Engagement Models

Best for

• Mobile, web, or API penetration testing where the system is well-understood
• Cloud architecture review with a defined target environment
• GRC readiness assessment against an established framework (ISO 27001, SOC 2, MLPS L2)
• ECU pentest for a known vehicle subsystem
• Single-purpose IoT device assessment with bounded firmware

Deliverable

• Bilingual EN + 中文 report (executive summary + technical findings)
• Per-finding evidence package, CVSS rating, remediation guidance
• 60-day remediation re-check
• Optional knowledge-transfer workshop

Notes

If scope is less clear than assumed at quote time, Fixed Package can constrain the engagement in ways that produce a less useful report. When we sense this risk during scoping, we recommend Scoped Assessment instead.

Best for

• Multi-ECU automotive systems where the in-scope ECU set may change as we learn the architecture
• AI/ML system assessment where the relevant attack surface depends on what we find during early testing
• Multi-cloud or hybrid architecture review where the relevant target set is not fully known at quote time
• Engagements bridging multiple service lines (IoT device + cloud backend + mobile companion app)

Deliverable

• Same as Fixed Package — bilingual report, evidence package, 60-day re-check, optional workshop.

Notes

We define an initial scope and budget envelope and surface scope decisions early — for example, "we have discovered three additional ECUs in the platform that meet the threat criteria; including them adds approximately 15% to the budget; do we include them, defer, or descope something else?" The client decides at each decision point.

Best for

• Pre-product-design threat modeling for a new connected-system category
• Research engagements where the question is "what attack surface exists" rather than "is this system secure"
• Multi-stage work where each stage's scope depends on prior stages' findings (assessment → tool development → operational red team)
• Bespoke advisory work bridging cybersecurity strategy and technical implementation

Deliverable

• Structured per engagement. May include: research reports, threat models, custom tooling, training, advisory documents. Defined in the SOW with milestone-based delivery checkpoints.

Notes

For work with a recognizable name in our standard catalog (“IoT pentest”, “MLPS readiness”), one of the other three models is almost always better. Custom Engagement should not be used to avoid scoping discipline.

Best for

• OEMs and Tier-1 suppliers running ongoing cybersecurity programs (per ISO/SAE 21434 cadence)
• Connected-device manufacturers with continuous release pipelines requiring per-release security gates
• Organizations with recurring research-advisory needs (incident-response readiness, design-review cycles, threat-modeling refresh)
• Compliance-driven organizations needing recurring assessment evidence

Deliverable

• Reserved specialist time per quarter (configured at contract signing)
• Priority access — retainer engagements take scheduling precedence over inbound Fixed Package work
• Quarterly delivery reviews
• Annual cybersecurity-posture summary
• Discounted rate on additional work beyond the retainer envelope

Notes

The 60-day remediation re-check is performed against each retainer-quarter’s findings as a standing commitment, not separately scheduled.