Detailed service unit economics
Per-service pricing bands, delivery resource loading, cost structure and contribution economics across the portfolio.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Identity & Access Management IAM/PAM/IGA/CIAM AND IDENTITY LIFECYCLE AUTOMATION
- ▸Service strategy Identity & Access Management should be packaged as a clear business outcome with
- ▸technical depth behind it. The client should understand what risk is being reduced, what evidence will be
- ▸produced, and what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Identity & Access Management - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Penetration Testing Application, API, cloud, mobile, infra and secure code testing
- ▸Service strategy Penetration Testing should be packaged as a clear business outcome with technical depth
- ▸behind it. The client should understand what risk is being reduced, what evidence will be produced, and what
- ▸decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Penetration Testing - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Red Teaming GOAL-BASED ADVERSARY SIMULATION AND EXECUTIVE-LEVEL PROOF
- ▸Service strategy Red Teaming should be packaged as a clear business outcome with technical depth behind it.
- ▸The client should understand what risk is being reduced, what evidence will be produced, and what decision
- ▸the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Red Teaming - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Purple Team & Detection Engineering COLLABORATIVE EXERCISES AND DETECTION CONTENT
- ▸Service strategy Purple Team & Detection Engineering should be packaged as a clear business outcome with
- ▸technical depth behind it. The client should understand what risk is being reduced, what evidence will be
- ▸produced, and what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Purple Team & Detection Engineering - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
AI Security & Agentic AI Pentesting LLM apps, agents, AI governance and AI attack surface
- ▸Service strategy AI Security & Agentic AI Pentesting should be packaged as a clear business outcome with
- ▸technical depth behind it. The client should understand what risk is being reduced, what evidence will be
- ▸produced, and what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸AI Security & Agentic AI Pentesting - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Cloud Security AWS/AZURE/GCP/KUBERNETES/IAC AND CLOUD IDENTITY
- ▸Service strategy Cloud Security should be packaged as a clear business outcome with technical depth behind
- ▸it. The client should understand what risk is being reduced, what evidence will be produced, and what decision
- ▸the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Cloud Security - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Incident Response & Digital Forensics RETAINERS, RESPONSE, FORENSICS AND LESSONS LEARNED
- ▸Service strategy Incident Response & Digital Forensics should be packaged as a clear business outcome with
- ▸technical depth behind it. The client should understand what risk is being reduced, what evidence will be
- ▸produced, and what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Incident Response & Digital Forensics - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Threat Intelligence CVE, exploitability, OSINT, adversary and sector intelligence
- ▸Service strategy Threat Intelligence should be packaged as a clear business outcome with technical depth
- ▸behind it. The client should understand what risk is being reduced, what evidence will be produced, and what
- ▸decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Threat Intelligence - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
vCISO / Security Program Office FRACTIONAL LEADERSHIP AND SECURITY ROADMAP GOVERNANCE
- ▸Service strategy vCISO / Security Program Office should be packaged as a clear business outcome with
- ▸technical depth behind it. The client should understand what risk is being reduced, what evidence will be
- ▸produced, and what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸vCISO / Security Program Office - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
DevSecOps & Secure Development SDLC, pipelines, code review and developer security
- ▸Service strategy DevSecOps & Secure Development should be packaged as a clear business outcome with
- ▸technical depth behind it. The client should understand what risk is being reduced, what evidence will be
- ▸produced, and what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸DevSecOps & Secure Development - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
OT / Industrial Security INDUSTRIAL CONTROL, SEGMENTATION AND OT RESILIENCE
- ▸Service strategy OT / Industrial Security should be packaged as a clear business outcome with technical depth
- ▸behind it. The client should understand what risk is being reduced, what evidence will be produced, and what
- ▸decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸OT / Industrial Security - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
Compliance & Assurance NIS2, DORA, ISO27001, SOC2, CMMC, PCI, HIPAA readiness
- ▸Service strategy Compliance & Assurance should be packaged as a clear business outcome with technical
- ▸depth behind it. The client should understand what risk is being reduced, what evidence will be produced, and
- ▸what decision the service enables.
OPERATING
DETAIL ELEMENT
Offer Diagnostic / assessment tier; premium enterprise engagement; annual program; recurring architecture managed layer; Portal and intelligence add-on.
Delivery Written scope, explicit authorization, evidence standards, senior QA, legal boundaries governance and client acceptance criteria.
Margin model Standardization and AI-assisted workflows should reduce non-billable reporting time while preserving expert review.
Sales motion Lead with pain and risk; show sample outputs; sell annual assurance or remediation roadmap, not isolated hours.
Renewal Retest, recurring attack surface, identity drift, new cloud workloads, regulatory cycle, trigger board reporting, threat landscape change.
Portal Intake, scoping, evidence, findings, remediation status, retest, executive dashboard, workflow renewal prompts and partner actions.
APPENDIX F - DETAILED SERVICE UNIT ECONOMICS
- ▸Compliance & Assurance - financial control sheet
- ▸Do not discount premium expertise simply to win commodity work.
- ▸Track effective day rate by service, not only total revenue.
- ▸Separate research time from billable delivery so innovation is funded deliberately.
- ▸Review margin leakage monthly: scope creep, reporting time, travel, partner cost and unpaid presales.
- ▸Use lessons learned to update methodology, Portal templates and AI workflows.
- ▸CONTROL AREA TARGET / POLICY
Revenue Project revenue on delivery milestones; recurring revenue monthly; product attach as recognition subscription/license.
Cost drivers Senior expert time, junior analyst time, QA, tooling, cloud/lab infrastructure, travel, sales engineering and partner margin.
Target gross 55-70% for expert projects; 65-80% for mature recurring; 75-90% for software/IP once margin scale is reached.
Utilization 70-78% target for billable delivery roles; lower for research, product and leadership assumption roles.
Quality metric Findings reproducibility, remediation usefulness, executive clarity, client NPS, low rework and zero scope/control incidents.
Automation Reduce report production cycle by 25-45% and evidence organization by 50% without target reducing human accountability.
Cross-sell Every project should identify at least one IAM, cloud, AI, threat-intel, vCISO, logic retainer or Portal expansion opportunity.
G APP
- ▸Intellectual property
- ▸valuation and product
- ▸INJEXION — GLOBAL STRATEGY 2027–2032
G INTELLECTUAL PROPERTY VALUATION AND PRODUCT
- ▸backlog This appendix frames the IP portfolio like an investor diligence pack. Real valuation will require code
- ▸maturity, customer usage, ARR, legal ownership verification, security review and product analytics. The purpose
- ▸here is to identify what must be true for each asset to become financially valuable.
INJEXION · GLOBAL STRATEGY 2027-2032 · COMPREHENSIVE EDITION · CONFIDENTIAL 143