(407) 227-2078 Tue–Sat 10–6 · Sun 11–4 Serving Sanford, FL & remote
Call me

Pen testing & compliance · Sanford, FL

Let’s find the cracks before someone else does.

I’m a one-person shop that breaks into SaaS and health-tech systems on purpose — then hands you a plain-English report you can actually act on. No fear-mongering, no 80-page PDF you’ll never read.

Book a scoping call See what I test & what it costs
Owner-led, start to finish SOC 2 & HIPAA readiness No retainer required

Who I usually work with

The teams who call me are growing faster than their security can keep up.

Early-stage SaaS

Shipping fast, security stitched on later. Let’s catch it before a customer’s pen test does.

Health-tech & clinics

PHI on the line and HIPAA breathing down your neck. I know what the auditors actually look for.

Chasing SOC 2

A big deal is stuck on a security questionnaire. We’ll get you ready to pass it for real.

Teams after a close call

A near-miss got everyone’s attention. Now you want to know where else you’re exposed.

What an engagement costs

Fixed-scope, fixed-price, billed per engagement.

Every quote is firm before we start. No hourly meter running, no surprise change-orders mid-test. These are honest starting points — final price depends on the size of your stack.

Penetration test$3,500

Break in on purpose

External & web-app testing of your live environment, mapped to OWASP, with every finding ranked by real risk.

Get a quote
Security audit$4,500

The full walk-through

Architecture, access, logging, and your cloud config reviewed against where attackers actually get in.

Get a quote
SOC 2 readiness$6,000

Pass it for real

A gap assessment against the Trust Services Criteria, plus a punch-list and the evidence your auditor will ask for.

Get a quote
HIPAA assessment$4,000

Protect the PHI

A Security Rule readiness review for clinics and health-tech — safeguards, risk analysis, and what to fix first.

Get a quote

How a job actually goes

Four stages, and I walk you through every one.

Open any step to see what happens — and what you’ll have in hand when it’s done.

We get on a call and I learn how your product is built, what worries you, and what’s off-limits. You get a signed scope with a fixed price and clear rules before I touch anything. No grey areas, no “we’ll figure out the bill later.”

I work hands-on through your systems the way a real attacker would, screenshotting and noting each finding as I confirm it. If I hit something serious or time-sensitive, you hear from me that day — not weeks later in a report.

You get a report written for humans: each issue ranked by real-world risk, with the exact steps your engineers need to close it. Then we sit down together so your team can ask questions live — not decode jargon on their own.

Once your team patches, I verify the fixes actually hold and issue a clean letter of attestation you can hand to customers, auditors, or your board. A re-test of the original scope is included in the engagement.

What founders tell me after

Plain talk, not a scare tactic — that’s what people remember.

“He found two things our last vendor missed and explained them so my non-technical co-founder got it. The report unstuck a deal that had been frozen for a month.”

Maya · SaaS founder

“We were dreading the HIPAA conversation. He laid out exactly what to fix first and what could wait, with a real budget. No fear-mongering, just a plan.”

Devin · clinic operations lead
Light moving through a quiet, modern office corridor

Talk to me directly

Tell me what’s keeping you up at night.

Call and you reach me — not a sales desk. The first conversation is free and there’s no obligation. We’ll figure out whether you even need a test, and roughly what it’d cost.

(407) 227-2078 Tue–Sat 10am–6pm · Sun 11am–4pm · Mon closed
Find me 2545 Georgia Ave
Sanford, FL 32771
Open in maps →
Prefer email? hello@lindqvistsecurity.com
Usually a reply within a day.

No spam, no list. I read these myself.

From the workbench

How I think about your security.

Sunlight tracing the lines of a modern concrete stairwell

Threat modeling

I start with who’d actually want in.

A scanner spits out a thousand “findings” and most of them don’t matter. Before I touch your systems, I map what you’re really protecting and who’d come after it. That’s how the report ends up short, specific, and worth your engineers’ time.

Read more about how I work
Light filling an orderly reading room with tall windows

The deliverable

A report your team can act on by Friday.

Every finding gets a real-world risk rating, a reproduction path, and the exact remediation step — not a vague “harden your configuration.” Hand it straight to engineering, then send the attestation letter to whoever’s asking. Want occasional security notes? email me to get on the list.

See the full service breakdown