How is this different from professional services project work?

Professional services is scoped delivery against a defined SOW; advisory is recurring strategic and architectural input without a fixed deliverable. PS builds the firewall; advisory decides whether the firewall is the right answer in the first place. Many clients carry both, with the advisory monthly retainer alongside PS engagements scoped out of the advisory conversations.

What is the minimum commitment?

Three months. We do not run one-off advisory engagements because the value compounds with context. We need to learn your environment before the recommendations carry weight, and you need to see how we operate before you trust them. After three months the engagement renews monthly unless either party gives 30-day notice.

We already have a CTO or CISO. Why would we add this?

For the same reason your CTO has a network of trusted peers they call. We add depth in specific areas (enterprise network architecture, zero-trust design, observability stack design, vendor evaluation) without competing for the strategic role. Many of our advisory clients have a CTO or vCIO already; we plug in alongside, not in place of.

Do you cover compliance and audit prep work too?

Yes for the architectural and detection-mapping side. We do not stand in as your auditor or sign attestations, and we do not bill ourselves as a vCISO firm with certification overhead. For organizations that need a full vCISO function we partner with specialists and coordinate the work; for SOC 2 or HIPAA architectural readiness inside our existing competencies, we cover it under the retainer.

Security & architecture advisory

Most managed services providers do not have an advisory practice because they do not have anyone capable of running one. The skill set is different from operations, the engagement model is different from project work, and the compensation only justifies itself if the hours are sold against deep, hard-earned expertise rather than generic playbooks. We run this practice because Brian’s career was spent designing the infrastructure the rest of the industry now operates with: zero-trust segmentation at enterprise scale (Cisco ACI with VXLAN/EVPN fabric), hospital network architectures where uptime was patient safety, financial network designs where every millisecond of latency was revenue impact, and global enterprise builds where the topology choice locked in a decade of operational consequences.

The retainer brings that depth into your strategic decision-making at the rhythm your business actually moves: monthly hours, scheduled architecture conversations, on-call availability for the unscheduled ones.

What you get

A principal engineering perspective on your hardest infrastructure and security decisions, delivered as a monthly recurring practice rather than an emergency call:

Architecture reviews of the systems you already run and the ones you are planning. Network topology, identity architecture, cloud landing zones, application delivery, observability strategy. We look for the single points of failure that no individual operator can see because they only own one piece.
Zero-trust architecture design, applied at the network, identity, and application layers. Microsegmentation strategy, conditional-access policy design, application-allow-listing posture. The principles we deployed in ACI fabric at enterprise scale, sized for your environment.
Cloud strategy and migration planning across Azure, AWS, and on-premises Kubernetes (Talos). Landing zone design, identity federation, network connectivity, cost modeling. We do not push you toward a cloud because we resell the licenses; we evaluate against your actual workload economics.
Security posture assessments that go beyond a vulnerability scan. We look at how identity, endpoint, network, and detection layers actually compose, where the seams are, and what would happen if a specific high-likelihood attack scenario played out in your environment today.
Vendor evaluation and selection for the platforms you are about to buy. Firewalls, EDR, SIEM, backup, identity. We give you an unbiased read because we do not have a quota tied to any specific vendor for advisory work.
vCIO functions where appropriate. Budget planning, three-year infrastructure roadmaps, board-level reporting, risk register maintenance. We can run this lane formally or operate alongside an existing internal CTO or CIO.
Incident retrospectives for the times something does go wrong, run as engineering reviews rather than blame sessions, with concrete actions and owners coming out of every one.
Direct principal availability for the unscheduled conversation. The reason to have an advisor on retainer is so the call about the surprise vendor proposal or the late-Friday architecture question lands somewhere useful instead of nowhere.

How we engage

Advisory is a retainer practice. Monthly hours commitment (typically 8 to 16 hours per month for SMB clients, more for organizations with a denser decision cadence) at a flat monthly fee. Hours roll forward up to one month if unused; carry-over beyond that requires renegotiation so the engagement does not drift into a stockpile you never spend.

Three-month minimum commitment to start, then month-to-month with 30-day notice on either side. The minimum is not a sales lock-in tactic; it is the time it takes for the recommendations to carry weight. The first 30 days are mostly listening and reading. By month three the advisory work is operating against context, not against a vendor template.

Pricing is available on request via contact under our vCISO and Strategic Advisory line. For organizations that prefer credit-pack accounting (a defined block of hours billed up front, drawn down over time), we offer that path as well; publishing a full rate card on this site is a near-term follow-up.

What this practice draws on

The advisory practice is grounded in the same operational stack we sell and run, not in a slide deck:

Network architecture depth: Cisco ACI/VXLAN/EVPN at enterprise scale, Fortinet/Palo Alto/Aruba multi-vendor design, datacenter spine-leaf design including SONiC-based deployments, multi-WAN failover and SD-WAN architecture.
Identity and zero-trust expertise: Microsoft Entra ID conditional access, Tailscale and Headscale for mesh overlay, Cloudflare Access for application-layer enforcement, microsegmentation principles applied across all three.
Cloud and platform expertise: Azure (CAF-aligned landing zones), AWS (Well-Architected reviews where appropriate), self-managed Kubernetes on Talos with Cilium networking and ArgoCD GitOps, hybrid scenarios where workloads span on-premises and cloud.
Compliance fluency: practical familiarity with SOC 2, HIPAA, PCI-DSS, NIST 800-53, CIS Controls v8, and the architectural patterns each one favors.

Where this fits

Advisory is the practice that ties the others together. Our managed network clients use the advisory retainer to plan the next refresh, not just operate the current one. Our detection and response clients use it to mature their security posture beyond what the recurring practice produces. Our observability and platform clients use it to think through what they want to measure next as the business grows.

If you have a strategic decision coming up and you would rather get a second opinion from someone who has actually built it, start a conversation.

Frequently asked

How is this different from professional services project work?: Professional services is scoped delivery against a defined SOW; advisory is recurring strategic and architectural input without a fixed deliverable. PS builds the firewall; advisory decides whether the firewall is the right answer in the first place. Many clients carry both, with the advisory monthly retainer alongside PS engagements scoped out of the advisory conversations.
What is the minimum commitment?: Three months. We do not run one-off advisory engagements because the value compounds with context. We need to learn your environment before the recommendations carry weight, and you need to see how we operate before you trust them. After three months the engagement renews monthly unless either party gives 30-day notice.
We already have a CTO or CISO. Why would we add this?: For the same reason your CTO has a network of trusted peers they call. We add depth in specific areas (enterprise network architecture, zero-trust design, observability stack design, vendor evaluation) without competing for the strategic role. Many of our advisory clients have a CTO or vCIO already; we plug in alongside, not in place of.
Do you cover compliance and audit prep work too?: Yes for the architectural and detection-mapping side. We do not stand in as your auditor or sign attestations, and we do not bill ourselves as a vCISO firm with certification overhead. For organizations that need a full vCISO function we partner with specialists and coordinate the work; for SOC 2 or HIPAA architectural readiness inside our existing competencies, we cover it under the retainer.