Founder-led · Framework-aligned · Transparently priced
Assessments, Microsoft 365 hardening, and 24/7 managed protection for the small businesses and school districts the big firms overlook — real expertise, published pricing, no lock-in.
Free 30-minute consult
Fixed, published pricing
A senior expert answers
150+
Security controls checked
every assessment
6
Compliance frameworks
CIS · NIST · SOC 2 · ISO · HIPAA · PCI
10-day
Report turnaround
fixed timeline
24/7
Managed monitoring
SOC-backed
ALIGNED TO
CIS Controls
NIST CSF
Microsoft 365 & Entra ID
HIPAA
FTC Safeguards
PCI DSS
Why now
The organizations attackers hit hardest are the ones with the least security help.
Ransomware against small businesses and school districts keeps climbing, and cyber-insurers now deny claims when basic controls like MFA aren't in place. You don't need more alerts or a bigger IT budget — you need the right handful of controls, done right.
Most incidents exploit misconfigurations a proper assessment finds in week one.
Insurers are raising the bar
No MFA, no EDR, no policy? Applications get denied and premiums spike.
K-12 is a top target
Districts hold rich data with lean IT teams and tight budgets.
Attacks are automated
Small size is no longer camouflage — bots scan everyone, equally.
Our approach
Four stages, on your timeline — start anywhere, and only take the next step when it's right for you.
01
Assess
Find the gaps — a clear, ranked picture of your real risk.
02
Harden
Close them — MFA, Microsoft 365, network, and identity, done right.
03
Advise
Stay ahead — fractional CISO leadership and insurance readiness.
04
Protect
Keep watch — 24/7 managed detection and response.
Assessments & projects
One-time projects that solve a specific problem — and give you a clear picture of what to do next. Every price is a starting point; final scope depends on your size and environment.
Security Baseline Assessment
Know exactly where you stand — the perfect first step.
from $2,400
External vulnerability scan + Microsoft 365 / identity posture review
Risk register aligned to the CIS Controls (IG1) + cyber-insurance readiness check
Prioritized 12-month remediation roadmap you can act on
Vulnerability Assessment
Find the holes before someone else does.
from $1,900
External assessment $1,900 flat — internal + external with hands-on validation of key findings from $4,500
Full technical report plus a plain-English executive summary
Clear, prioritized remediation plan
Microsoft 365 / Workspace Hardening
Lock down the tools your team lives in every day.
from $2,200
Conditional Access + MFA enforcement, Microsoft Defender configuration
Email authentication (SPF / DKIM / DMARC) + anti-phishing policy
OAuth-app cleanup, backup verification, before/after posture score
IAM / MFA Rollout
The #1 control your cyber-insurer asks for.
from $1,800
Entra ID Conditional Access, Duo, or Okta — designed and rolled out
Phased deployment with clear user communications
Keep your policy: MFA is the most common insurance requirement
Network Security Refresh
A network built to keep intruders out.
from $1,600
Firewall design, install, and segmentation (SonicWall / Palo Alto / UniFi)
Secure remote access and VPN — hardware passed through at cost plus a disclosed margin
Config-review-only option: $950
Password & Identity Audit
Fast, affordable, and eye-opening.
from $1,200
Active Directory / Entra password audit + breach-exposure sweep
Stale-account and privileged-access review
One-week turnaround
Incident-Response Readiness
Be ready before the bad day arrives.
from $1,500
An incident-response plan written for your organization — not a template
A two-hour leadership tabletop exercise
Backup & recovery validation
K-12 Cybersecurity Assessment
Written for superintendents, boards, and insurers.
from $3,500
District-wide review: identity, endpoints, backups, and vendor risk
Cyber-insurance application readiness
Board-ready summary + grant-fundable roadmap
Small-district tier from $3,500; full-district engagement $5,500–7,500
See a real assessment report before you buy
Board-ready, plain-English, with a prioritized 90-day roadmap. Here's a full sample deliverable (fictional district) so you know exactly what you'll get.
Managed protection
Month-to-month protection that keeps working after the project ends — the difference between a point-in-time report and a security program your insurer actually trusts.
Crusader Shield
Our flagship — complete managed protection layered over your existing IT.
from $35
/ user / mo
Managed EDR with a 24/7 SOC backstop
Managed email security + phishing simulation & training
MFA / identity management + monthly external scanning
Quarterly security review with a real person
Optional compliance tier (HIPAA / FTC Safeguards): +$10–20 / user / mo
$400 / mo minimum
Managed EDR / MDR
Endpoint detection & response, watched around the clock.
from $8
/ endpoint / mo
24/7 SOC-backed detection and response
Deployment, tuning, and alert triage handled for you
Monthly rollup report
$250 / mo minimum
Managed Email Security + Awareness
Stop phishing at the door and train your team.
from $5
/ user / mo
Enterprise-grade email filtering with managed policies
Awareness training + monthly phishing simulations
Reporting you can put in front of leadership
$150 / mo minimum
Managed Vulnerability Scanning
Always know what needs fixing.
from $500
/ mo
Monthly external + internal scans, human-validated
Quarterly trend review
Feeds directly into your cyber-insurance renewal
vCISO Retainer
Senior security leadership, without a full-time hire.
from $1,200
/ mo
Foundational — policies, quarterly reviews, insurance questionnaires
Standard ($2,400/mo) — monthly reviews, compliance program, board reporting
Compliance ($3,500–5,000/mo) — audit-ready leadership for financial-services & healthcare
K-12 Defense Subscription
District-wide protection, sized for your student count.
from $500
/ mo
Managed EDR on staff endpoints + identity monitoring
Staff awareness training + phishing simulations (student edition included)
Monthly scans and a quarterly review with your tech coordinator
Builds on — never resells — the free state and CISA services your district already gets
OUTSIDE A FIXED SCOPE
Standard consulting $150 / hr
Emergency incident response (no retainer) $250 / hr
Hardware at cost + disclosed 15–25% margin
How we work
No 40-page proposals or enterprise runaround. A clear process with named deliverables, ending in something you can act on.
01
Kickoff & scope
A short call to confirm scope, access, and what success looks like — fixed price agreed before we start.
02
Assess & collect evidence
External scans, Microsoft 365 / identity review, and configuration analysis mapped to the CIS Controls.
03
Ranked findings report
A plain-English report with technical detail — every finding ranked by real-world risk and effort to fix.
04
Remediation roadmap
A prioritized 12-month plan you own: do it yourself, hand it to your IT team, or have us close the gaps.

Security Assessment
SAMPLE · your logo & findings
B+
68 / 100
POSTURE SCORE
3 critical · 5 high · 11 medium findings, each with a fix.
CRITICAL
MFA not enforced for admins
HIGH
Legacy auth still enabled in M365
MEDIUM
No DMARC enforcement on domain
+ prioritized 12-month remediation roadmap
Founding-client offer
15% off your first engagement in exchange for a short testimonial. A few early spots only.
Why Crusader
Serious security, priced for real budgets — and a person who answers the phone.
Transparent, published pricing
Every engagement starts from a price you can see right here — no opaque quotes, no enterprise minimums.
Senior expertise, direct
You work with a seasoned practitioner — not a junior handed your account after the sale.
Cyber-insurance ready
Built to pass the questionnaires and renewals your insurer and clients now demand.
Powered by our own platform
We run findings and reporting through the Crusader platform — consistent, evidence-backed results.
What we don't do
We don't resell hardware for commission — our advice is vendor-neutral.
We don't lock you into multi-year contracts or auto-renew traps.
We work alongside your existing IT team — we don't try to replace them.
We don't hand your account to a junior — you work with a senior practitioner.
See the platform behind the work
Explore the Crusader security platform with a fully-loaded demo workspace — the same posture scoring, compliance mapping, and reporting we use on every engagement.
Common questions
Do you replace our IT provider?
No. We work alongside your existing IT team or MSP as your dedicated security specialist — the role most small organizations are missing.
What's included in an assessment?
An external vulnerability scan, a Microsoft 365 / identity posture review, a risk register mapped to the CIS Controls, a cyber-insurance readiness check, and a prioritized, plain-English remediation roadmap.
How long does it take?
Most assessments are delivered within 10 business days. Hardening and managed-onboarding timelines are agreed up front, in writing.
Remote or onsite?
We start in person. For Wisconsin clients, the kickoff and initial walkthrough happen onsite — and network refreshes and tabletop exercises are always done in person. From there, most assessment and monitoring work runs remotely and securely, with onsite visits whenever the work calls for it. Outside Wisconsin, engagements are fully remote.
What happens after the assessment?
You get a report you own — no lock-in. Every finding is a clear next step you can act on yourself, hand to your IT team, or have us remediate. Your call.
Do you work with K-12 budgets and grants?
Yes. K-12 engagements are structured for board approval and mapped to grant-fundable remediation wherever state or federal cybersecurity grant programs apply, with reporting written for superintendents and insurers.
How does pricing work?
Fixed scope, fixed price — published right here on this page. No setup fees, no surprise invoices, no auto-renew.
Let's talk
Book a free 30-minute consult. We'll talk through where you stand, what your insurer needs, and the smallest next step that moves you forward — no pressure, no obligation.
Calendar not loading? Open our booking page
Prefer email? Reach us directly at info@crusadersec.com
Madison, Wisconsin — serving Wisconsin and remote clients nationwide