JS Jared Smith Founder & Engineering Leader
Book a call

Consulting

I build and run the security and engineering function — then rent it to founders without the full-time hire.

Fractional engagements for pre-Series-A AI startups: production AI delivery, cloud platform modernization, and the security posture that closes enterprise deals. Scoped around what you actually need, run without overhead.

Director and staff-level work at Lavender, BlockFi, InsideTrack, AAMP Global. Co-founded PopSocial — engineering 1 → 15+.

Available for fractional security & engineering leadership, AI product advisory, and selective consulting.

Book a 30-min intro call View resume

13+

Years shipping software

Founder through director

100K+

Users on live AI products

At Lavender, 2023–2026

$400M+

Fintech customer assets protected

At BlockFi — identity, auth, and fraud

40K+

Telematics devices streaming data

At AAMP Global, on GCP Kubernetes

Engagement Types

Four ways to work together, scoped to your situation.

I co-founded a company and scaled its engineering team from one to fifteen-plus, then ran security and engineering as a director through SOC 2, multi-cloud, and 100K-user AI products. The engagements below are how teams rent that — the judgment of someone who has owned the function, not just advised on it.

Advisory Retainer

Ongoing technical guidance, on call when it matters.

Weekly or bi-weekly sessions covering architecture decisions, hiring, roadmap, and whatever is on fire that week. Best for founders and VPs Eng who need a trusted technical voice without a full-time hire.

Cadence: 4–8 hours/month, month-to-month

Starts at: $3,500/mo

  • Making consequential architecture or vendor decisions
  • Scaling the engineering team and need a hiring bar
  • Need a second opinion before committing to a technical direction

Embedded Engineering

Hands-on delivery inside your team for a fixed period.

I work alongside your engineers on a specific initiative — AI product build, cloud migration, security program — with the depth of a staff+ hire and the flexibility of a contractor. Full code, full reviews, full ownership of the outcome.

Cadence: 20–40 hrs/week, typically 6–16 weeks

Starts at: Scoped per engagement

  • Need to ship something technically complex in a compressed timeline
  • Onboarding a team to a new technology or architecture pattern
  • Backfilling a departing staff or principal engineer

Security Leadership

Security and compliance ownership for AI companies, without the full-time hire.

The security function I built from zero to SOC 2 Type II as a director — SOC 2, HIPAA, and ISO 27001 from design through certification, security architecture, incident response readiness, and the posture that closes enterprise deals — run for your team at a fraction of a full-time hire.

Cadence: 5–10 hours/month minimum

Starts at: $2,500/mo

  • Enterprise prospects are asking for SOC 2 before signing
  • Preparing for a Series A security review
  • Security program built on good intentions rather than documented controls

Technical Assessment

One-time audit of your stack, team, or architecture.

A structured evaluation of your current technical situation — architecture, codebase, infrastructure, team structure — delivered as a written report with a prioritized action plan. Useful before a major investment, acquisition, or strategic pivot.

Cadence: Fixed scope, 1–2 weeks

Starts at: Scoped per engagement

  • Technical due diligence ahead of an M&A or fundraise
  • Need a baseline before a large refactor or replatform
  • Evaluating a proposed architecture before committing headcount

The math

$200–400K full-time, or $2–4K a month fractional.

Pre-Series-A founders ask the same question every intro call: do I need to hire a CISO or VP of Engineering yet? Most of the time, no — not because the work isn't needed, but because the work doesn't yet fill a full-time role. The numbers below are why fractional exists at this stage.

Full-time CISO or VP Eng

$200K – $400K loaded annual cost

  • Director-level base $180K–$280K, plus equity, plus benefits, plus the recruiter fee on the hire
  • 3–6 month time-to-hire for executives at this level
  • Over-leveled for pre-Series-A scope — most months, the work doesn't fill 40 hours

Fractional engagement

$2,500 – $3,500/mo · advisory or security leadership

  • Operator-level judgment on the actual decisions in front of you this month — not theoretical strategy
  • Start within two weeks. Graduate when the work consistently fills a full-time role (graduation criteria are in the FAQ)
  • No equity. No recruiter. No 12-month commitment.

Full argument with the make-vs-buy math is in vCISO Math for AI Founders. The graduation criteria are in the FAQ below.

How it works

From first call to scoped engagement in under a week.

01

Intro call

30 minutes, no prep required

Tell me what you're building, what's breaking, or what decision you're sitting on. I'll tell you honestly whether and how I can help. No pitch, no slides.

02

Written scope

Objectives, deliverables, time commitment

If the intro call points toward an engagement, I'll send a short scope doc within 48 hours. It covers what I'll do, what I won't do, how we'll measure success, and what it costs. No ambiguity, no surprises.

03

Engagement

Hands-on from day one

Retainers start with a structured onboarding session and a running async doc for context and decisions. Embedded work starts with a codebase triage and a shared milestone plan. You get real availability, not calendar roulette.

Common questions

Before you book the call.

What's the difference between a fractional CTO, fractional VP Eng, and fractional CISO?

Three different jobs that get bundled together because the titles all start with the same word. A fractional CTO sets technical direction for the org — what to build, what to buy, where the architecture is going in two years. A fractional VP of Engineering runs delivery and the team — sprint cadence, hiring bar, on-call rotation, the day-to-day of shipping. A fractional CISO owns security and compliance — SOC 2, IAM, incident response, the security questionnaire that just landed. I do VP-of-Engineering and CISO work. CTO work I scope case-by-case, usually as a Technical Assessment rather than an ongoing retainer — the role is high-leverage when it fits and a waste of everyone's money when it doesn't. If you're not sure which one you need, that's the intro call. I'll tell you which it is — or that it's none of these — within 30 minutes.

What does a typical engagement look like?

Most start with a 30-minute intro call, then a short written scope doc covering objectives, deliverables, and time commitment. Advisory retainers run month-to-month with 30 days notice to wind down. Embedded work is milestone-scoped upfront.

What does a fractional CISO actually do?

Weeks 1–2: scope the engagement, inventory the controls you already have, and rank the gaps by audit-blocking severity. Weeks 3–8: build out the missing pieces — IAM, MDM, vulnerability management, the policy pack — and stand up the AI-native security layers most pre-Series-A teams don't have yet (credential scoping, prompt-injection defense, audit logging). Weeks 9–12: documentation, evidence collection, auditor fieldwork, and the security questionnaires that have been sitting in your CTO's inbox. Ongoing after week 12: incident response when something happens, vendor reviews when you sign a new tool, and the next security questionnaire that lands.

What's your typical rate?

For context: a full-time CISO at a pre-Series-A AI company runs $200K–$400K loaded, plus equity, plus a 3–6 month time-to-hire. A security consultant billing hourly runs $250–400/hour with no ongoing ownership. Advisory retainers start at $3,500/month for 4–8 hours. Fractional security leadership starts at $2,500/month. Embedded engineering is scoped at a weekly rate depending on commitment and duration. All engagements are scoped before we start — no surprise overages, no retainer creep. If the work exceeds the scope, we re-scope in writing before I do the work.

When should I switch from a fractional CISO to a full-time hire?

Four signals, any one of which tips the math. (1) Security work is consistently exceeding 20 hours a week — past that, fractional stops being cheaper than full-time. (2) You're post-Series A with a security-conscious customer base and the security executive needs to be on the org chart, not on a contract. (3) The engineering org has crossed roughly 50 engineers and security needs a permanent seat in planning. (4) You're pursuing a regulated deal (FedRAMP, HIPAA at scale, payments) that requires a named full-time executive on the agreement. Most fractional CISO engagements graduate at month 9–14. That's the goal — not the failure mode. If I'm still your on-call security executive at month 18 without one of those four signals firing, I've failed the engagement.

What does the first 30 / 60 / 90 days look like?

Day 30: scope locked, controls inventory complete, the policy pack drafted and signed, one quick win shipped (usually credential scoping for the highest-blast-radius service accounts). Day 60: gap-closure work in flight, evidence collection running in the compliance tool, the first enterprise security questionnaire answered cleanly without the CTO writing it. Day 90: ready for auditor fieldwork or the Series A security review, depending on what triggered the engagement.

Are you available right now?

I maintain a small number of active engagements at a time to ensure real availability. Book the intro call — if I'm fully committed, I'll say so directly and we can plan around it.

Do you work with early-stage companies that can't yet afford a full staff engineer?

Yes. Advisory retainers are specifically designed for this. Six hours of operator-level guidance per month on architecture, hiring decisions, and technical risk is often exactly what a seed-stage team needs before they can justify a full-time hire.

What's included in a fractional engagement, and what's billed separately?

Included: the scoped hours each month, async support over Slack or email during the engagement, every deliverable I produce (scope docs, policies, runbooks, architecture decisions, the written report at the end of an assessment), and an operator's judgment on every escalation that lands during the month. Billed separately or out of scope: penetration-test engagements (referred to specialist partners, not run by me), tooling subscriptions like Vanta, Drata, or SIEM vendors (paid by you directly, since you'll own them after I'm gone), travel for the rare on-site week, and any work past the retainer band. No retainer creep. If the work exceeds the scope, we re-scope in writing before I do the work — never after.

What's the best way to start?

Book the 30-minute intro call. Come with the specific problem you're trying to solve — not a job description, but the actual situation: what's breaking, what you're building, what's blocking you. We'll figure out from there whether and how I can help.

Ready to talk?

Tell me what you're building.

Whether you're staring down a hard technical decision, scaling pains, a security review blocking enterprise deals, or a production system that needs real attention — I'd love to hear about it. Thirty minutes, no agenda required.

Book a 30-min intro call View resume

Or reach me directly: jared@sublimecoding.com LinkedIn