Core Principle
Hourly work is the exception. Advisory retainers are the default.
Advisory Retainers
Tier 1: Strategic Advisory Retainer
Ideal for small organizations and nonprofits needing steady guidance.
Includes:
- Monthly executive advisory call (60 minutes)
- On-demand advisory support (email / limited calls)
- Risk and compliance guidance
- Policy review and recommendations
- Vendor and MSP oversight support
Best for:
- Nonprofits
- Early-stage orgs
- Boards without in-house cyber expertise
Tier 2: Governance & Compliance Retainer
Designed for organizations with regulatory exposure or audit needs.
Includes:
- Bi-weekly leadership advisory sessions
- Compliance roadmap (SOC 2, ISO, NIST, etc.)
- Policy and governance framework development
- Audit and assessor preparation
- Executive-level risk reporting
Best for:
- Growing nonprofits
- Regulated SMBs
- SaaS and service organizations
Tier 3: Fractional vCISO / Executive Risk Lead
Full strategic leadership without full-time overhead.
Includes:
- Acting vCISO / security executive role
- Leadership team and board engagement
- Program maturity and roadmap ownership
- Vendor, MSP, and security stack oversight
- Incident readiness and response leadership
Best for:
- Boards needing accountability
- Orgs lacking senior security leadership
- Complex or high-risk environments
Project-Based Work (Selective)
Offered only when paired with advisory engagement:
- Compliance readiness assessments
- Policy and governance overhauls
- Risk assessments tied to leadership outcomes
*Typical Range: $7,500–$25,000+
Allied Cyber Solutions 