Small Business Vulnerability Assessment

An authorized, hands-on scan of your network and systems to find the weak spots an attacker would go for — written up in plain English with a fix-it list you can actually act on.

Authorized testing only · Free 15-min scoping call

Call 571-680-5334 Book a Call

A security audit checks whether your setup looks right on paper. A vulnerability assessment goes a step further: I actively scan your network, devices, and internet-facing services the way an attacker would probe them — then I show you exactly what I found and what to do about it. No exploitation, no breaking anything, no scare tactics. Just a clear picture of where you're exposed and a ranked plan to close the gaps.

What's included

External surface scan

Your internet-facing IPs and services — open ports, exposed admin panels, outdated services, weak TLS.

Internal network scan

Authenticated scan of your LAN: unpatched systems, default credentials, risky shares, end-of-life devices.

Wi-Fi & segmentation

Encryption strength, guest/staff separation, rogue devices, and whether a guest can reach your business systems.

Known-vulnerability (CVE) check

Findings cross-referenced to published CVEs so you know what's actually exploitable vs. just noise.

Plain-English findings report

1-page exec summary + technical detail. Every finding ranked by risk × effort, with a recommended fix.

Walkthrough call

We go through the report together so you understand the "why," not just the "what." Questions welcome.

What this is not: This is an assessment, not a full penetration test. I identify and verify vulnerabilities — I do not exploit them, pivot, or attempt to break into systems. If you need adversarial manual pen testing (for a compliance mandate or a cyber-insurance requirement), tell me on the scoping call and I'll point you to a trusted partner. I won't sell you something I can't deliver.

Pricing tiers

Flat fee, scoped by how much there is to scan. Final quote confirmed on the free scoping call.

Solo / 1–3 users

$450

Single site, up to 5 devices, one external IP, home-office or single-office network.

Standard / 4–15 users

$750

Up to 20 devices, office network + Wi-Fi, external surface, basic segmentation review.

Growth / 16–40 users

$1,150

Multiple sites or VLANs, deeper segmentation testing, larger external footprint.

Pairs naturally with the Cybersecurity Audit — the audit reviews your policies and configuration; the assessment actively tests them. See all rates →

Common questions

Is this a penetration test?

No — it's a vulnerability assessment. I find and verify the weak spots; I don't exploit them or try to break in. That's an honest line for where my testing is today. If your insurer or a contract specifically requires a formal pen test, say so and I'll refer you to a partner who does that work.

Do I have to authorize this in writing?

Yes — always, before anything is scanned. Scanning a network without the owner's written permission is illegal, full stop. Before any testing starts you'll sign a short scope-and-authorization form confirming you own (or are authorized to test) the systems, the testing window, and what's off-limits. No signature, no scan.

Will the scan break anything?

The assessment is designed to be safe and non-disruptive — I scan during an agreed window and steer clear of anything fragile we flag during scoping. I don't run exploits. In the rare case a very old device is sensitive to scanning, we note it up front and handle it carefully or skip it.

What access do you need?

For the external scan, just your public IP/domain and written authorization. For the internal scan, a wired or Wi-Fi connection on-site (or a temporary scanner I set up) plus read-level credentials for an authenticated scan, which finds far more than an unauthenticated one.

Will you fix what you find?

Optional. The assessment fee is fixed regardless. If you want me to remediate the findings, that's billed at standard rates or rolled into a managed plan — your call, no pressure.

How long does it take?

Scanning typically runs 1–2 days (mostly hands-off, during the agreed window). The written report and walkthrough call follow within 5 business days.

Not sure where you stand?

Free 15-minute scoping call. We'll figure out what to test and what it'll cost — no pressure, no pitch.

Call 571-680-5334 Book Online

Want to gauge it yourself first? Try the plain-English small-business security self-check.