CD Grayson is a small data and cybersecurity consultancy. We audit, test, harden, and watch — on your behalf, on purpose, without noise. For companies that need careful attention, not a kitchen-sink platform.
Services priced to start. Every engagement is scoped against what you actually need, not a template. Starting prices reflect minimum engagement; real numbers come after a conversation.
A structured review of how your technology, data, and access are configured — measured against reasonable standards for a business your size. Findings, evidence, remediation plan. Readable by non-specialists, actionable by engineers.
Hands-on testing of web applications and internal networks. We find what an attacker with moderate skill and patience would find, before they do. Reports include technical findings, business impact, and a ranked remediation path.
Ongoing vulnerability scanning, log review, tool configuration, and a person to call when something looks wrong. Built for companies that need security attention but don't need — or can't afford — a full in-house security team.
Clean the data, move the data, visualize the data. We build pipelines between systems that don't talk to each other, remediate datasets that have drifted, and stand up dashboards a non-analyst can read.
Managed hosting and compute for clients who'd rather have it run by the people already handling their security. Bundled with monitoring, backups, and hardened configurations by default. A supporting service for the companies we're already working with.
Five questions. Honest answers. A calibrated sense of where you are, and where to start, in under a minute. No email required.
Deliberate about what we adopt. These are the tools we use day-to-day — not a logo wall of every vendor we've ever heard of.
A few principles we hold to — because security and data work done in a rush produces work you'll have to redo later.
Every engagement starts with a conversation about what matters to your business. We don't run tools for the sake of running tools. What we test, where, and why — decided together, in writing, before we start.
A finding without a fix is a fear. Our reports describe what's wrong, what it means in business terms, and what to do — ordered by actual risk, not by the alphabet.
Most of our work is ongoing. We'd rather know ten clients well than fifty clients superficially. If that's not the kind of fit you're looking for, we'll say so.
We're a small team. We say no to work we can't do well. If your need is outside our strength, we'll tell you, and refer you if we can.
Small to mid-sized businesses — especially ecommerce stores, professional services firms, and healthcare practices. Engagements generally run between $3,000 for a focused project and $60,000 annually for a retainer relationship. If you're smaller, we'll usually suggest a narrower scope rather than turn you away. If you're larger, we may not be the right fit, and we'll tell you.
Yes — we help clients prepare for SOC 2, PCI, and HIPAA audits by identifying gaps, implementing required controls, and producing evidence. We're not an auditor and don't issue attestation reports. We make you ready for the auditor who does.
Security audits run 2–4 weeks. Penetration tests run 1–3 weeks depending on scope. Data engineering projects vary from a week to several months. Retainer relationships are ongoing with monthly deliverables. Concrete timelines come after the scoping conversation.
Yes, as a matter of course. Either your NDA or ours — we don't insist on one over the other. Sensitive engagements usually operate under mutual NDA plus a scoping agreement that defines boundaries and authorization.
Secure hosting is a supporting service for clients already working with us on security or data. We bundle hardened configurations, backups, and monitoring. It's not a standalone product, and we don't compete with general-purpose hosting providers.
Smaller. More deliberate. You talk to the people doing the work, not an account manager. The tradeoff is that we can't scale to very large engagements or 24/7 global coverage. If you need those, a larger firm is probably a better fit. We'll be honest about which side of that line you fall on.
Tell us what you're working with. We'll reply within a business day with questions, a scope, or an honest note that we're not the right fit.
hello@cdgrayson.net