Engagement Packages
Independent Technology Advisory | Fractional CIO & CISO Services
Package Overview
| Tier | Hours/Mo | Monthly | Eff. Rate | Overage |
|---|---|---|---|---|
| Foundation | 5 | $1,500 | $300/hr | $275/hr |
| Standard | 10 | $2,750 | $275/hr | $275/hr |
| Advanced | 15 | $3,750 | $250/hr | $275/hr |
| Enterprise | 20 | $5,000 | $250/hr | $275/hr |
Overage Hours beyond the monthly allotment are billed at $275/hr.
Blocks of hours are available for purchase at the same hourly rates. 5 hours for $1500 - 10 hours for $2750 - 15+ hours $250 per hour.
Strategic Advisory Session
$500/month | 1 hour monthly governance check-in for organizations not yet ready for a full retainer engagement. Includes a standing monthly review with ownership or leadership to assess technology posture, flag risks, and provide directional guidance. Scope is limited to advisory discussion. Implementation, vendor coordination, and hands-on work are excluded.
Package Details
Foundation — $1,500/month | 5 hours/month
Ideal for: Small organizations (15–50 employees) — single-site clinics, small private schools, early-stage nonprofits with limited IT staff and growing compliance pressure.
Included services:
Monthly strategy and governance meeting with leadership
Technology budget review and vendor oversight
Baseline security posture assessment and recommendations
Policy review and gap identification (HIPAA, FERPA, or applicable framework)
MSP oversight and accountability check-ins
Ad hoc advisory via email between scheduled sessions
Standard — $2,750/month | 10 hours/month
Ideal for: Mid-small organizations (50–150 employees) — multi-site behavioral health organizations, mid-size private schools, community mental health centers with active regulatory obligations.
Included services:
All Foundation services, plus:
Active compliance program management (HIPAA Security Rule, FERPA/CIPA, PCI-DSS as applicable)
Qualitative risk assessment development and maintenance
Security policy lifecycle management (creation, review, update cadence)
Vendor risk evaluation and contract review support
Incident response planning and tabletop coordination
Quarterly risk and governance reporting to leadership or board
Advanced — $3,750/month | 15 hours/month
Ideal for: Mid-market organizations (75–200 employees) — growing multi-site healthcare or education organizations with increasing infrastructure complexity and audit exposure.
Included services:
All Standard services, plus:
Embedded governance leadership with regular cadence (bi-weekly or weekly)
Security architecture review and infrastructure design guidance
Identity and access management oversight (MFA, Conditional Access, FIDO2)
Log retention and SIEM strategy development
DNS/web content filtering and endpoint security program oversight
Technology team mentoring and capability development
Audit preparation and evidence gathering support
Enterprise — $5,000/month | 20 hours/month
Ideal for: Mid-market organizations (150–500 employees) — multi-site healthcare systems, school districts, larger nonprofits with IT teams, board reporting obligations, and significant regulatory surface area.
Included services:
All Advanced services, plus:
Full fractional CIO/CISO function (~1 day/week embedded leadership)
Security steering committee leadership and risk register management
Zero-trust architecture design and implementation oversight
Business continuity and disaster recovery program management
Board-level technology and security reporting
M&A or expansion technology due diligence support
Strategic technology roadmap development and annual planning
Capacity for incident response coordination during active events