Pricing
A focused review of one production workload
You get an experienced second pair of eyes across architecture, IaC, CI/CD, deployment safety, and security — ending in a prioritized report your team can act on. Fixed scope, fixed fee, independent findings.
Architecture Snapshot
Startups, small teams, pre-launch systems
- One walkthrough, one repo, one CI/CD path
- 60-minute working call
- Top-five recommendations report
- Fixed scope, fixed fee — no surprises
Architecture & Delivery Risk Review
Teams with a working production system that's outgrowing its current setup
- All seven review lenses
- Full evidence review
- Stack / CI/CD / rollback assessment
- 90-minute working call
- 3–6 page prioritized report
- 30/60/90-day roadmap
- Optional findings walkthrough
Architecture Improvement Roadmap
Legacy platforms or a planned cloud migration
- Multiple services in scope
- Current + target state architecture
- IaC platform structure review
- CI/CD maturity assessment
- Migration sequencing
- Multiple working sessions
Prices in USD, excluding applicable taxes. 50% deposit on booking; balance due on report delivery.
What every review looks at
The full Review examines your service through seven lenses. Each finding comes with severity, an action window, the evidence behind it, and concrete acceptance criteria.
System purpose & architecture
Does the design fit what the service actually has to do?
Stack & ownership boundaries
Are infrastructure boundaries clear, safe, and maintainable?
Repository & IaC structure
Can an engineer understand and change the system without tribal knowledge?
CI/CD & supply-chain controls
Can a change move from commit to production safely and repeatably?
Deployment & recovery risk
Can you deploy, validate, roll back, and recover predictably?
Operational readiness
Can you detect, diagnose, and recover from real failures?
Security & access posture
Are there security misconfigurations evident from the evidence reviewed?
What's not included
So expectations are clear from the start, a review is not:
- A penetration test, threat model, or formal security assessment
- A compliance audit or certification (SOC 2, ISO 27001, PCI DSS)
- A full source-code or dependency security audit
- A cost-optimization engagement (I'll flag obvious red flags, but that's a separate offer)
- Implementation or remediation work (available separately)
- Incident response or legal advice
Findings are prioritized on risk to you, independent of who implements them. If you'd like me to do the implementation or take on broader work, see services.
Common questions
Why is the Review a range and not a single number?
Because the work scales with complexity. After a short intake I confirm a fixed fee for your specific system, so you know the number before you commit.
Do you need our production access or secrets?
No. The review works from read-only repository access or a redacted snapshot, plus CI/CD definitions and walkthroughs. I never request secrets, private keys, customer data, full state files, or unrestricted cloud credentials.
What if we have more than one service?
The Snapshot and Review cover one workload. Multiple services point to the Roadmap tier, which I'll scope for you.
Will you fix the issues you find?
Implementation is a separate engagement. The review's job is to tell you what matters most and why — whether I or your team implements it is your call and doesn't affect the findings.
What if the review finds nothing serious?
You still get a documented, independent risk position, the things you're doing well, and a roadmap — which is valuable for planning and for stakeholders.
Which cloud do you cover?
AWS by default (with OpenTofu / Terraform / Terragrunt). Other platforms can be scoped as a custom engagement.
Ready to find your biggest delivery risks?
The fastest start is a Snapshot — one call, one report, the top five things to fix.