(407) 227-2078 Tue–Sat 10–6 · Sun 11–4 Serving Sanford, FL & remote
Call me

Fixed scope · fixed price · billed per engagement

Four ways I find what your scanners miss.

Pen tests, audits, and compliance readiness — each one quoted firm before we start, each one ending in a report your engineers can act on this week. Here’s exactly what’s in every engagement and what it runs.

01

Penetration test

From $3,500Per engagement

I break into your live external surface and web app the way a motivated attacker would — chaining small misconfigurations into real access, then proving it with a clear reproduction path. Mapped to the OWASP Top 10 and tested by hand, not just a scanner left running overnight.

  • External network & internet-facing services
  • Authenticated web-app testing across user roles
  • Auth, session, and access-control logic
  • Business-logic abuse, not just injection patterns
  • Same-day heads-up on anything critical

You walk away with

A risk-ranked report, a remediation walk-through call, and a free re-test of the original scope once you’ve patched.

Typical length: 1–2 weeks Best for: SaaS shipping a customer-facing app
Get a firm quote
02

Security audit

From $4,500Per engagement

A full walk-through of how your system is built and run — architecture, identity and access, cloud configuration, logging, and secrets handling — reviewed against where attackers actually get a foothold. Less “here’s a vulnerability”, more “here’s the pattern that keeps creating them.”

  • Cloud config review (AWS, GCP, or Azure)
  • IAM, roles, and least-privilege gaps
  • Secrets management & data handling
  • Logging, alerting, and incident readiness
  • Dependency & CI/CD pipeline review

You walk away with

A prioritized findings report with a root-cause view, plus a 90-day fix roadmap your team can budget around.

Typical length: 2–3 weeks Best for: Teams that grew faster than their setup
Get a firm quote
03

SOC 2 readiness

From $6,000Per engagement

A gap assessment against the Trust Services Criteria, so you walk into the actual audit knowing you’ll pass. I tell you what’s in good shape, what’s missing, and exactly what evidence your auditor will ask to see — then help you stand it up before the clock starts on your observation window.

  • Gap assessment across the relevant criteria
  • Control punch-list ranked by audit weight
  • Policy & evidence templates you can adopt
  • Vendor & access-review processes mapped out
  • A straight answer on Type I vs. Type II timing

You walk away with

A readiness report, a finished control punch-list, and answers to the security questionnaires holding up your deals.

Typical length: 3–4 weeks Best for: A deal stuck on “are you SOC 2?”
Get a firm quote
04

HIPAA readiness assessment

From $4,000Per engagement

A Security Rule readiness review built for clinics and health-tech handling PHI. We work through the required risk analysis, the administrative, physical, and technical safeguards, and where your data actually flows — then I tell you what to fix first and what can wait, with a real budget attached.

  • Required Security Rule risk analysis
  • Where PHI lives, moves, and who can reach it
  • Access controls, encryption, and audit logging
  • Business associate & vendor exposure
  • Breach-response gaps surfaced before they bite

You walk away with

A documented risk analysis, a safeguards gap report, and a fix-this-first plan you can defend if you’re ever asked.

Typical length: 2–3 weeks Best for: Clinics & health-tech touching PHI
Get a firm quote

No matter which one you pick

Three things every engagement comes with.

The price you’re quoted isn’t just the testing — it’s these too. Standard, never an upsell.

A report for humans

Every finding ranked by real-world risk, with a reproduction path and the exact remediation step — never a vague “harden your config” left for your team to decode.

A live walk-through

We sit down together so your engineers can ask questions in real time. You’re not handed a PDF and left to figure out what mattered most.

A re-test & attestation

Once you’ve patched, I verify the fixes actually hold and issue a clean letter you can hand to customers, auditors, or your board.

A quiet desk with a scope outline and laptop terminal in soft daylight

How the price works

The number you’re quoted is the number you pay.

Every starting figure on this page is honest — the final price depends only on the size of your stack, and I set it firm before any work begins. Here’s what that actually means for you:

  • One fixed price agreed in writing before I touch anything — no hourly meter running in the background.
  • No surprise change-orders mid-engagement. If the scope genuinely needs to grow, we agree the new number first.
  • You’re invoiced per engagement, not locked into a retainer. Come back when you actually need me.
  • The scoping call is free, and if a test isn’t the right move for you, I’ll tell you that straight.
Book a free scoping call

Before you reach out

The questions I get most.

If yours isn’t here, just call — I’d rather answer it directly than have you guess.

On the scoping call I learn how your product is built, how many apps and environments are in play, and what worries you most. That’s enough to set a firm number for a clearly defined scope. If something genuinely outside that scope turns up, I tell you and we agree a new figure before I keep going — you’re never billed for a surprise.

Usually not — the cheapest time to fix a security problem is before customers and their auditors are leaning on it. If you have a working app in a staging or production-like environment, there’s plenty to test. If you’re truly too early, I’ll say so on the call rather than sell you something you don’t need yet.

A readiness assessment isn’t the audit itself — a separate licensed auditor issues the SOC 2 report, and HIPAA is enforced by regulators. What I do is get you ready to pass it for real: surface every gap, give you the punch-list and evidence the assessor will ask for, and make sure you’re not blindsided on the day. I’m happy to coordinate with whichever auditor you choose.

Most engagements run one to four weeks depending on the type and the size of your stack — the estimates are listed with each service above. You don’t wait until the end to hear about anything serious: if I find a critical issue mid-test, you get a heads-up that same day so you can start fixing it.

Me, start to finish. This is a one-person shop on purpose — the person you talk to on the scoping call is the person doing the testing, writing the report, and sitting in the walk-through. Nothing gets handed off to a junior or offshored.

Yes — a re-test of the original scope is part of the engagement price, not an add-on. Once your team patches, I verify the fixes hold and update the attestation letter. A report that says you fixed things is worth a lot more than one that just lists problems.

Light moving through a quiet, modern office corridor

Pick the right engagement together

Not sure which one you need?

Call and you reach me — not a sales desk. Tell me what’s driving this and we’ll figure out which engagement fits, roughly what it’d cost, and whether you even need it yet. The first conversation is free, no obligation.

(407) 227-2078 Tue–Sat 10am–6pm · Sun 11am–4pm · Mon closed
Find me 2545 Georgia Ave
Sanford, FL 32771
Open in maps →
Prefer email? hello@lindqvistsecurity.com
Usually a reply within a day.

No spam, no list. I read these myself.