Scoping call
Free. 30 to 90 minutes depending on engagement complexity. We learn the surface, the question, and the deadline. You leave the call knowing whether we are the right firm.
process · 13
Five steps, one engineer, end to end.
The person on the scoping call is the person testing. The person testing is the person writing the report. The person writing the report is the person you talk to on the readout call. No team rotation, no junior pivot, no handoff loss.
01. in scope
What's in scope.
The five steps.
Written SOW + fixed fee
Scope, methodology references, deliverables, timeline, price. All in writing before any work starts. Signed by both sides.
Engagement
Two to eight weeks of active testing depending on scope. Daily updates on critical findings. Slack channel or email, your choice.
Report + readout
Findings written up with severity, exploit chain, fix steps, retest checklist. Live 60 to 90 minute walkthrough with your engineering team.
Retest
One round within 30 days of the report. Each finding re-verified, marked resolved or open with notes. Attestation letter delivered.
02. how we work
How we work on it.
What stays the same across engagement types.
- Same engineer end to endWhoever you talk to on the scoping call runs the test, writes the report, and handles the retest. No handoff loss.
- Fixed fee, agreed in writingHourly rewards slow testing. We are paid for the outcome, not the clock. If we finish early, the price does not change.
- Daily updates on critical findingsCritical findings go in Slack or email the day we find them. No waiting until the report.
- Live readout, not just a PDFEvery engagement ends with a working call. Your engineers ask questions; we answer them.
- Retest includedOne round of post-fix retest in the same engagement price. Verifies your fixes worked.
03. deliverables
What you walk away with.
Why this model.
Continuity
The engineer who finds a bug knows exactly how it works and what fix will hold. Handoff loses that context.
Aligned incentives
Fixed fee aligns us with the outcome. Hourly aligns the consultancy with billable hours.
Faster triage
Daily updates mean your team can fix critical findings before the engagement ends. Report becomes the wrap-up, not the first revelation.
Auditor-friendly
Single named engineer + attestation letter is the format SOC 2 / ISO 27001 auditors expect to see.
04. when
When teams hire us for this.
What we do not do.
We do not bill hourly
Hourly billing rewards slow testing. Most enterprise security buyers cannot get T&M past their CFO in 2026 anyway.
We do not rotate teams mid-engagement
You meet your engineer on the scoping call. You work with them for the engagement. Same person. Always.
We do not run vulnerability scanners and ship the output
Scanner output is the starting point, not the deliverable. Every finding is manually verified.
We do not write reports nobody can act on
Findings include line numbers, code paths, suggested fixes. Engineers can ship from the report.
05. faq
Questions before the call.
Process FAQ.
How fast can we start?
A scoping call within 48 hours, an SOW within a week, kickoff within two to four weeks depending on engineer availability. Faster on request when capacity allows.
What if we need multiple engineers?
For larger engagements we run two or three engineers in parallel, each owning a scoped slice. You always have a single named lead.
What if we need to pause?
Mid-engagement pauses are fine within reason. We hold the engineer for up to four weeks. Beyond that we re-schedule.
Do you sub-contract?
No. Every engagement is run by named senior engineers on staff. We do not white-label to other firms.
Can we observe the testing?
Yes. Most engagements have an open Slack channel with your team. Some clients enjoy shoulder-surfing; others want a quiet engagement. Either works.
Want to start with a scoping call?
Free, no NDA needed, 30 to 60 minutes. You leave knowing whether we fit and what the next step costs.