Services
Fractional AI Security Officer
AI security leadership for Series B and C companies: without the $415K hire. Three retainer tiers, monthly cadence, EU-based async-first.
OWASP Agentic Top 10 contributor Β· CISSP Β· PhD Β· 15+ years enterprise security
What you actually get
Concrete monthly deliverables. Not advisory hours.
Initial creation, then quarterly updates as your stack evolves.
For any new agent or LLM feature shipped that month.
Answers to AI sections of incoming customer questionnaires. This alone often justifies the retainer.
When you adopt a new model provider, evaluation framework, or AI-adjacent tool.
Security posture summary, risks identified, recommended actions.
Async availability via Slack or email for engineering questions throughout the month.
How it starts
Discovery call (30 minutes)
I learn about your stack, your team, and the AI security questions that have come up so far.
Two-week paid scoping (β¬4,000)
A short paid pilot before retainer commitment. Produces an AI security posture assessment you keep regardless.
Retainer starts
Three-month minimum, then month-to-month with 30-day notice on either side.
Three retainer tiers
Light
8 to 10 hours/month
- Async-only engagement
- Questionnaire support
- Threat model review
- Monthly report
Standard
16 to 20 hours/month
- Async plus 2 calls/month
- AI security policy ownership
- Vendor reviews
- Monthly written report
Full
32 to 40 hours/month
- Acts as part-time AI security lead
- Attends security reviews
- Owns security roadmap
- Full office hours access
Common questions
Yes for ET clients. Workable for PT clients with the right cadence. Most engagements are 80% async anyway.
At your stage, the pool of candidates who can credibly handle agentic systems, MCP, and RAG security is small enough that a search takes six months and lands you a $300K-plus hire. The fractional model gets you started in two weeks at a fraction of the cost.
The fractional engagement transitions cleanly. I help you spec the role, interview candidates, and ramp them up. You don't get stuck.
The Light tier is designed for exactly that. Many engagements stay at Light indefinitely.
The two-week scoping engagement is the entry point. Below that, the format breaks down. Anything less than a structured posture review isn't worth either of our time.
Mutual NDA available before kickoff. Customer security questionnaire responses, internal threat models, and policy documents are obviously confidential and stay that way.
Why this fits
Most AI startups need senior AI security expertise long before they can justify a full-time hire. By Series B, enterprise customers are starting to ask AI security questions in procurement. By Series C, regulators are. Hiring for it takes six months and lands a $300K+ candidate.
I work as the embedded AI security lead for these companies. Async-first, 1 to 2 days a month per client, focused on the work an in-house lead would be doing.
Three months minimum, then month-to-month after.
How the scoping engagement works
The two-week paid scoping engagement (β¬4,000) is the entry point. It produces an AI security posture assessment you keep regardless of whether you continue. Roughly half of skeptics convert to retainer after this.
Why this works with someone in Sweden
Time zones. Sweden afternoon overlaps with US East Coast morning. Workable for one to two scheduled calls per week with ET clients. Pacific Time clients work with the right cadence but full PT-only schedules donβt fit well.
Async-first by design. Roughly 80% of the work is written threat models, policy documents, questionnaire responses, code review comments. Calls are the exception, not the default.
Your engineering team is probably already global. If your engineers are in Lisbon, Tel Aviv, or Bangalore, adding Gothenburg to the mix is the smallest stretch.
Sample artifacts
Sample artifacts (AI security policy excerpt, monthly report excerpt, threat model review example) available on request.
Sounds like a fit?
A short call is usually enough to figure out whether this is what you need and what it would look like.