Three focused service offerings. Each one designed to deliver a specific, measurable outcome for your organization — no fluff, no retainer bloat.
Organizations that need ongoing security leadership but cannot justify a full-time CISO hire.
Dedicated fractional CISO (Melissa Thornton, personally — not a junior associate)
Monthly executive security briefings for leadership/board
Ongoing risk management and security roadmap
HIPAA compliance oversight and audit readiness
Vendor and third-party security reviews
Incident response planning and on-call guidance
Security policy development and maintenance
A mature, documented, defensible security program — led by an experienced CISO — at a fraction of the full-time cost.
Starting at $5,000/month | Retainer-based engagement
Organizations preparing for an audit, renewing cybersecurity insurance, or starting from scratch with HIPAA compliance.
Comprehensive HIPAA Security Rule risk assessment
Gap analysis against current safeguards
Remediation roadmap with prioritized action items
Policy and procedure development
Staff security awareness training
Documentation package for audit defense
Full audit readiness, documented compliance evidence, and a clear roadmap to ongoing HIPAA compliance.
Project-based — scoped after discovery call
Organizations — especially health tech startups and growing practices — that have no formal security program and need one built properly.
Security program design aligned to NIST CSF or HIPAA Security Rule
Asset inventory and risk identification
Security architecture and control framework
Vendor security management process
Incident response plan
Executive security dashboard and reporting
Handoff documentation for ongoing operations
A fully documented, operational security program your organization actually owns and can execute.
Project-based — scoped after discovery call
Book a free 30-minute call. We'll figure it out together.
Book Your Free Consultation