Three shapes of engagement, one rate, one way to start a conversation.
scoped engagement, fixed deliverable — a threat model for a product, a code review of a defined component, a vendor security review. We agree on the scope and the artifact up front; I quote a fixed price; you get the deliverable on a date we set. Most of my work fits this shape — fixed-price engagements force the scoping conversation to happen up front, which is where the most expensive misunderstandings get caught.
time-and-materials advisory — ongoing, hourly. For teams that need a security partner across several workstreams at once and can't usefully be cut into discrete deliverables. Comes with a soft floor and a soft ceiling on hours per month so neither of us is surprised.
workshops and short engagements — half-day or one-day sessions to bootstrap a practice. Most often this is threat modeling, occasionally code review or AI-system review. Useful when a team has the capability but lacks the muscle memory.
$200/hour USD, or the local-currency equivalent. Scoped engagements are quoted as a fixed price after a short scoping conversation; the rate is the basis for the quote, not a cap on it. Remote-first; on-site is possible for the right engagement and gets a separate line item.
Standard MSA and NDA terms are fine — happy to sign yours, happy to provide one if you don't have a preference. I don't take equity in lieu of fees.
Email [email protected] with a few sentences about the work. Useful things to include in a first message: the rough shape of the problem, the timeframe you're working against, and any constraints that aren't obvious (regulated industry, airgapped environment, an incident in the recent past, a deadline you can't move).
What happens next: a 30-minute call to confirm the fit and the scope, then either a fixed-price quote and a start date or a polite "this isn't my shape of work, here's who you might ask instead." Either is a fine outcome.
Not sure if your problem fits? /whatido covers the kinds of work I take on.