The perspective behind these engagements comes from 20 years on the enterprise security team — reviewing vendors, making the approve/block calls, and leading a company through IPO. I know what enterprise buyers actually evaluate. I know what boards and investors actually ask. These engagements are built from that side of the table.
WHY EXISTING TOOLS DON'T SOLVE THIS
Already Using Vanta or Drata?
Compliance tools manage documentation. They don't tell you which answers on a 150-question questionnaire will determine your deal — or which security investments will clear your next raise. That judgment requires the perspective of someone who has been on the other side of those decisions. That's what these engagements provide.
HOW I WORK WITH YOU
Not sure where to start? The 20-minute call will tell you.
Security Questionnaire Prioritization + Response
A 150-question questionnaire just landed. I identify the small set of answers that will determine your deal — before engineering loses two days on the wrong ones.
Typical stalled deal cost: $100K–$250K
This engagement: $4,000–$7,500
Step 1 — Identify: rank which questions determine deal approval vs. documentation only.
Step 2 add-on — Respond & Refine: review your draft answers and confirm which will hold up before you submit.
A 150-question questionnaire drops mid-close. A small set determines whether this deal moves. Engineering focuses there — not on all 150. The deal doesn't stall.
Step 1: 1–2 weeks · $4,000 fixed
Step 2 add-on: +1 week · $3,500
Security Questionnaire Readiness
Clear, defensible answers built around how your product actually works — validated once, reused across every deal. Stop rebuilding from scratch.
Four rounds of deal-specific review costs more than building the system once. Avoid $100K–$250K in stalled deal risk.
* Prior engagement fee credited in full within 90 days — conditions apply.
The same questionnaire arrives from a second enterprise prospect. Answers already built and validated. Engineering spends 5 hours, not 22 hours. The deal doesn't wait on security.
2–3 weeks · $16,500 fixed
Security Decision Landscape
Maps what enterprise buyers in your segment actually evaluate, which regulations apply, and which certification path — if any — is right for this stage.
Wrong certification framework costs $50K–$200K+ to unwind. This engagement: $7,500.
Leadership was about to commit to a security certification based on a single enterprise customer's request. The Landscape mapped what buyers across their segment actually evaluate — and which framework, if any, was warranted first. The decision changed before the first dollar was spent.
1–2 weeks · $7,500 fixed
Security Priorities
Roadmap
Defines the small number of security investments that actually matter — based on your product, your enterprise requirements, and your stage.
Avoid $30K–$100K+ in premature programs · Avoid $180K–$300K/yr in early security hires.
* Prior engagement fee credited in full within 90 days — conditions apply.
Leadership was being asked to demonstrate security controls by customers, investors, and an insurance renewal — all at once. The Roadmap defined exactly which improvements would satisfy all three — in priority order. Everything else waited.
4–6 weeks · $32,500 fixed
Ongoing monthly · $7,500 / month
A board security question arrives Tuesday evening. By Thursday morning there's a clear, defensible answer ready — not improvised, not scrambled. Built on a judgment framework that exists for exactly these moments.
$7,500/month = $90,000/year · Full-time CISO: $200K–$350K/year in salary alone — before equity, benefits, or the team they'd build.
CISO-level judgment across enterprise deals, investor diligence, and board conversations — without the full-time hire. One 90-minute advisory session monthly, agenda set 48 hours in advance. Async support for live decisions within 2 business days, Monday–Friday. Scoped to security decisions only — not policies, tool configuration, or incident response.
Fractional CISO — without the department
Security Questionnaire Prioritization + Response
A 150-question questionnaire just landed. I identify the small set of answers that will determine your deal — before engineering loses two days on the wrong ones.
Typical stalled deal cost: $100K–$250K
This engagement: $4,000–$7,500
Step 1 — Identify: rank which questions determine deal approval vs. documentation only.
Step 2 add-on — Respond & Refine: review your draft answers and confirm which will hold up before you submit.
A 150-question questionnaire drops mid-close. A small set determines whether this deal moves. Engineering focuses there — not on all 150. The deal doesn't stall.
Step 1: 1–2 weeks · $4,000 fixed
Step 2 add-on: +1 week · $3,500
Security Questionnaire Readiness
Clear, defensible answers built around how your product actually works — validated once, reused across every deal. Stop rebuilding from scratch.
Four rounds of deal-specific review costs more than building the system once. Avoid $100K–$250K in stalled deal risk.
* Prior engagement fee credited in full within 90 days — conditions apply.
The same questionnaire arrives from a second enterprise prospect. Answers already built and validated. Engineering spends 5 hours, not 22. The deal doesn't wait on security.
2–3 weeks · $16,500 fixed
Security Decision Landscape
Maps what enterprise buyers in your segment actually evaluate, which regulations apply, and which certification path — if any — is right for this stage.
Wrong certification framework costs $50K–$200K+ to unwind. This engagement: $7,500.
Leadership was about to commit to a security certification based on a single enterprise customer's request. The Landscape mapped what buyers across their segment actually evaluate — and which framework, if any, was warranted first. The decision changed before the first dollar was spent.
1–2 weeks · $7,500 fixed
Security Priorities
Roadmap
Defines the small number of security investments that actually matter — based on your product, your enterprise requirements, and your stage.
Avoid $30K–$100K+ in premature programs · Avoid $180K–$300K/yr in early security hires.
* Prior engagement fee credited in full within 90 days — conditions apply.
Leadership was being asked to demonstrate security controls by customers, investors, and an insurance renewal — all at once. The Roadmap defined exactly which improvements would satisfy all three — in priority order. Everything else waited.
4–6 weeks · $32,500 fixed
Ongoing monthly · $7,500 / month
A board security question arrives Tuesday evening. By Thursday morning there's a clear, defensible answer ready — not improvised, not scrambled. Built on a judgment framework that exists for exactly these moments.
$7,500/month = $90,000/year · Full-time CISO: $200K–$350K/year in salary alone — before equity, benefits, or the team they'd build.
CISO-level judgment across enterprise deals, investor diligence, and board conversations — without the full-time hire. One 90-minute advisory session monthly, agenda set 48 hours in advance. Async support for live decisions within 2 business days, Monday–Friday. Scoped to security decisions only — not policies, tool configuration, or incident response.
Fractional CISO — without the department
WHAT CLIENTS SAY
The industries differ. The decision structure — what to say, what to build, what to push back on — is the same.
"Apus stepped in with interim leadership during a critical time, earning trust across IT and business. Professional, focused, and effective."
Chris Foster · CIO · Global Energy Infrastructure Company
"Delivered complex risk assessments with speed, precision, and insight. Exceeded expectations — despite coming from outside our industry."
Eric Lutz · Security Leader · Regional Telecom Provider (Western Canada)
"Apus helped elevate our Cybersecurity Maturity Program with expertise, drive, and a great sense of humor — all while delivering clear, actionable improvements."
Graham Lange · Cybersecurity Director · Mid-Sized Energy Firm
"Nicolas' expertise has helped our cybersecurity program evolve several times over the past few years. He has excellent knowledge combined with the ability to deliver results."