DEFRAG Methodology

Security that scales with you.

From one-time assessments to full security operations. Four tiers designed to meet your business where it is — and take it where it needs to be.

See Pricing Book 15-min Call

Our Methodology

D.E.F.R.A.G.

Six pillars. One complete security lifecycle. Every tier includes the full D.E.F.R.A.G. methodology — the scope scales, the rigor doesn't.

D Detect
E Evaluate
F Fortify
R Respond
A Audit
G Govern

Pricing

Choose your tier

One-time assessments. Project-based builds. Ongoing management. Or fractional leadership. Pick what fits, upgrade anytime.

ONE-TIME ASSESSMENT

DEFRAG Scan

$1,500

Fixed fee. 10-day delivery.

  • Comprehensive threat detection scan
  • Vulnerability & risk evaluation
  • Essential Eight gap assessment
  • Prioritized remediation roadmap
  • Executive summary report
  • Technical findings documentation
  • 14-day email support
Book Scan →

PROJECT-BASED

DEFRAG Build

$5,000

Fixed fee. 4-week sprint.

  • Everything in DEFRAG Scan
  • Security architecture design
  • Implementation of core controls
  • Policy & procedure templates
  • Incident response playbook
  • Staff security awareness session
  • 30-day post-implementation support
Start Build →
MOST POPULAR

ONGOING MANAGEMENT

DEFRAG Managed

$15,000/qtr

Quarterly engagement. No lock-in.

  • Everything in DEFRAG Build
  • Continuous threat monitoring
  • Monthly vulnerability scans
  • Quarterly security reviews
  • On-call incident response
  • Compliance tracking & reporting
  • Security awareness training
  • 24-hour response SLA
  • Dedicated security lead
Get Managed →

FRACTIONAL LEADERSHIP

vCISO

$3K–8K/mo

Monthly retainer. Scales with needs.

  • Everything in DEFRAG Managed
  • Fractional CISO on retainer
  • Board & executive reporting
  • Strategic security planning
  • Vendor & supply chain risk
  • Security roadmap ownership
  • Audit & compliance liaison
  • 4-hour response SLA
  • Unlimited advisory calls
Discuss vCISO →

Compare

What's included

Every tier builds on the last. Upgrade seamlessly as your needs grow.

Feature Scan Build Managed vCISO
Threat detection scan
Risk evaluation report
Essential Eight assessment
Remediation roadmap
Security architecture
Policy templates
Implementation support
Continuous monitoring
Quarterly reviews
On-call incident response
Fractional CISO
Board reporting
Strategic planning
Response SLA 48 hours 48 hours 24 hours 4 hours
Starting price $1,500 $5,000 $15K/qtr $3K-8K/mo

FAQ

Common questions

What's the difference between Scan and Build?
DEFRAG Scan is an assessment-only engagement. We identify vulnerabilities, assess your Essential Eight compliance, and deliver a prioritized roadmap. DEFRAG Build adds implementation — we don't just tell you what to fix, we help you fix it with architecture design, policy templates, and hands-on support.
How quickly can you start?
Typically within 5-7 business days of booking. Scan and Build engagements have fixed timelines (10 days and 4 weeks respectively). Managed and vCISO engagements start with a 30-day onboarding sprint to align on priorities and establish baseline metrics.
Is there a lock-in contract?
No. DEFRAG Managed is billed quarterly with 30 days notice to cancel. vCISO is month-to-month with the same notice period. We believe in earning your business every cycle, not trapping you in contracts.
Can I upgrade between tiers?
Absolutely. Many clients start with a Scan to assess their position, upgrade to Build to implement fixes, then move to Managed for ongoing coverage. We'll credit any recent Scan or Build fees against your first Managed quarter.
What does vCISO pricing depend on?
vCISO retainers range from $3K to $8K monthly based on organization size, complexity, and meeting load. A 20-person tech company needing monthly board reports sits at the lower end. A 200-person organization with multiple compliance requirements and weekly stakeholder updates sits at the higher end. We'll scope this on the intro call.
Do you work with international clients?
We specialize in Australian SMBs and understand the local compliance landscape (Essential Eight, Privacy Act, industry-specific requirements). While our primary focus is Australia, we do work with NZ and APAC businesses on a case-by-case basis.
What industries do you specialize in?
We have deep experience with professional services, technology/SaaS, financial services, healthcare, and critical infrastructure. If you're unsure whether we're a fit, book a 15-minute call — we'll tell you honestly if we can help or point you to someone who can.

Still have questions?

Book a 15-min call

Ready to get started?

Book a 15-minute intro call. No pitch, just a conversation about where you are and what you need.

Book 15-min call →