Cybersecurity · Defense · Detection · Response

Security that stands up to real audits.

Prevention, detection, response, and compliance alignment — sized for regulated businesses, not Fortune 100 budgets. NIST, CMMC, NYDFS 23 NYCRR 500, and SOC 2 aligned. Top Secret cleared senior consultants on every engagement.

Six Service Lines

Cybersecurity, end-to-end.

Prevention, detection, testing, response, ongoing management, and the documentation auditors actually want to see. Engage piece by piece or under one ongoing retainer.

01 · Prevention

Prevention & Hardening

Stop attacks before they start.

  • Firewall configuration & network segmentation
  • Endpoint detection & response (EDR) deployment
  • Multi-factor authentication enforcement
  • Email security & phishing protection
  • Ransomware-ready backup architecture
  • Zero-trust identity & access controls
Project or retainer · from $200/hr
02 · Detection

Detection & Monitoring

24/7 visibility into what’s happening on your network and endpoints.

  • SIEM deployment & tuning
  • EDR / XDR monitoring & alerting
  • Privileged-access review & identity off-boarding
  • Dark-web credential monitoring
  • Patch management & vulnerability tracking
  • Monthly posture report
From $3,500/month managed
03 · Testing

Penetration Testing

Find weaknesses before someone else does.

  • External attack-surface assessment
  • Internal network penetration test
  • Web application security testing
  • Social engineering & phishing simulations
  • Wireless network security review
  • Findings report with prioritized remediation and re-test
From $5,500 · Scope-dependent
04 · Response

Incident Response & Forensics

When something has gone wrong — senior responders, on the phone, fast.

  • Source & method identification
  • Scope of compromise — what data, which systems
  • Active-threat containment
  • Forensic analysis & evidence preservation
  • Regulatory breach-notification support
  • Post-incident report with root cause & hardening
See Incident Response →
05 · Compliance

Compliance Alignment

The security controls and documentation regulated industries are required to maintain.

  • HIPAA, FINRA, SEC 17a-4, GLBA, SOC 2
  • NIST 800-171 / CMMC readiness
  • NYDFS 23 NYCRR 500 cybersecurity rule
  • PCI-DSS scope reduction
  • Audit-ready policy & procedure documentation
  • Examination preparation & auditor coordination
See Compliance →
06 · Training

Security Awareness Training

The most-exploited vulnerability is still the inbox. Train your team to recognize it.

  • Live half-day session — up to 25 staff
  • Phishing, BEC, vishing, and deepfake awareness
  • Password hygiene & MFA enrollment
  • Mobile device & remote work security
  • Quarterly phishing simulations included for retainer clients
  • Completion certificates for HIPAA / FINRA documentation
$3,500 flat · one half-day session
Pricing & Engagement Models

Hourly, fixed-price, or monthly managed.

Engage how you want — one project at a time, or on an ongoing retainer. Cybersecurity rates start higher than general IT because the work requires senior specialists.

Hourly Consulting

On-demand cybersecurity

$200 /hr

For one-off questions, second opinions, vendor evaluation, control reviews, or short engagements that don’t need a full scope. No retainer, no minimum.

Posture Audit

Cybersecurity Posture Audit

$3,500 · 5 business days

External & internal review, EDR coverage check, MFA enforcement, identity off-boarding, backup-restore test, IR readiness. Written report with prioritized roadmap.

See in Compliance Audits →
Penetration Test

External & internal pen test

From $5,500 · Scope-dependent

External attack-surface, internal network, web-app, wireless, and optional social-engineering scope. Written findings report with risk ratings and one round of re-testing after remediation.

Awareness Training

Live half-day session

$3,500 flat · up to 25 staff

Phishing, BEC, MFA, password hygiene, remote-work security. Includes completion certificates for HIPAA / FINRA documentation. Quarterly phishing sims included for retainer clients.

Most Popular · Managed

Ongoing Security Management

From $3,500 /month

EDR/XDR monitoring, SIEM, MFA enforcement, patch management, identity off-boarding, dark-web monitoring, quarterly phishing simulations, monthly posture report. Tiered by user count.

Emergency Response

Active incident now

$600–$1,200 /hr

Ransomware, breach, business-email compromise, IT disaster. Senior responders on the phone within the hour. Retainer pricing available for predictable response cost.

See Incident Response →
Why Winston IT for cybersecurity

Cleared, certified, and on the regulated side of the table.

We’ve sat across from auditors and regulators — OCR, FINRA, SEC, DoD program managers. What that means: our deliverables look like what the auditor expects to see, not what looks impressive in a pitch deck.

Top Secret cleared

Active DoD clearance. We work in government & cleared-contractor environments where the bar is highest, and we bring those controls back to commercial clients.

MCSE & security-certified

Senior consultant on every engagement, never a junior. Microsoft, Cisco, Fortinet, CrowdStrike, SentinelOne, and major-vendor expertise on the team.

Regulated-industry experience

HIPAA in healthcare and dental. FINRA & SEC in financial services. ABA confidentiality in law. CMMC in defense. We’ve done the work the regulations actually require.

Documentation auditors accept

Policy, procedure, evidence, attestation — in the format your regulator expects. So when the exam comes, you hand over a binder instead of building one in a panic.

Worried about your security posture? Or want a second opinion?

20-minute scoping call. We’ll tell you what fits your situation, what doesn’t, and roughly what it costs.

Contact Winston IT