Blue Oak Cyber
Strong Security for Growing Businesses
Safe today.
Strong tomorrow.
Our Services
Phishing Resilience Testing
Test your team before the attackers do.
What You Get:
A fully managed, real-world phishing campaign customized for your organization - 50 email addresses or less
Reporting on who clicked, who reported, and who fell for the test
Actionable insights and next steps to improve awareness
Why It Matters:
Human error is still the #1 cause of data breaches.
A single click could cost your business thousands - or worse, your reputation.
Our phishing simulations teach your team what real attacks look like, without real-world consequences.
Starting at:
$499 per campaign
Cyber Hygiene Quick Audit
Find potential vulnerabilities early
What You Get:
Light cybersecurity assessment based on industry best practices
Review of basic network, device, and account security settings
Identification of common misconfigurations and missing safeguards
Clear, prioritized action plan you can implement immediately
Why It Matters:
It’s not enough for technology to be "running fine."
Most breaches happen through small, easily preventable issues - weak passwords, missing updates, misconfigured access.
We help you catch them early, when they’re cheap and easy to fix.
Starting at:
$699 per audit
Cybersecurity Readiness Package
Your roadmap to sustainable security.
What You Get:
Everything included in Phishing Resilience Testing and Cyber Hygiene Audit
A customized 90-day cybersecurity improvement roadmap
Security policy templates for employees (e.g., password policies, acceptable use)
Optional follow-up consultation after 30 days
Why It Matters:
If your business is growing, you're becoming a bigger target - even if you don’t realize it yet.
We give you an actionable, non-overwhelming roadmap to build security into your business early - not scramble after it’s too late.
Starting at:
$1,199 for the complete package
Implementation of recommended improvements is not included in audit pricing but can be quoted separately if desired.
Ready to take the first step toward real cybersecurity?
No fear tactics. No fluff. Just affordable, practical security solutions for small business owners.
Pricing:
Phishing Resilience Testing
What’s Included:
1 fully managed phishing simulation campaign
Click/open/fail reporting
Executive summary + optional 30-minute debrief
Investment:
$499 per campaign
Ideal for teams of up to 50 users. Custom quotes available for larger organizations.
Cyber Hygiene Quick Audit
What’s Included:
Light audit based on CIS Controls best practices
Review of password hygiene, access controls, endpoint security, and patching
Prioritized improvement plan
1-hour review consultation
Investment:
$699 per audit
Designed for businesses with up to 30 employees and one primary office network. Multi-location or cloud-heavy environments may require custom pricing.
Small Business Cybersecurity Readiness Package
What’s Included:
All services in both packages above
Customized 90-day cybersecurity improvement roadmap
Starter policy templates (password, device use, incident response)
Optional 30-day follow-up check-in
Investment:
$1,199 complete package
Best for growing companies with 10–50 employees. Includes assessment of one primary office environment plus up to two critical cloud systems.
Ready to take the next step?
Schedule a free consultation and find out which package fits your business best.
No pressure. No sales pitch. No commitment. Just clarity.
Add-On Services (Optional Upgrades)
Available to clients after a core engagement.
Quarterly phishing tests
Cybersecurity awareness training (email-based, LMS-ready)
Incident response playbook creation
Cybersecurity policy creation & rollout
Vendor/supplier risk evaluation
Custom pricing based on scope.
FAQs
What if we have more than 50 employees?
No problem!
Our standard packages are designed for small and midsize businesses, but we routinely work with larger teams as well.
If you have more than 50 employees, we can provide a custom quote based on your size, complexity, and needs.
Reach out to us for a personalized consultation.
Do you work with businesses that have multiple office locations?
Yes — but multi-location setups typically require a custom assessment.
Our Quick Audit and Readiness Package pricing assumes one primary office location.
For businesses with multiple sites, we offer add-on assessments or bundled packages based on scope.
Contact us to discuss your setup.
What if we already have an IT support provider?
That’s great!
We’re not here to replace your IT team — we complement them by focusing specifically on cybersecurity risks that IT support teams sometimes miss (like phishing resilience, user access risks, or policy gaps).
We’re happy to work alongside your existing providers.
Can we purchase individual services instead of a full package?
Absolutely.
You can engage us for just Phishing Resilience Testing, just a Cyber Hygiene Audit, or the full Readiness Package — whatever fits your current needs.
We believe cybersecurity should be scalable as your business grows.
Are there any ongoing monthly fees?
No.
Our standard services are fixed-price, one-time engagements.
You only pay for what you need — when you need it.
(If you're interested in ongoing security support, we offer flexible quarterly retesting and advisory services by custom quote.)
Do you work with businesses outside the United States?
At this time, we serve U.S.-based businesses only.
We are unable to engage with companies that:
Operate offshore offices or international branches
Handle personal data subject to international regulations like GDPR, LGPD, or similar
Are governed under GLBA (Gramm-Leach-Bliley Act) financial privacy rules
Our focus is on helping domestic U.S. businesses grow safely and compliantly.
If you're unsure whether you qualify, contact us — we're happy to clarify!
Does the person booking a consultation or service need to have authority to purchase services?
Yes.
We ask that anyone scheduling consultations or purchasing services from Blue Oak Cyber has the authority to enter into agreements and financial commitments on behalf of their organization.
If you're unsure whether you have the appropriate authority, we recommend involving your company owner, CFO, or other decision-maker before proceeding.
Do you work with businesses subject to SOX (Sarbanes-Oxley) compliance?
At this time, we do not offer services designed for publicly traded companies or companies regulated under SOX.
We specialize in helping privately held, U.S.-based small and midsize businesses that are not under GLBA, GDPR, LGPD, SOX, or similar regulatory frameworks.
If you're unsure whether your company falls under these regulations, please contact us — we're happy to help clarify.
Do your services guarantee that my business will be completely secure?
While our services are designed to greatly reduce your cybersecurity risks, no service or technology can guarantee 100% security against every possible threat.
Our goal is to help you build stronger defenses, smarter practices, and more resilient systems to greatly lower your risk of incidents.
What happens if the scope of my project changes after we start?
We work hard to provide clear pricing and scope before beginning any engagement.
If your business situation changes significantly (such as adding more locations, users, systems, or discovering unknown risks),
We’ll discuss a fair and transparent adjustment to your service scope and pricing.
We’re flexible — but we believe clear expectations help everyone succeed.
Do you work with healthcare providers or businesses subject to HIPAA?
Currently, Blue Oak Cyber does not offer services specifically designed for HIPAA-regulated environments. If your business handles Protected Health Information (PHI), please contact us to discuss suitability.