You don't need a CISO.
You need someone to call.

Senior cybersecurity consultants who actually pick up the phone. We help small businesses get compliant, train their teams, respond to incidents, and stay ahead of what's coming — without the enterprise price tag.

See Our Services
Free 30-min consultation
Fixed-fee or retainer
Plain English, always
Why Foil Consulting

Security advice
built for your size.

Most cybersecurity firms are built to serve enterprises and treat small businesses as an afterthought — overpriced engagements, jargon-heavy reports, recommendations you can't actually afford to act on.

We're built differently. Every engagement is scoped, priced, and explained for a small business. You get real expertise, fixed fees where possible, and deliverables you can actually use — not 80-page PDFs that sit in a drawer.

43%
Of attacks target SMBs
And the share is climbing each year.
$200k
Average breach cost
Most SMBs can't absorb that hit.
60%
Close within 6 months
Of breached SMBs that don't recover.
30 Min
Free consultation
Honest assessment, no pitch.
What we do

Nine services.
One complete program.

From the first risk assessment to ongoing strategic leadership, our services map to how SMBs actually grow into security maturity. Pick the ones you need today, add more as you grow.

🎯
Tier 1 · The Front Door
Find out where you actually stand
You can't fix what you can't see. Start here to get a clear, prioritized picture of your real security posture — and the highest-leverage fixes you can make this quarter.
🔍
Cybersecurity Risk Assessment
A top-down review of your business — what's exposed, what's missing, what to fix first. You walk away with a written report and a prioritized remediation roadmap, ranked by risk and effort.
2–3 weeks Fixed fee Includes report
☁️
Microsoft 365 / Google Workspace Hardening
Most SMBs run their entire business on M365 or Google Workspace at near-default settings. We audit and lock it down: MFA enforcement, conditional access, sharing controls, audit logging, and mailbox security.
1–2 weeks Fixed fee High impact
📋
Tier 2 · Compliance
Get audit-ready and stay there
Whether it's a regulator, an insurance carrier, or a customer asking for SOC 2 — we get you ready and keep you there. Real, audit-grade work, scoped for a small business.
🏥
HIPAA Compliance Program
Full readiness for medical, dental, therapy, and any business handling PHI: risk analysis, policies, BAAs, technical safeguards, training, and ongoing attestation support. Annual renewals included.
4–8 weeks setup Annual renewal Required by law
📜
SOC 2 Readiness
Pre-audit consulting that gets you through your first SOC 2 Type 1 and prepares you for Type 2. We handle the controls, evidence, and policies — so when the audit firm shows up, you're ready.
8–12 weeks Fixed fee Auditor-aligned
📑
Cyber Insurance Readiness
We help you accurately complete cyber insurance applications and remediate the gaps that would deny coverage or hike premiums. Save tens of thousands in premiums and avoid claim denials when it matters.
2–4 weeks Fixed fee Renewal-driven
👥
Tier 3 · People & Process
Build a security culture, not a security headache
91% of breaches start with a person clicking the wrong thing. We turn your team into your strongest defense — and give you a security leader on tap, without the $250k salary.
🎓
Awareness Training + Phishing Sims
Quarterly training modules, monthly simulated phishing campaigns, reporting dashboards, and personalized re-training for repeat clickers. Delivered through Foil so your team has one place for everything.
Monthly Recurring Powered by Foil
🧭
Virtual CISO (vCISO) Retainer
Fractional security leadership — monthly strategic guidance, board reporting, vendor reviews, policy ownership, and audit support. Tiered plans starting at 4 hours/month, scaling as you grow.
Monthly retainer 4 / 8 / 16 hr tiers Strategic
🚨
Tier 4 · Resilience & What's Next
Be ready when it matters
Have someone to call when things go wrong, and stay ahead of the threats most SMBs aren't even thinking about yet — like the AI tools your employees are using right now.
🛟
Incident Response Retainer
A pre-paid annual retainer with a guaranteed response SLA — 1-hour acknowledgment, 4-hour engagement. Includes IR plan development, an annual tabletop exercise, and discounted incident hours.
Annual 1hr SLA Peace of mind
🤖
AI Security & Governance
Discover shadow AI usage across your business, vet AI vendors before adoption, build an AI acceptable-use policy, and test LLM-powered apps for prompt injection and data leakage.
3–4 weeks Fixed fee Emerging risk
How we work

No fluff.
Four-step engagements.

Every project follows the same simple shape so you always know what's happening, what it costs, and when you'll see results.

01
Free consultation
A 30-minute call to understand your business, your concerns, and what success looks like. No pitch, no obligation.
02
Fixed-fee proposal
A written scope, timeline, and price. No hourly billing surprises, no hidden change orders. You see the number before we start.
03
Hands-on delivery
A senior consultant runs your engagement — not a junior handed a template. Weekly check-ins, plain-English updates, real artifacts.
04
Ongoing partnership
Most projects roll into a quarterly review or retainer. Your security posture gets better every month — not just at audit time.
Who we help

Built for the
industries we know best.

We work with small businesses across many sectors, but these are the ones where our packaged offerings really shine — because we've done it dozens of times.

🏥
Healthcare
Medical, dental, therapy, MSPs serving HIPAA
⚖️
Law Firms
Client confidentiality, ABA-aligned controls
💼
Professional Services
Accounting, consulting, agencies, RIAs
💻
SaaS & Tech
SOC 2 readiness, AI-first product teams
🏠
Real Estate & Title
Wire fraud defense, transaction security
🏗️
Construction
Bid security, project data, mobile workforce
🛍️
Retail & E-commerce
PCI-DSS, payment security, customer data
❤️
Nonprofits
Donor data protection, on a tight budget
Better together

Consulting that uses
the Foil platform.

Our consulting work doesn't end with a PDF in your inbox. Every engagement plugs directly into the Foil platform so the work continues — automatically tracked, measurable, and visible to your team.

  • Risk assessment findings populate your Compliance Checklist
  • Policies we draft drop into your Policy Center for team acknowledgment
  • Awareness training runs through Foil's training modules
  • vCISO clients use Foil Score as their monthly health metric
🤝
Consulting
🛡️
Foil Platform
📈
Lasting Impact

Expert work that lives on, not a one-time deliverable.

Get started

Free 30-minute
consultation.

Tell us a bit about your business and what's on your mind. We'll get back within one business day to set up a call. No pitch, no pressure.

✓ Got it! We'll be in touch within one business day.
Something went wrong. Please try again or email info@foilsecurity.com.

🔒 Your info stays with us. Never shared, never sold.