Theme
ghost — bho-security(1)

Security Assessments and Advisory

baudhausops@remote:~$ bho --service security

NAME

bho-security — manual security assessment, hardening, and advisory for networks and applications

SYNOPSIS

bho-security --type <assessment-type> --target <scope>

bho-security --type vciso --retainer monthly

DESCRIPTION

Practitioner-led assessments with manual validation throughout. Findings are translated into prioritized remediation plans your team can execute under operational constraints. This is implementation-oriented security work, not scan-only reporting or compliance theater.

OPTIONS

--type <assessment-type>

network-external External recon, exploitation. Starts at $9,500.
network-internal Lateral movement, privilege escalation. Starts at $9,500.
web-app OWASP Top 10 + business logic. Starts at $9,500.
vciso Program-level advisory. Starts at $3,500/mo.
pricing-policy Published rates are starting points only. Final proposals are itemized and indexed to approved scope.

--methodology

Follows: PTES · OWASP · NIST CSF · CIS Controls · CVSS v3.1
Does not deliver: automated scans, Nessus PDFs, checkbox audits, FUD

REQUIRED

--auth-letter Signed authorization. Engagement begins only after receipt.
--scope Written scope of work. All targets explicit.
--identity Government-issued ID. Mutual verification.
--emergency Contact reachable during active scans.
Review authorization workflow →

DELIVERABLES

Written findings report. Severity matrix (CVSS v3.1). Prioritized remediation roadmap with ownership guidance. You own the report and supporting artifacts.

NOTES

This page uses a man-page format intentionally: concise, scoped, and execution-focused. Security recommendations should be understandable by both technical operators and business stakeholders.

CLIENT FIT

IDEAL CLIENT

Organizations that need real risk reduction, leadership visibility, and remediation discipline beyond scan-only reporting.

PRIMARY OUTCOME

Clear findings hierarchy, prioritized fixes, and decision-ready security posture that supports operations instead of blocking them.

NOT A FIT

Compliance theater, low-effort checkbox reports, or engagements without explicit authority and accountable ownership.

ENGAGE

baudhausops@protonmail.com

PGP fingerprint available on request. Signal by arrangement.

→ REQUEST SCOPE AUTH WORKFLOW → DELIVERY MODEL →
baudhausops@remote:~$