Crusader Security

Crusader Security

Boutique security consulting · SMB & K-12

Enterprise-grade security.Without the enterprise price tag.

Founder-led  ·  Framework-aligned  ·  Transparently priced

Assessments, Microsoft 365 hardening, and 24/7 managed protection for the small businesses and school districts the big firms overlook — real expertise, published pricing, no lock-in.

Free 30-minute consult

·

Fixed, published pricing

·

A senior expert answers

150+

Security controls checked

every assessment

6

Compliance frameworks

CIS · NIST · SOC 2 · ISO · HIPAA · PCI

10-day

Report turnaround

fixed timeline

24/7

Managed monitoring

SOC-backed


ALIGNED TO

CIS Controls

NIST CSF

Microsoft 365 & Entra ID

HIPAA

FTC Safeguards

PCI DSS

Why now

The organizations attackers hit hardest are the ones with the least security help.

Ransomware against small businesses and school districts keeps climbing, and cyber-insurers now deny claims when basic controls like MFA aren't in place. You don't need more alerts or a bigger IT budget — you need the right handful of controls, done right.

Most incidents exploit misconfigurations a proper assessment finds in week one.

Insurers are raising the bar

No MFA, no EDR, no policy? Applications get denied and premiums spike.

K-12 is a top target

Districts hold rich data with lean IT teams and tight budgets.

Attacks are automated

Small size is no longer camouflage — bots scan everyone, equally.

Our approach

A clear path from risk to resilience

Four stages, on your timeline — start anywhere, and only take the next step when it's right for you.

01

Assess

Find the gaps — a clear, ranked picture of your real risk.

02

Harden

Close them — MFA, Microsoft 365, network, and identity, done right.

03

Advise

Stay ahead — fractional CISO leadership and insurance readiness.

04

Protect

Keep watch — 24/7 managed detection and response.

Assessments & projects

Fixed-scope engagements, priced up front

One-time projects that solve a specific problem — and give you a clear picture of what to do next. Every price is a starting point; final scope depends on your size and environment.

Security Baseline Assessment

Know exactly where you stand — the perfect first step.

from $2,400


External vulnerability scan + Microsoft 365 / identity posture review

Risk register aligned to the CIS Controls (IG1) + cyber-insurance readiness check

Prioritized 12-month remediation roadmap you can act on

Vulnerability Assessment

Find the holes before someone else does.

from $1,900


External assessment $1,900 flat — internal + external with hands-on validation of key findings from $4,500

Full technical report plus a plain-English executive summary

Clear, prioritized remediation plan

Microsoft 365 / Workspace Hardening

Lock down the tools your team lives in every day.

from $2,200


Conditional Access + MFA enforcement, Microsoft Defender configuration

Email authentication (SPF / DKIM / DMARC) + anti-phishing policy

OAuth-app cleanup, backup verification, before/after posture score

IAM / MFA Rollout

The #1 control your cyber-insurer asks for.

from $1,800


Entra ID Conditional Access, Duo, or Okta — designed and rolled out

Phased deployment with clear user communications

Keep your policy: MFA is the most common insurance requirement

Network Security Refresh

A network built to keep intruders out.

from $1,600


Firewall design, install, and segmentation (SonicWall / Palo Alto / UniFi)

Secure remote access and VPN — hardware passed through at cost plus a disclosed margin

Config-review-only option: $950

Password & Identity Audit

Fast, affordable, and eye-opening.

from $1,200


Active Directory / Entra password audit + breach-exposure sweep

Stale-account and privileged-access review

One-week turnaround

Incident-Response Readiness

Be ready before the bad day arrives.

from $1,500


An incident-response plan written for your organization — not a template

A two-hour leadership tabletop exercise

Backup & recovery validation

K-12

K-12 Cybersecurity Assessment

Written for superintendents, boards, and insurers.

from $3,500


District-wide review: identity, endpoints, backups, and vendor risk

Cyber-insurance application readiness

Board-ready summary + grant-fundable roadmap

Small-district tier from $3,500; full-district engagement $5,500–7,500

See a real assessment report before you buy

Board-ready, plain-English, with a prioritized 90-day roadmap. Here's a full sample deliverable (fictional district) so you know exactly what you'll get.

View sample report (PDF)

Managed protection

Ongoing security, handled for you

Month-to-month protection that keeps working after the project ends — the difference between a point-in-time report and a security program your insurer actually trusts.

Flagship

Crusader Shield

Our flagship — complete managed protection layered over your existing IT.

from $35

/ user / mo


Managed EDR with a 24/7 SOC backstop

Managed email security + phishing simulation & training

MFA / identity management + monthly external scanning

Quarterly security review with a real person

Optional compliance tier (HIPAA / FTC Safeguards): +$10–20 / user / mo

$400 / mo minimum

Managed EDR / MDR

Endpoint detection & response, watched around the clock.

from $8

/ endpoint / mo


24/7 SOC-backed detection and response

Deployment, tuning, and alert triage handled for you

Monthly rollup report

$250 / mo minimum

Managed Email Security + Awareness

Stop phishing at the door and train your team.

from $5

/ user / mo


Enterprise-grade email filtering with managed policies

Awareness training + monthly phishing simulations

Reporting you can put in front of leadership

$150 / mo minimum

Managed Vulnerability Scanning

Always know what needs fixing.

from $500

/ mo


Monthly external + internal scans, human-validated

Quarterly trend review

Feeds directly into your cyber-insurance renewal

vCISO Retainer

Senior security leadership, without a full-time hire.

from $1,200

/ mo


Foundational — policies, quarterly reviews, insurance questionnaires

Standard ($2,400/mo) — monthly reviews, compliance program, board reporting

Compliance ($3,500–5,000/mo) — audit-ready leadership for financial-services & healthcare

K-12

K-12 Defense Subscription

District-wide protection, sized for your student count.

from $500

/ mo


Managed EDR on staff endpoints + identity monitoring

Staff awareness training + phishing simulations (student edition included)

Monthly scans and a quarterly review with your tech coordinator

Builds on — never resells — the free state and CISA services your district already gets

OUTSIDE A FIXED SCOPE

Standard consulting $150 / hr

Emergency incident response (no retainer) $250 / hr

Hardware at cost + disclosed 15–25% margin

How we work

A method you can follow — and a report you own

No 40-page proposals or enterprise runaround. A clear process with named deliverables, ending in something you can act on.

01

Kickoff & scope

A short call to confirm scope, access, and what success looks like — fixed price agreed before we start.

02

Assess & collect evidence

External scans, Microsoft 365 / identity review, and configuration analysis mapped to the CIS Controls.

03

Ranked findings report

A plain-English report with technical detail — every finding ranked by real-world risk and effort to fix.

04

Remediation roadmap

A prioritized 12-month plan you own: do it yourself, hand it to your IT team, or have us close the gaps.

Security Assessment

SAMPLE · your logo & findings

B+

68 / 100

POSTURE SCORE

3 critical · 5 high · 11 medium findings, each with a fix.

CRITICAL

MFA not enforced for admins

HIGH

Legacy auth still enabled in M365

MEDIUM

No DMARC enforcement on domain

+ prioritized 12-month remediation roadmap

Founding-client offer

15% off your first engagement in exchange for a short testimonial. A few early spots only.

Why Crusader

Big-firm expertise, delivered directly

Serious security, priced for real budgets — and a person who answers the phone.

Transparent, published pricing

Every engagement starts from a price you can see right here — no opaque quotes, no enterprise minimums.

Senior expertise, direct

You work with a seasoned practitioner — not a junior handed your account after the sale.

Cyber-insurance ready

Built to pass the questionnaires and renewals your insurer and clients now demand.

Powered by our own platform

We run findings and reporting through the Crusader platform — consistent, evidence-backed results.

What we don't do

We don't resell hardware for commission — our advice is vendor-neutral.

We don't lock you into multi-year contracts or auto-renew traps.

We work alongside your existing IT team — we don't try to replace them.

We don't hand your account to a junior — you work with a senior practitioner.

See the platform behind the work

Explore the Crusader security platform with a fully-loaded demo workspace — the same posture scoring, compliance mapping, and reporting we use on every engagement.

Common questions

Straight answers before you reach out

No. We work alongside your existing IT team or MSP as your dedicated security specialist — the role most small organizations are missing.

An external vulnerability scan, a Microsoft 365 / identity posture review, a risk register mapped to the CIS Controls, a cyber-insurance readiness check, and a prioritized, plain-English remediation roadmap.

Most assessments are delivered within 10 business days. Hardening and managed-onboarding timelines are agreed up front, in writing.

We start in person. For Wisconsin clients, the kickoff and initial walkthrough happen onsite — and network refreshes and tabletop exercises are always done in person. From there, most assessment and monitoring work runs remotely and securely, with onsite visits whenever the work calls for it. Outside Wisconsin, engagements are fully remote.

You get a report you own — no lock-in. Every finding is a clear next step you can act on yourself, hand to your IT team, or have us remediate. Your call.

Yes. K-12 engagements are structured for board approval and mapped to grant-fundable remediation wherever state or federal cybersecurity grant programs apply, with reporting written for superintendents and insurers.

Fixed scope, fixed price — published right here on this page. No setup fees, no surprise invoices, no auto-renew.

Let's talk

You don't need a bigger budget.You need the right controls.

Book a free 30-minute consult. We'll talk through where you stand, what your insurer needs, and the smallest next step that moves you forward — no pressure, no obligation.

Calendar not loading? Open our booking page

Prefer email? Reach us directly at info@crusadersec.com

Madison, Wisconsin — serving Wisconsin and remote clients nationwide