What 90 Days of a Fractional Security Engagement Actually Looks Like

Most founders who book the intro call have already read three or four of my posts and arrive at the same question: "Okay, but what would the next 90 days actually look like if I hired you?" Here's the answer — a sanitized week-by-week composite of a typical 90-day fractional security engagement, with the real numbers attached.

Not every engagement looks exactly like this. But this is what most pre-Series-A AI engagements look like — same shape, different details. Composited from real work, no specific client.

The starting state: a Series-Seed AI startup, eight engineers, ARR in the low seven figures, two enterprise prospects in pipeline. Both prospects are stuck at the security questionnaire. One explicitly asked for SOC 2 Type I; the other implied it. The founders haven't run a security program before. The CTO has been triaging the questionnaires personally and hates every minute of it.

The ask: get them through both questionnaires within 90 days, run the SOC 2 Type I audit in parallel, and stand up the security work that needs to outlast the engagement.

Week 0 — the scoping call

Thirty minutes. Three questions. What's the named deal blocked behind this work, who internally owns security after I'm gone, and what's the budget envelope. If any of those answers are squishy, we don't sign. Real engagements don't survive ambiguity at the start.

The answers I'm looking for: a specific deal name, a specific internal owner (usually the CTO or a senior engineer who will absorb the role), and a number — a real one, not a range. Founders who can't answer all three aren't ready for fractional work. They're ready for the conversation about what would have to be true before they were.

Pricing gets confirmed on this call too. Standard fractional CISO retainer is $3K/month for 10–15 hours of strategic work. Audit-prep engagements run four months, occasionally six. Deliverables and out-of-scope items go into a one-page scope doc the next day. No surprise overages. No retainer creep.

Weeks 1–2 — discovery and the policy pack

Discovery is short by design. I'm not running a six-week assessment — I'm running a one-week one because I already know what most pre-Series-A AI startups look like and what they're missing. The week is for confirming the gaps, not for finding them.

What gets done in week one: read all the existing security documentation (usually a one-page README and a handful of Notion pages), interview the CTO and the founder for an hour each, walk the production environment with whoever's on-call, and pull the existing controls into a SOC 2 readiness matrix. By the end of week one, the gap list is on paper.

Week two is the policy pack. Acceptable use, access control, data classification, incident response, vendor management, change management, vulnerability management, business continuity. Eight policies, drafted in the company's voice from templates I've been carrying for years, customized to the actual technology stack. The CTO reviews and signs off. We push them into the Vanta or Drata instance the same week.

By end of week two, the company has policy language that holds up to an auditor's read and a written gap list ranked by audit-blocking severity.

Weeks 3–6 — SOC 2 readiness in parallel with the AI security stack

This is the heavy stretch. Two work streams running in parallel.

The SOC 2 stream: implement controls against the gap list, configure the compliance tool to track evidence collection, schedule the auditor (early — the good ones book out four to six weeks), document the technical controls (MFA enforcement, access provisioning, secure SDLC), and start collecting evidence as the controls go live. Most of the engineering team's involvement happens in week three when we configure the access provisioning tooling and again in week five when we wire the production change management process into their existing PR workflow.

The AI security stream: this is where the work that's not in the SOC 2 framework lives. The four-layer AI-native stack — prompt injection defense, agent credential scoping, secrets handling, audit logging — gets stood up in this window. Credential scoping comes first, because that's where the largest blast-radius incidents originate. By end of week four, every agent and every service account has the minimum credential surface needed to do its job. No "admin to be safe" anywhere.

By end of week six, both streams have visible momentum. Vanta or Drata shows green on most of the framework. The AI-native layer has credential scoping done and prompt injection guardrails in design. Both enterprise prospects get an updated security questionnaire response that shows real evidence of the work — and both move forward on their evaluation.

Weeks 7–10 — auditor engagement and the AI-native layers

Weeks seven and eight are auditor fieldwork. The auditor runs interviews with the team, walks the production controls, samples the evidence, and asks the questions that don't have clean answers. My job in this stretch is to be the security executive in the room with the auditor — answering the technical questions, defending the design decisions, and protecting the engineering team from the death-by-questionnaire pattern that kills first-time SOC 2 attempts.

Weeks nine and ten close out the AI-native layers. Secrets handling moves from ad-hoc (env vars and the occasional .env checked into a private branch) to deliberate (Vault or AWS Secrets Manager, automated rotation on the secrets that actually matter). Audit logging gets stood up — every agent action, every privileged service account call, every credential-bearing API request goes to a central log with retention long enough to investigate an incident a month after it happens.

By end of week ten, the auditor's draft report is in review. Both enterprise prospects have what they need. The technical work outlives the engagement.

Weeks 11–12 — report and graduation

Week eleven is the auditor report cycle. Their draft, our review, their final. The Type I report ships at end of week eleven or early week twelve. Both enterprise prospects close their security review within ten business days of the report landing.

Week twelve is the graduation conversation. I always have the same conversation around this point. "You don't need me on the day-to-day anymore. Here's what comes next, and here's when you'd hire someone full-time."

Most engagements either step down to a low-touch advisory retainer — four to six hours per month at $2K/month, mostly for security review questions and the next year's audit prep — or graduate completely. The bad outcome is the one where I'm still the on-call security executive at month nine. That means I haven't built the program right. The internal owner identified in week zero needs to be operational by week twelve, or I've failed the engagement.

What it cost

Total 90-day spend, all in:

• Auditor fee: $15–20K (varies by auditor, scope, and audit-prep tooling)
• SOC 2 tooling (Vanta or Drata, year one): $5–10K
• Fractional CISO retainer: $12K (four months at $3K)
• Internal time: roughly four hours per week of the CTO's attention; less for the engineering team after week three

Total external spend: $32–42K. Inside the $25–45K range I quote in the SOC 2 post, on the higher end because of the AI-native layers added in parallel.

Cost of NOT running this engagement: two enterprise deals that don't close. Pipeline that ages out. The CTO answering security questionnaires personally for the next six months instead of building the product. Easy math.

What actually changed

Two named enterprise deals unblocked. SOC 2 Type I report in hand for the next six prospects. A security program that outlives the engagement: one internal owner, one accountable executive, weekly review cadence, and a roadmap to Type II audit at the next renewal.

Specific operational outcomes: every service account has minimum-viable credentials. Every agent has bounded tool access. Every secret is in a manager with rotation policy. Every privileged action lands in a searchable audit log. None of these existed at week zero.

Cultural outcomes that matter just as much: the CTO knows what to say in a security questionnaire and what to escalate. The engineering team has a security review pattern they can run for new features without me. The founder has a number — a real one — for what compliance costs at the next stage.

When this engagement isn't right

Not every founder should hire a fractional CISO. The wrong fit produces a worse outcome than no fit at all.

Wrong-fit signals:

• The deal blocking on the security review isn't real. ("We think SOC 2 would help us close more enterprise" without a specific named prospect = wrong stage.)
• No internal owner. If nobody on the team will absorb the role at month four, the engagement either extends indefinitely or rolls back inside two quarters.
• Regulated industry that requires a full-time CISO on the org chart for the deals being pursued. Healthcare with PHI, payments, government.
• Security work consistently exceeds 20 hours per week. Past the fractional break-even — full-time is now the right answer. (See the vCISO math post for the graduation criteria.)

If any of those describe you, the conversation we should have isn't about hiring me — it's about what your real next move actually is. I'll say so on the call.

How to get this conversation started

If you're a pre-Series-A AI founder with a named enterprise deal blocked behind security review, the intro call is the right step. Thirty minutes. Three questions. We figure out together whether this engagement shape is the right one for you — and if it isn't, I'll point you at what is.

Engagement model and the next step are here.

Read this next

• vCISO Math for AI Founders — the make-vs-buy argument and the graduation criteria.
• SOC 2 Is a Revenue Tool, Not a Security Tool — the reframing that makes the engagement above worth running.
• How I'd Run Security at an AI-Native Company in 2026 — the four-layer stack the engagement above stands up.