Security Consulting

DEFRAG Your Security

Fragmented security fails. DEFRAG reorganises everything โ€” assets, exposure, frameworks, response, automation, governance โ€” into a program that actually works.

See Pricing How It Works

Starting from $1,500 ยท Delivered in a week

Why Most Security Fails

A firewall here. A password manager nobody uses. Compliance docs from a consultant who left. Security doesn't fail because attackers are clever โ€” it fails because security work is disconnected from how businesses actually operate. DEFRAG changes that.

The DEFRAG Methodology

Six pillars. One coherent program. Built around how your business actually operates.

D
Defense

Know what you're protecting

Complete asset inventory. Attack surface mapping. Every server, SaaS tool, API connection โ€” visible and understood before anything else.

E
Exposure

What attackers see right now

External scans, breach databases, credential dumps, shadow IT. We find the things you didn't know were out there โ€” often the highest-impact findings.

F
Frameworks

Meet your obligations

ISO 27001, ISO 42001, SOC 2. Gap analysis, prioritised roadmap, policy templates. Frameworks aren't bureaucracy โ€” they're proof you take security seriously.

R
Response

When something goes wrong

Incident response plan. Scenario playbooks for ransomware, BEC, and data breach. Facilitated tabletop exercise. The businesses that survive practice first.

A
Automation

Stop doing it manually

Close your biggest manual security gaps โ€” patch management, access reviews, log monitoring. For AI-integrated businesses, we audit agent scope, data flows, and trust boundaries.

G
Governance

Accountability that sticks

Risk register. Security metrics. Board-level reporting. Ongoing review cadence. Security that gets better over time โ€” without a crisis to trigger it.

Clear Pricing. No Surprises.

Three tiers. Fixed scope. You know exactly what you're getting.

DEFRAG Scan
Scan
$1,500
One-time ยท Delivered in 1 week

Your security baseline. Know exactly where your gaps are and what to fix first.

  • Full asset inventory workshop
  • External exposure scan (automated + manual)
  • Vulnerability assessment with prioritised findings
  • Credential breach check (company domain)
  • Shadow IT discovery
  • Written findings report (exec summary + technical detail)
  • Prioritised 90-day remediation roadmap
  • 30-minute debrief call
Get Started โ†’
Most Popular
DEFRAG Build
Build
$5,000
One-time ยท 2โ€“3 week engagement

Your security foundation, built to last. A real program โ€” not just a report.

  • Everything in DEFRAG Scan
  • ISO 27001 gap analysis + compliance roadmap
  • Incident response plan + 2 scenario playbooks
  • Facilitated tabletop exercise (2 hours)
  • 5 core security policies (customised)
  • Top 3 automation quick wins โ€” implemented
  • Risk register + governance framework
  • Board-level security reporting template
  • 90-day check-in call
Get Started โ†’
DEFRAG Managed
Managed
$15,000
Per quarter ยท Ongoing

Security that never sleeps. Continuous monitoring, quarterly reporting, IR retainer.

  • Everything in DEFRAG Build (onboarding)
  • Monthly security review meetings
  • Continuous vulnerability monitoring + alerting
  • Ongoing credential and exposure monitoring
  • Managed security metrics dashboard
  • Quarterly board report (written + delivered)
  • Policy and playbook maintenance
  • Annual tabletop exercise
  • IR retainer โ€” guaranteed response SLA
  • AI agent security reviews
  • Ad-hoc guidance and Q&A access
Get Started โ†’

Who This Is For

Three clear tiers for three different situations.

DEFRAG Scan

  • You've never had a formal security assessment
  • Preparing for investor due diligence or enterprise sales
  • You want to know where to spend your security budget
  • Something happened recently and you want to understand your exposure

DEFRAG Build

  • Ready to build a real security program
  • Customers are asking for ISO 27001 or SOC 2 evidence
  • Your team has grown past 10 people
  • You're deploying AI tools and want to do it safely

DEFRAG Managed

  • Security is a board-level conversation
  • You process sensitive customer data or operate in a regulated industry
  • Running AI agents or building AI-integrated products
  • You want security without hiring a full-time CISO

Why lil.business

We're not a 50-person consultancy with a PowerPoint factory. We're practitioners โ€” security engineers who also build software, run AI agents, and know what security looks like inside a fast-moving tech business.

We've built the tools we use. We run the systems we audit. We know the difference between security theatre and security that works.

Ready to DEFRAG?

Email us and we'll walk through the six pillars together โ€” an honest read on where your biggest gaps are, before you've committed to anything.

[email protected]

We read every email. No ticket system, no boilerplate โ€” just a real reply.