Services

Every service. Every time.
Delivered by the collective.

Fortify North doesn't assign a single consultant to your problem. Every engagement draws on the knowledge, experience, and parallel analysis of our entire senior roster.

Flagship

Fractional vCISO

C-suite security leadership. Collective intelligence behind it.

Most organizations can't justify a full-time CISO. Fortify North's fractional vCISO service gives you dedicated executive security leadership — and uniquely, that individual is backed by the entire collective. Every strategic decision is stress-tested by peers with different specializations before it reaches your board.

Monthly retainer · $8,000–$18,000/month

Deliverables

  • Security program design and roadmap
  • Board and executive-level reporting
  • Risk register development and management
  • Vendor and third-party risk oversight
  • Regulatory compliance alignment (PIPEDA, SOC 2, ISO 27001)
  • Security budget planning and prioritization
  • Incident command leadership
Architecture

Zero Trust Architecture

Never trust. Always verify. Designed by the collective.

Zero trust isn't a product — it's a philosophy that must be architected across identity, devices, network, and data. Our collective approaches your environment from multiple angles simultaneously: one expert examining identity flows, another assessing network segmentation, another reviewing data access controls.

Project-based · $25,000–$85,000

Deliverables

  • Current-state zero trust maturity assessment
  • Identity-centric architecture design
  • Micro-segmentation planning and implementation
  • Conditional access policy design
  • Privileged access management (PAM) integration
  • Continuous verification monitoring framework
  • Phased implementation roadmap
Critical

Incident Response

When a breach happens, we send the team — not one analyst.

Incident response is where the hive mind advantage is most acute. While a traditional firm dispatches a single on-call analyst, Fortify North mobilizes multiple senior specialists simultaneously: one on containment, one on forensics, one on threat actor attribution, one managing executive communications.

IR Retainer · $30,000–$75,000/year | Active incident: T&M at $350/hr per consultant

Deliverables

  • IR retainer with defined SLA (<4 hour mobilization)
  • Incident triage and severity classification
  • Parallel containment and forensic analysis
  • Threat actor TTPs identification (MITRE ATT&CK mapping)
  • Evidence preservation for legal/regulatory purposes
  • Executive briefings and regulatory notification support
  • Post-incident report and lessons learned
  • Remediation roadmap to close exploited gaps
Identity

Identity & MFA

Credentials are the #1 attack vector. Close it permanently.

Over 80% of breaches involve stolen or weak credentials. Modern identity security goes beyond adding MFA to a login screen — it requires a comprehensive identity architecture. Our specialists assess your entire identity landscape across all directories, applications, and privileged accounts.

Project-based · $15,000–$45,000

Deliverables

  • Identity architecture assessment across all directories
  • Phishing-resistant MFA deployment (FIDO2/WebAuthn)
  • SSO consolidation and federation design
  • Privileged identity management (PIM/PAM)
  • Legacy authentication protocol elimination
  • Identity governance and lifecycle management
  • Conditional access and risk-based authentication
Detection

Endpoint Security

Every device is an entry point. Harden all of them.

Endpoints remain the most common initial access vector for threat actors. Our collective reviews your endpoint estate comprehensively — EDR configuration, OS hardening, patch posture, application control, and detection logic — with multiple specialists examining the same environment from different attacker perspectives.

Project-based · $20,000–$60,000 | Managed retainer available

Deliverables

  • EDR platform selection, deployment, and tuning
  • OS hardening baselines (CIS Benchmarks)
  • Application allowlisting strategy
  • Patch management program assessment
  • Mobile device management (MDM) review
  • Detection rule development and SIEM integration
  • Endpoint telemetry and alerting framework
Perimeter

Network & Perimeter Security

Your perimeter is more porous than you think.

Network security requires simultaneously understanding traffic flows, firewall rule logic, segmentation integrity, and east-west lateral movement paths. We assign multiple specialists to analyze your network architecture in parallel — each examining a different layer — then synthesize findings into a coherent picture your team can act on.

Project-based · $20,000–$65,000

Deliverables

  • Network architecture review and segmentation assessment
  • Firewall rule base analysis and optimization
  • DMZ and perimeter design review
  • East-west lateral movement path mapping
  • IDS/IPS tuning and alert optimization
  • DNS security and filtering controls
  • VPN and remote access security review
  • Network monitoring and anomaly detection framework

Not sure which service fits?

Tell us about your organization and current security posture. We'll recommend the right engagement structure.

Request a Brief