-0980