Startup Security Bundles

Security coverage built for
fast-moving startups

Pick the bundle that fits your risk profile. Billed quarterly, free retesting included, and you can add services as you grow.

Billed quarterly
Free retesting included
Client portal access
Start in 1–2 weeks

Choose your coverage

Each bundle is a full-year program billed quarterly. Combine all three with Full Stack for the best value.

Most Popular

Offensive Security Bundle

Find and fix vulnerabilities before attackers do. Best for startups handling user data or closing enterprise deals.
$37,500/yr
~$9,375/quarter · 12 months of coverage
Save 40%+ vs. a la carte
Testing Hours 160 hrs/yr
Retesting Hours 24 hrs included
  • 2x Web Application Pentests
  • 1x Network / Infrastructure Pentest
  • 1x API Security Assessment
  • Quarterly Vulnerability Scanning
  • Attack Surface Management (ASM)
  • Continuous Vulnerability Management
  • Executive Reports & Board Summaries
  • Client Portal & Remediation Tracking
Book a Scoping Call
24/7 Coverage

Defensive Security Bundle

Continuous monitoring and response. For startups that need always-on detection without hiring a full in-house SOC.
$39,500/yr
~$9,875/quarter · 12 months of coverage
Save 35%+ vs. building in-house
  • SOC as a Service (24/7/365)
  • SIEM & Log Management
  • Endpoint Detection & Response (EDR)
  • Incident Response Retainer
  • Attack Surface Management
  • Threat Intelligence Feed
  • Monthly Security Review Reports
  • Client Portal & Alert Management
Book a Scoping Call
Audit-Ready

Compliance Package

Get audit-ready and stay compliant. In partnership with Anchorpoint for full GRC coverage.
$42,500/yr
~$10,625/quarter · 12 months of coverage
Includes pentest + full audit prep
Testing Hours 80 hrs/yr
Retesting Hours 16 hrs included
  • Compliance Pentest (SOC 2, ISO 27001, or PCI DSS)
  • Gap Assessment & Readiness Review
  • Policy & Procedure Templates
  • Auditor-Ready Reporting
  • Continuous Compliance Monitoring
  • Vulnerability Management
  • Quarterly Security Reviews
  • Add Vanta or Drata automation (+$5,000/yr)
Book a Scoping Call

Need everything? Ask about our Full Stack Bundle, offensive + defensive + compliance starting at $99,000/yr (save 15%+). Contact sales →

Want to pick individual services? Build your own custom bundle - choose exactly what you need and save up to 20% when you stack 6+ services.

Build Your Bundle

How it works

From signed contract to first deliverable in under two weeks.

1
Book a scoping call 30 minutes. We learn your stack, your goals, and your timeline.
2
Scope & contract You get a clear statement of work within 48 hours. No surprises.
3
We kick off Access your portal, meet your team, and we start in 1–2 weeks.
4
Ongoing coverage Quarterly assessments, continuous monitoring, remediation support.

Bundle comparison

Not sure which fits? Here's what each covers at a glance.

Feature Offensive Defensive Compliance
Testing & Assessments
Web Application Pentest
Network / Infrastructure Pentest
API Security Assessment
Compliance PentestSOC 2 / ISO 27001 / PCI DSS
Gap Assessment & Readiness Review
Continuous Monitoring
Attack Surface Management (ASM)
SOC as a Service (24/7/365)
SIEM & Log Management
Endpoint Detection & Response
Continuous Compliance Monitoring
Quarterly Vulnerability Scanning
Reporting & Support
Free Retesting
Executive Reports
Auditor-Ready Reporting
Client Portal Access
Incident Response Retainer
Pricing
Annual Price $37,500/yr $39,500/yr $42,500/yr
Quarterly Payment ~$9,375 ~$9,875 ~$10,625

Common questions

Can I switch bundles mid-year?

Yes. We can adjust your program at any quarterly renewal. Need to add compliance testing because you landed a new enterprise customer? Just let your account manager know and we'll scope the change.

What's included in the client portal?

Every bundle includes access to our client portal where you can track findings, view remediation status, download reports, and communicate with your assigned team. No additional software to manage.

How long does it take to get started?

We typically kick off within 1–2 weeks of a signed contract. Book a scoping call and we'll walk through your environment, agree on a schedule, and get you a statement of work within 48 hours.

Is retesting really included?

Yes. The Offensive and Compliance bundles include dedicated retesting hours (24 hrs and 16 hrs respectively) so your developers can fix findings and we confirm the fix at no extra cost.

Can I combine bundles?

Absolutely. The Full Stack Bundle combines all three at $99,000/yr, saving 15%+ vs. buying individually. Or mix two: Offensive + Compliance is a common combination for startups on the SOC 2 path.

Do you offer startup pricing?

These bundles are our startup pricing. Each saves 40–50% vs. purchasing services individually, billed quarterly so there's no large upfront commitment. See full pricing for individual service rates.

Ready to Get Started?

Book a free scoping call. We'll review your environment, recommend the right bundle, and give you an exact quote, no pressure.

Book a Free Consultation
Or see all individual service pricing →
Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!