01
Audit & Compliance
Navigate compliance from readiness through certification.
SOC 2 Type I & IIISO 27001:2022HIPAAGDPRPCI-DSS v4.0DPDPACERT-InRBI Cyber Framework
Engage Trust & transparency
Security practices.
We are a security company. We hold ourselves to the same standard we hold our clients. This page documents how we secure our platform, your data, and our own operations — and the engagements we run for teams that need the same posture.
§ 01 · Engagements
vCISO, VAPT, and the long game.
Five practitioner-led engagement shapes. Start with a gap analysis. End with attestation, a clean pen test report, and a security leader who has read every runbook you own.
02
vCISO Services
Strategic security leadership on demand.
Security StrategyRisk ManagementBoard Reporting
Engage 03
VAPT / Penetration Testing
Find vulnerabilities before attackers do. Critical findings receive same-day escalation with remediation guidance.
Web AppAPIMobileNetworkCloudRed Team
Engage 04
Endpoint Security
Deploy and manage advanced endpoint protection. Vendor-neutral: we evaluate and recommend based on your environment and budget.
EDR/XDREPPDefenderOpen-Source OptionsManaged Detection
Engage 05
Security Architecture
Security architecture design and implementation scoped to your environment, compliance requirements, and budget.
Zero TrustSIEMSOARSecurity AutomationSplunkElasticDatadog
Engage § 02 · Investment
Transparent pricing. No retainer minimums we hide.
Everything below is the actual starting price. Scope shapes the number. We'll tell you before we bill you.
vCISO Services
/mo₹1,50,000/mo
Strategic security leadership, risk management, and board-level reporting on demand.
VAPT / Pen Testing
/projectFrom ₹3,00,000
Web, API, mobile, network, and cloud penetration testing with same-day critical escalation.
Compliance Advisory
/projectFrom ₹4,50,000
End-to-end compliance readiness through certification — SOC 2, ISO 27001, HIPAA, and more.
Security Architecture
/projectFrom ₹5,00,000
Zero Trust design, SIEM/SOAR implementation, and security automation for your environment.
AI Security Assessment
/projectFrom ₹4,00,000
LLM threat assessment, prompt injection testing, RAG pipeline security, and AI governance review.
Incident Response
/hr₹15,000/hr
Emergency incident containment, forensics, and recovery with 24/7 availability.
§ 03 · AI security
Secured from the first prompt.
EU AI Act enforcement began August 2025 with full obligations phased through 2026. We run LLM threat assessments, prompt-injection defence, and AI governance for teams shipping production AI.
AI Security
Protect your AI/ML stack from adversarial attacks, RAG pipelines, and model supply chains.
LLM Threat AssessmentPrompt InjectionAI Red TeamingModel Supply ChainRAG Pipeline SecurityLLM GuardLakeraPrompt Armor
AI Compliance & Ethics
Navigate AI regulation and governance frameworks. EU AI Act enforcement began Aug 2025 with full obligations phased through 2026. Bias assessments use industry-standard methodologies with clearly defined scope and limitations.
EU AI ActNIST AI RMFAlgorithmic AssessmentAI Governance
§ 04 · Posture
How we run our own platform.
AWS ap-south-1. IaC-provisioned. AES-256 at rest. TLS 1.3 in transit. RLS-isolated tenants. WORM-stored evidence.
Cloud provider
AWS ap-south-1 (Mumbai). All infra provisioned via IaC with no manual console changes in production.
Encryption at rest
AES-256 for all stored data — database volumes, S3 buckets, backups.
Encryption in transit
TLS 1.3 enforced for all endpoints. TLS 1.0 and 1.1 disabled. HSTS with 1-year max-age.
Row-level security
Every table carries a tenant ID. RLS policies make cross-tenant reads structurally impossible.
Per-tenant KMS
Evidence artefacts are encrypted with per-tenant KMS keys. One tenant's breach cannot decrypt another.
WORM evidence vault
Evidence is written once, read many — hashed, timestamped, and immutable for the audit window.
§ 05 · Disclosure
Responsible disclosure.
If you believe you've found a security issue, please email us first. We triage inside 24 hours and target a fix SLA based on severity. We will credit the reporter publicly if desired.
Email first. We triage inside 24 hours, target a fix SLA based on severity, and will credit the reporter publicly if desired. We do not pursue legal action against researchers acting in good faith.
security@blackfyre.techPGP: 0x4B2A F8D1 · keys.openpgp.org
● CriticalSLA · 24h
● HighSLA · 72h
● MediumSLA · 14d
● LowSLA · 30d
§ Start
Bring your hardest security problem.
A 30-minute call. We'll scope the engagement, name the practitioner, and ship a signed SOW the same day.