VivianOps
Security Services

The security team for small businesses that don’t have one.

We help small and mid-size businesses find and fix the vulnerabilities attackers will exploit — before they do. Fixed-price engagements. Plain-English reports. Timestamped work logs, so you see exactly what we did and when.

See services Talk to the security team
Why small businesses choose VivianOps

Five commitments, in writing.

  1. 01
    Fixed-price engagements. No extra work mid-project.

    Every engagement has an agreed price before we start. If the work genuinely needs to change, we renegotiate openly — not silently on an invoice.

  2. 02
    Every engagement covered by NDA.

    We sign a mutual NDA before any material work begins. What we find stays between us.

  3. 03
    Transparent, timestamped work logs.

    You receive a log of every testing session: what was run, when, and against which systems. No black-box reports.

  4. 04
    Documentation delivered in plain language.

    Engagements of $1,500 or more include a professionally printed binder with all findings, plus an encrypted USB copy. All engagements include encrypted digital copies and timestamped work logs.

  5. 05
    We never resell client findings or research.

    What we learn on your engagement is yours. It does not get packaged into a threat-intel feed, cross-referenced with another client, or sold to anyone.

The attack landscape is shifting

Why now.

Modern AI tools are being used by threat actors to automate reconnaissance and find vulnerabilities faster than human teams can match. The organizations that weather this shift are the ones that hardened up before they had to.

What we offer

Our services.

Every service starts with a clear scope and a fixed-or-quoted price. Engagements that outgrow their scope get a new quote — they don’t get billed as extras.

Starting at $750

Vulnerability Scan

Professional automated scanning tools run against your external attack surface, then reviewed by a human analyst who prioritizes findings by real-world risk. Delivered as a plain-English report with remediation guidance for each finding.

$1,800–$3,000 depending on scope

Vulnerability Assessment

Everything in the Vulnerability Scan, plus manual verification of automated findings and deeper review of network configuration, access controls, security policies, password policies, admin access, and backup procedures. Includes a prioritized remediation roadmap with timeline recommendations and a 30-minute debrief call.

Starting at $3,000 · most engagements $3,000–$6,000

Penetration Testing

A real attack simulation. We actively try to compromise systems the same way an attacker would, then tell you exactly how we got in and how to close it.

Three types

  • External network

    Testing internet-facing systems — firewalls, email servers, VPNs, public web apps. What an attacker sees from the outside.

  • Web application

    Testing a specific web app for flaws in how it handles logins, data, and user input — the kind of bugs that let one user read another user’s data.

  • Internal network

    Testing what happens once someone is already inside — plugged into your office network or connected via a compromised VPN. Runs remotely using a small dropbox device you install yourself.

Bundle discounts

  • Two types together: 10% off the combined quoted price.
  • All three types together: 15–20% off the combined quoted price.

What you get

  • Active manual testing — not a tool report dressed up.
  • Detailed findings report with proof-of-concept evidence.
  • Risk ratings tied to your specific business, not generic CVSS scores.
  • Remediation guidance with step-by-step fix instructions.
  • Day 7 walkthrough call.
  • Printed binder, encrypted digital copies, and timestamped work logs.

$100/hr simple work · full hardening quoted ($1,000–$3,000 typical)

Network Security Hardening

Locking down the network your business runs on. We fix what we find — we don’t just document it.

Simple work ($100/hr)

  • Network segmentation.
  • Creating SSIDs and basic Wi-Fi security.
  • Basic router configuration.
  • Simple, targeted fixes.

Full hardening (quoted)

  • Everything above, plus:
  • Firewall rule review and cleanup.
  • VLAN design and implementation.
  • Remote access security — VPN setup, RDP lockdown.
  • Wi-Fi security audit.
  • Written documentation of all changes.

Starting at $700 · typical engagement $700–$1,200

Microsoft 365 & Google Workspace Hardening

Full security audit of your Microsoft 365 or Google Workspace configuration. MFA enabled for all users, admin access reviewed, email security configured (SPF, DKIM, and DMARC — the three records that stop attackers from spoofing your domain in email), sharing and permissions reviewed, conditional access policies set. Written report of every change we make.

Sizing

  • 1–5 users: ~$700–$750
  • 6–15 users: ~$800–$1,000
  • 16–25 users: ~$1,000–$1,200

$400/month + $500 onboarding

Security Watch (Monthly Retainer)

The monthly security guy on retainer. Monthly vulnerability scan with human review, critical-alert notifications between scans, and included advisory time for the questions that land on your desk.

Onboarding includes

  • Baseline vulnerability scan.
  • Network configuration review (review only — not hardening).
  • Documented security baseline.

Each month includes

  • Monthly vulnerability scan with human review and a short written report.
  • Critical-alert notifications if something urgent surfaces between scans.
  • Advisory time for questions, vendor reviews, and incident triage.

$100–$125/hr · 1 hour minimum

Security Consultation & Advisory

Hourly help when you need a second set of eyes. Vendor security questionnaires, policy drafts, scoping work before a larger engagement, incident triage questions — whatever lands on your desk that you’d rather not guess at.

  • $100/hr — general advisory.
  • $125/hr — hands-on technical security work.

Prices are starting points. If budget is a concern, say so — we’ll work with you.

Need something simpler?

General tech work.

  • $75–$100/hr — simple tech work (data transfer, device setup, basic configuration).
  • $125/hr — technical or security-focused work.
  • 1 hour minimum for all hourly work.

Hourly rates flex too. Tell us the work and your budget — we’ll figure out a fit.

What actually happens during a pentest

A week, broken down.

Most penetration tests we run for small businesses follow the same rhythm.

  1. Day 1–2
    Mapping the attack surface.

    We enumerate every system, service, and endpoint in scope. You see what an attacker would see before we do anything else.

  2. Day 3–5
    Manual probing.

    We test by hand, chaining findings where we can. Automated scanners run in the background; human attention drives the test.

  3. Day 6
    Plain-English writeup.

    Every finding gets a severity, a concrete fix recommendation, and screenshots showing exactly what we did. No jargon. No CVSS-only reports.

  4. Day 7
    Walkthrough call.

    We walk your team through the report live. Questions get answered in person. Fix priorities get negotiated openly.

Industries we serve

Small businesses and the teams that support them.

  • Contractors & Trades
  • Real Estate
  • Independent Medical & Dental Practices
  • Professional Services — legal, accounting, therapists
  • Local Retail & Restaurants
  • Nonprofits & Faith-Based Organizations

All prices listed are starting points. Every business is different, and we’d rather work with you on pricing than lose the chance to help. If budget is a concern, say so — we’ll find a way to make it work.

Ready to talk?

Email the security team with a sentence about what you’re looking at. We’ll reply with scoping questions, not a sales deck.

Contact the security team