// Deployment Tier

Defender

The full security program on one timeline — all six service lines delivered on cadence, with phishing metrics, executive reporting, and incident readiness included.

$11,999/month

Typical cadence: quarterly assessment · ongoing fixes · annual restore drill · quarterly phishing simulation · monthly executive digest · annual tabletop exercise.

How Defender Works

Defender is the complete program retainer: assessments, fixes, backups, phishing training, reporting, and incident planning — each with hands-on delivery and a durable record in the Defense System. Stakeholders get monthly digests, auditors get traceable evidence, and operators get reminders before work quietly stalls.

Every security workstream has an owner, a status, and a next due date on one timeline.
Phishing risk trends down with cohort coaching tied to simulation behavior.
Board and audit audiences receive consistent packs without rebuilding context each quarter.
Tabletop exercises surface gaps before a live incident does.

What You Receive

Full six-line delivery calendar agreed at onboarding
Quarterly assessments, ongoing fix backlog, annual restore drill proof
Quarterly phishing simulations with metrics and micro-refresher queues
Monthly executive snapshot and auditor-ready evidence index
Annual tabletop with playbook updates and attendance logged
Live Defense System feed with LOG / REMIND / DUE across all workstreams

Request Demo Compare Tiers

Program Rhythm

Charter the program

We align on frameworks, cadence, stakeholders, and success metrics — then activate all six workstreams in your workspace.

Run the technical core

Assessments, fixes, and restore drills execute on schedule; the timeline shows sealed records and open remediation.

Develop people & narrative

Phishing simulations and coaching run quarterly; executive and audit packs ship monthly with traceable artifacts.

Rehearse & improve

Annual tabletops exercise playbooks; findings become logged improvements, not slide-deck shelfware.

Best Fit For

SaaS and tech companies pursuing SOC 2 or ISO 27001 with limited internal security staff
Mid-market firms that need vCISO-level coverage without a full-time hire
Leadership teams that want one partner for assess, fix, train, report, and rehearse incidents
Organizations tired of juggling separate vendors for pentest, awareness, and compliance prep

// Other Deployment Tiers