What makes DeepDream different from an MSP or a typical consultant?
No retainers. No fluff. No outsourced busywork. DeepDream delivers fixed-fee services with real insights, fast turnaround, and zero filler. You get clarity and action, not confusion and overhead.
Can I book a single service or do I need a full package?
Every offering is standalone and clearly priced. Pick exactly what you need — whether it is just a Snapshot, a Policy Pack, or something in between.
Do you help with frameworks like HIPAA or FTC Safeguards?
Yes. We offer Compliance Gap Reports tailored for HIPAA, FTC Safeguards Rule, and NIST. Each report maps your posture, identifies gaps, and gives audit-ready deliverables.
How do I know which service is right for me?
Start with the Security Risk Snapshot. It is our most popular entry point and gives instant visibility into what attackers can see and what to fix first.
Do your assessments include penetration testing or scans?
We do not run full pen tests. We simulate attacker recon using tools like Shodan, Nmap, and passive DNS — focused on what matters, not noisy reports.
Is DeepDream just one person or a full team?
DeepDream is founder-led. You work directly with an experienced security engineer — no sales layers or junior handoffs.
What kinds of businesses do you usually work with?
Growing companies without a dedicated security team — startups, agencies, solo founders, and private practices with 5 to 100 employees. Local to Cincinnati and remote.
Do you support Electronic Health Record (EHR) systems?
No. We avoid EHR-specific work to steer clear of conflicts. We do not assess EHR platforms or provide services tied to them. If unsure, ask before booking.
What makes your Security Risk Snapshot different?
It’s built for speed and clarity — no login required, no vague fluff. We show what an attacker sees and what to fix, in under 48 hours.
Are your policy packs customizable?
Yes. They are not copy-paste templates. We tailor each policy to your org’s risk, size, and stack — and explain what actually matters.
Can I use your reports for insurance or vendor reviews?
Absolutely. Everything is built with audit-readiness in mind. Whether it’s cyber insurance, clients, or regulators — you are covered.
Can I just buy one service?
Yes. Everything we offer is standalone and fixed-scope. No retainer required.
What if I need help after the initial assessment?
Use the Virtual Security Strategist plan for ongoing scans, risk trend tracking, and expert guidance — without a full-time hire.
Do you help with active incidents?
We focus on preparation, not crisis response. We can triage low-severity issues or refer you to trusted IR partners if you are under attack.
What's included in the Ransomware Survival Plan?
We simulate a breach and stress-test your plan, backups, and MFA. You get a breakdown of what will fail — and how to fix it now.
Can you create our Incident Response Plan?
Yes. It’s included in the Policy Pack. You get a tailored IR plan that reflects your environment, not a generic download.
What happens if I’m hit with ransomware or a breach?
We do not offer 24/7 IR, but we build response plans and test your ability to react. Our Survival Plan and IR Reviews prepare you before it is too late.
Do you offer live tabletop exercises?
Not yet. Current IR reviews and ransomware walkthroughs are async and built for small teams. Live options are on the roadmap.
Can you help us create an Incident Response Plan from scratch?
Absolutely. The Policy Pack includes a professionally written IR plan based on your environment and mapped to real-world threats.
Do you support cloud-native environments?
Yes. We review AWS, Azure, and Google Cloud configurations to spot risky exposure — especially issues small teams miss.
What about SaaS tools my team already uses?
We help you vet, secure, and document SaaS tools so they align with your risk posture and compliance needs. Google Workspace, Microsoft 365, Dropbox, and more.
Can you review our cloud setup (like Google Workspace or Microsoft 365)?
Yes. We assess high-impact risks and flag misconfigurations in MFA, access control, and data sharing.
Do you work with AWS, Azure, or other IaaS providers?
Not directly for infrastructure. We focus on lightweight, vendor-agnostic guidance — ideal for startups and lean teams.
How do you assess cloud security if you don’t use agents or internal scans?
We use external recon, public metadata, and logical analysis of your setup to identify exposure and recommend key fixes — no internal access required.
Can we reuse the reports or policies you create for audits or clients?
Absolutely. Deliverables are designed to be shared — internally, with auditors, or with clients. Clear language and solid formatting.
Do you offer contracts or legal protections?
Yes. Every engagement has a clear scope, confidentiality, and IP ownership. NDAs are available on request.