VivianOps
Security Services

The security team for small businesses that don’t have one.

We help small and mid-size businesses find and fix the vulnerabilities attackers will exploit — before they do. Fixed-price engagements. Plain-English reports. Timestamped work logs, so you see exactly what we did and when.

See services Talk to the security team
Why small businesses choose VivianOps

Five commitments, in writing.

  1. 01
    Fixed-price engagements. No extra work mid-project.

    Every engagement has an agreed price before we start. If the work genuinely needs to change, we renegotiate openly — not silently on an invoice.

  2. 02
    Every engagement covered by NDA.

    We sign a mutual NDA before any material work begins. What we find stays between us.

  3. 03
    Transparent, timestamped work logs.

    You receive a log of every testing session: what was run, when, and against which systems. No black-box reports.

  4. 04
    Bound paper documentation, plus encrypted digital copies.

    Findings arrive as a professionally bound physical report and an encrypted digital copy. You control where both live.

  5. 05
    We never resell client findings or research.

    What we learn on your engagement is yours. It does not get packaged into a threat-intel feed, cross-referenced with another client, or sold to anyone.

The attack landscape is shifting

Why now.

Modern AI tools are being used by threat actors to automate reconnaissance and find vulnerabilities faster than human teams can match. The organizations that weather this shift are the ones that hardened up before they had to.

What we offer

Seven services, one method.

Every service starts with a clear scope and a fixed-or-quoted price. Engagements that outgrow their scope get a new quote — they don’t get billed as extras.

Starting at $750

Vulnerability Scan

Professional automated scanning tools run against your external attack surface, then reviewed by a human analyst who prioritizes findings by real-world risk. Delivered as a plain-English report.

Starting at $1,800

Vulnerability Assessment

Hands-on manual review of your infrastructure. An analyst works through your systems, identifies weaknesses a scanner would miss, and delivers prioritized findings with clear fixes for each.

Starting at $2,500 · most engagements $2,500–$6,000

Penetration Testing

A real attack simulation. We actively try to compromise systems the same way an attacker would, then we tell you exactly how we got in and how to close it.

What we cover

External network
Testing your internet-facing systems — firewalls, email servers, VPNs, public web apps. This is what an attacker sees from the outside.
Web application
Testing a specific web app for flaws in how it handles logins, data, and user input — the kind of bugs that let one user read another user’s data.
Internal network
Testing what happens once someone is already inside — plugged into your office network or connected via a compromised VPN. We run this remotely using a small dropbox device you install yourself.

Quoted per engagement

Network Security Hardening

Firewall review and rule cleanup, VLAN design and network segmentation, Wi-Fi security. We fix what we find — we don’t just document it.

Starting at $700

Microsoft 365 & Google Workspace Hardening

Default configurations leave both platforms more permissive than most small businesses realize. We tighten sharing policies, enforce MFA properly, lock down external forwarding, and apply the controls your workforce actually needs — without breaking the tools they rely on.

$500 onboarding + $200/month

Security Watch

A lightweight monthly retainer for businesses that want ongoing watch without hiring a full security team.

Onboarding

A baseline vulnerability scan and a network configuration review, so monthly changes are measurable against a known starting point.

Ongoing, each month

  • Monthly automated vulnerability scan with a short written report.
  • Up to one hour of advisory, by email or short call.
  • Critical-alert notifications if something urgent surfaces between scans.

$75–$125/hr

Security Consultation & Advisory

Hourly help when you need a second set of eyes. Vendor security questionnaires, policy drafts, scoping work before a larger engagement, incident triage questions — whatever lands on your desk that you’d rather not guess at.

What actually happens during a pentest

A week, broken down.

Most penetration tests we run for small businesses follow the same rhythm.

  1. Day 1–2
    Mapping the attack surface.

    We enumerate every system, service, and endpoint in scope. You see what an attacker would see before we do anything else.

  2. Day 3–5
    Manual probing.

    We test by hand, chaining findings where we can. Automated scanners run in the background; human attention drives the test.

  3. Day 6
    Plain-English writeup.

    Every finding gets a severity, a concrete fix recommendation, and screenshots showing exactly what we did. No jargon. No CVSS-only reports.

  4. Day 7
    Walkthrough call.

    We walk your team through the report live. Questions get answered in person. Fix priorities get negotiated openly.

Industries we serve

Small businesses and the teams that support them.

  • Contractors & Trades
  • Real Estate
  • Independent Medical & Dental Practices
  • Professional Services — legal, accounting, therapists
  • Local Retail & Restaurants
  • Nonprofits & Faith-Based Organizations
On pricing

Scoped to your business. Quoted transparently.

Every engagement is scoped to the business. We quote transparently. If budget is a concern, tell us — we’d rather right-size an engagement than lose the chance to help.

Ready to talk?

Email the security team with a sentence about what you’re looking at. We’ll reply with scoping questions, not a sales deck.

Contact the security team