STRACE.

SERVICES

Four practices. One firm.

Strace's work spans incident response, compliance, cloud security, and corporate cybersecurity training. Most engagements begin in one practice and extend into adjacent work as the client relationship develops.

Schedule a consultation

THE FOUR PRACTICES

01 · IR

See practice

Incident response & digital forensics

For breaches in progress, retainers for when they come, forensic investigations, threat hunting, IR plan development, and tabletop exercises. Built for organizations that can't afford a slow first 24 hours.

IR-A · RETAINERIR-B · REACTIVE IRIR-C · DIGITAL FORENSICSIR-D · TABLETOPSIR-E · IR PLANIR-F · THREAT HUNTING

Active incident? Call(469) 489-4601

02 · ADV

See practice

Security advisory

Fractional CISO leadership, security strategy roadmaps, governance and risk advisory, and cyber insurance readiness reviews — for mid-market firms operating without a full-time security executive.

ADV-A · vCISO RETAINERADV-B · STRATEGY & ROADMAPADV-C · GOVERNANCE & RISKADV-D · CYBER INSURANCE

03 · CLD

See practice

Cloud security

Assessment-led reviews of cloud security posture for organizations whose business runs on Microsoft 365, Azure, and cloud identity. Findings come with concrete remediation steps; implementation is scoped separately or handed back to your IT or MSP.

CLD-A · POSTURE ASSESSMENTCLD-B · M365 & AZURECLD-C · IDENTITY & ACCESSCLD-D · COMPLIANCE READINESSCLD-E · DETECTION & RESPONSE

04 · TRN

See practice

Security awareness & corporate training

Executive cybersecurity briefings, phishing simulation programs, role-based employee training, and a fixed-scope program for small businesses without security staff.

TRN-A · EXECUTIVE BRIEFINGSTRN-B · PHISHING PROGRAMSTRN-C · ROLE-BASED TRAININGTRN-D · SMALL BUSINESS PROGRAM

HOW CLIENTS ENGAGE STRACE

Six engagement models.

Fixed-scope assessment

Written report, clear deliverables, defined timeline. Used for M365 hardening, CMMC readiness, NIST CSF, cyber insurance readiness, and risk assessments. Typical duration: 2-4 weeks.

Active response engagement

Live engagement with an incident underway. Used for ransomware, BEC, insider threat, cloud compromise, and data exfiltration. Scope defined at incident confirmation.

Remediation project

Hands-on execution of findings from a prior assessment. Used for CMMC remediation, M365 hardening implementation, and policy development. Scoped per-control or per-deliverable.

Advisory retainer

Standing monthly relationship for organizations without an in-house CISO. Used for executive advisory, ongoing risk reporting, and strategic security input.

Training program

Productized educational engagement. Used for executive briefings, phishing simulation programs, role-based curricula, and small business cyber programs. Delivered in person or remote.

Quarterly review

Ongoing oversight cadence. Used for cloud security maintenance, compliance drift detection, and audit-readiness upkeep. Subscription-style with quarterly deliverables.

HOW PRICING WORKS

Strace engagements are scoped around clear deliverables, timelines, and business risk. We do not start work on open-ended hourly terms unless the situation requires it. For most advisory, assessment, training, and hardening work, clients receive a fixed-scope proposal before engagement begins.

Pricing is scoped after a short consultation so we can define the environment, urgency, deliverables, and timeline before quoting. A small number of productized offerings carry public starting prices.

START THE CONVERSATION

Tell us what you're facing. We'll tell you which practice fits.

Schedule a consultationor call (469) 489-4601