The big-business approach that dominates the security industry does not fit medium and small businesses. Most of the “best practices” recommended by the security industry only make sense at huge organizations. More importantly, doing them at small organizations results in almost no increased protection.

We fix that. I founded Simple Salt to provide helpful, credible security advice that does reduce the security risk of small and medium businesses.

Simple Salt advises you in the best ways to prevent internet crime, all at an unbeatable price.


No Tech products

Most security consulting companies get a cut of whatever security tools they convince customers to buy. It takes consultants time to keep current on product features, represent them well, manage contracts, register deals, and listen to product salespeople. We don’t do that. Bonus: you don’t have to worry about getting a garbage product recommendation because it nets us 6 points in margin. We are solely invested in your best interest.

No sales staff

There are no account executives with monthly quotas calling you up every week. Prices are published and the same for everyone. When you want services, you sign up and talk with an analyst.

Not afraid to give you good news

Many consulting companies think that scaring their clients with long lists of bad practices will ensure future business. We do not. If you’re doing great, we don’t spend any extra time coming up with findings to justify ourselves to you. We strive for credible, accurate advice.

No lying to you

Many business consulting projects are for measuring the performance of some inhouse capability at a big company – the security team, for instance. This generates some goofy incentives:

  • The outside consultants want to prove their value to the leaders that hired them, so they need to find lots of bad practices and errors.
  • The team getting reviewed is judged by the consultant report. Favorable conclusions may lead to bigger bonuses, more staff, more budget, and more staff pizza parties. Bad ones lead to cuts, often starting with the person leading the team.

Teams getting assessed argue against any negative conclusions found by the consultants, and the consultants argue for as many negative conclusions as possible.

This last stage can be the most unpredictable and costly for consultants. We avoid these costs by not arguing, and you get the unvarnished truth.

Lean Process

We have developed a proprietary method to quickly and rigorously assess the practical security risk in small and medium businesses. You benefit from that focus: we are able to offer the Checkup service with the same rigor and quality as similar security advisory services at a substantially lower cost.

- Dylan Evans CISSP, PMP

Founder, Simple Salt