One inbox, fast turnaround. Whether it's a quote, a question, a talk invite or a coffee — drop me a line and I'll get back inside 24 hours.
For quotation and scoping, email is fastest. Response time: under 24 hours, every day of the week.
A few things people ask before reaching out.
Typical lead time from first email to engagement start is 1–2 weeks, depending on calendar & scope complexity. Urgent work can sometimes be slotted in faster — ask.
Hourly. Tier 1 (web, API, external network, cloud config) starts from $60/hr. Tier 2 (mobile, thick client, internal network) starts from $80/hr. Tier 3 (AI/ML, agentic AI, code review) starts from $100/hr. Fixed-price quotes available for well-defined scopes.
Full reporting (exec summary + technical detail), kick-off call, read-out call with eng + leadership, 3 months of free re-testing on remediated findings, and report updates post-remediation. No surprise add-ons.
Yes. vCISO and advisory engagements are typically monthly retainers with a defined set of deliverables & standing meetings. Pentest retainers (e.g. quarterly assessments for SaaS products) are also available.
You'll work directly with me end-to-end — scoping, kick-off, testing, reporting, read-out, re-testing. No junior handoffs. This is the whole point of how I've structured the practice.
I take on a small number of mentees at a time. Sessions are bi-weekly, focused on whatever moves the needle for you. Apply via email with a short note on where you're at and where you want to go.
I'm always happy to consider talks, podcasts, panels and workshops — particularly on recon, methodology, business-logic abuse, cookie/auth attacks, AI/ML security, and the consultancy side of the work. Email with details.
Routinely. Mutual NDAs are signed before any sensitive scoping details are shared. Customer references are available on request, with permission.