Audit Engagement

Need help closing the findings? We’ll do it.

Fixed-scope network audit remediation. We use the same open-source engine you just ran.

You ran safecadence scan (or one of the web analyzers). You got a hundred findings. Most are valid. A handful are urgent. You don’t have the calendar bandwidth — or the cross-vendor depth — to close them all in the next quarter.

That’s what this page is for. We do the remediation work, on your gear, in your environment, for a fixed fee scoped to the actual report.

Email hello@safecadence.com →

How it works

Step 1. Run the audit yourself. CLI or web analyzer, your choice. pip install safecadence-netrisk.

Step 2. Send us the report (PDF, DOCX, or JSON). We sign a one-page mutual NDA first if you prefer.

Step 3. We come back within 2 business days with a fixed-scope proposal: which findings we close, in what order, by when, for what fee.

Step 4. Sign and we start. All work happens in your environment with your team’s oversight — we don’t take config data offsite unless you explicitly authorize it.

What “fixed-scope” means here: the engagement is priced per finding category, not per hour. If we underestimate, you don’t pay more. If we overestimate, the unused budget is yours. We’ve done enough of these to estimate accurately.

Engagement tiers

Quick-fix sprint

2-week engagement

  • Up to 25 findings closed
  • Single vendor (Cisco, Aruba, etc.)
  • Best for one site / one device class
  • Re-audit included to verify

Multi-vendor cleanup

4–6 week engagement

  • Up to 100 findings closed
  • Multiple vendors, single org
  • EOL/EOS upgrade plan included
  • Hand-off documentation

Compliance gap to clean

6–10 week engagement

  • NIST / CIS / PCI / HIPAA tagged findings
  • Pre-audit posture report
  • Evidence pack for your auditors
  • Re-audit before audit deadline

Outside scope: we don’t sell hardware, we don’t resell licenses, we don’t require a long-term retainer. If we can’t help, we’ll tell you in the first call and refund the kickoff fee.

Why us

  • We built the engine you just ran. We know the rules from the source — not from a vendor’s training video.
  • The tool is and will stay free + MIT — we don’t have a license to upsell. Our only revenue is doing the work.
  • 100% local. We sign NDAs. Your config data doesn’t leave your environment without explicit authorization.

FAQ

Can you run the audit for us if we haven’t?
Yes — same engagement, just add a 1-day discovery + audit phase. We do this onsite or via a screen-shared session, your choice.
Do you work outside the US?
Yes, remote-first. EMEA + APAC clients welcome; we adjust the working window.
What if the findings turn out to be a false positive?
The CLI’s rule library is open source. If we identify a finding as genuinely false-positive during the engagement, we’ll PR a rule fix upstream as part of the work — improves the tool for everyone, including you on the next audit.
Do you sign BAAs / DPAs?
Yes, for healthcare and regulated industries.
Minimum engagement size?
The “Quick-fix sprint” is the floor. If your scope is smaller, we’ll point you at the relevant docs and rules and wish you well — it’ll likely cost more in calls than in fixes.

Email hello@safecadence.com →

Or grab a 30-minute consult slot directly on our calendar (link to whatever calendar tool you use — Calendly, Cal.com, Apple Calendar share, etc.)