Pricing & Positioning¶
SBK Consulting — Technology Service Partner for Small Businesses and Non-profits
Pricing Documentation Guide¶
Notation System: This document serves dual purposes with clear notation: - [INTERNAL] — Target pricing for internal planning, margins, and sales team guidance - [EXTERNAL] — Customer-facing "Starting at" language for proposals, website, and sales conversations - [BENCHMARK] — Industry competitive data with source links for positioning validation
Market Positioning¶
Core Positioning Statement¶
SBK Consulting is a vendor-neutral technology service partner for small and medium businesses (10-500 employees) that need strategic IT guidance and security expertise without the conflicts of interest inherent in traditional MSP and VAR relationships.
Positioning Framework¶
┌─────────────────────────────────────────────────────────────────────┐
│ POSITIONING HIERARCHY │
├─────────────────────────────────────────────────────────────────────┤
│ │
│ PRIMARY: "Technology Service Partner" │
│ Not a vendor. Not a salesperson. Your partner. │
│ │
│ DIFFERENTIATOR: "Vendor-Neutral Since 2010" │
│ Zero reselling. Zero commissions. Zero kickbacks. │
│ │
│ PROOF POINTS: │
│ • 100+ years combined IT expertise │
│ • 100% US-based certified team │
│ • 24/7 support availability │
│ • Family-run business accountability │
│ │
└─────────────────────────────────────────────────────────────────────┘
Key Messages¶
| Audience | Primary Message |
|---|---|
| All | "Is your IT advisor on your payroll? Or your vendor's?" |
| CFO/Finance | "Your IT budget has 30-40% waste. We find it." |
| IT Directors | "Stop fighting vendor-driven recommendations." |
| Business Owners | "Stop getting sold to. Start getting honest advice." |
| Compliance Officers | "Pass audits first try. Zero vendor conflicts." |
Competitive Differentiation¶
| Factor | Traditional MSP/VAR | SBK Consulting |
|---|---|---|
| Revenue Model | Product markup + services | Advisory services only |
| Vendor Relationships | Commission-based partnerships | Zero vendor partnerships |
| Recommendations | Influenced by margins | Client-interest only |
| Pricing Transparency | Often opaque | Fully transparent |
| Conflict of Interest | Inherent | None |
Service Pricing¶
Note: All pricing reflects NYC metropolitan market rates. [EXTERNAL] pricing uses "Starting at" language for flexibility. [INTERNAL] pricing represents target rates for margin planning.
Service Pillars Overview¶
| Pillar | Focus Area | Pricing Model |
|---|---|---|
| Protect | Security & Compliance | Project + Retainer |
| Plan | Strategic Advisory | Project + Retainer |
| Operate | Managed Services | Monthly Retainer |
| Innovate | Digital Transformation | Project-based |
PROTECT Services (Security & Compliance)¶
Compliance Gap Assessments¶
| Framework | [INTERNAL] Target | [EXTERNAL] Sales Language | Timeline | Deliverable |
|---|---|---|---|---|
| HIPAA Gap Assessment | $15,000-$25,000 | Starting at $15,000 | 60-90 days | Gap report + remediation roadmap |
| SOC 2 Type 1 Readiness | $20,000-$35,000 | Starting at $20,000 | 60-90 days | Control assessment + audit prep |
| SOC 2 Type 2 Full Program | $40,000-$75,000 | Starting at $40,000 | 4-6 months | Complete audit readiness |
| ISO 27001 Gap Assessment | $25,000-$40,000 | Starting at $25,000 | 90-120 days | Gap analysis + implementation plan |
| CMMC Level 2 | $75,000-$150,000 | Starting at $75,000 | 12-18 months | Full compliance program |
| PCI DSS Assessment | $20,000-$35,000 | Starting at $20,000 | 60-90 days | Compliance validation |
| NIST CSF Assessment | $18,000-$30,000 | Starting at $18,000 | 60-90 days | Maturity assessment + roadmap |
[BENCHMARK] Industry Pricing: - SOC 2 Type 2 audit costs range $30,000-$100,000+ for SMBs (Secureframe, Drata) - HIPAA compliance first-year costs range $10,000-$50,000+ depending on organization size (HIPAA Journal, Secureframe)
Security Services¶
| Service | [INTERNAL] Target | [EXTERNAL] Sales Language | Per-Metric Option | Timeline | Deliverable |
|---|---|---|---|---|---|
| Risk Assessment | $15,000-$25,000 | Starting at $15,000 | — | 2-4 weeks | Risk register + treatment plan |
| Penetration Testing | $15,000-$50,000 | Starting at $15,000 | — | 1-3 weeks | Findings report + remediation |
| Security Awareness Program | $8,000 setup + $750/mo | Starting at $20/user/year | $20-$60/user/year | Ongoing | Training + phishing simulation |
| Incident Response Retainer | $5,000-$8,000/month | Starting at $5,000/month | $3-$5/device/month | Ongoing | IR support + planning |
| Security Policy Development | $12,000-$20,000 | Starting at $12,000 | — | 4-6 weeks | Complete policy framework |
[BENCHMARK] Industry Pricing: - Security Awareness Training: $10-$60/user/year (KnowBe4, Proofpoint Security Awareness) - Penetration Testing: $4,000-$100,000+ depending on scope (Cobalt, Bugcrowd) - Risk Assessment: $5,000-$15,000 (small), $15,000-$35,000 (mid-market) (ISACA) - Incident Response Retainer: $3-$5/device/year minimum (Sophos MDR)
vCISO Services¶
| Tier | Hours/Month | [INTERNAL] Target | [EXTERNAL] Sales Language | Best For |
|---|---|---|---|---|
| Standard | 10-15 hours | $7,500-$10,000/month | Starting at $7,500/month | 50-150 employees |
| Professional | 20-25 hours | $12,500-$17,500/month | Starting at $12,500/month | 150-300 employees |
| Enterprise | 30+ hours | $18,000-$25,000/month | Starting at $18,000/month | 300-500 employees |
| On-Demand | As needed | $350-$450/hour | Starting at $350/hour | Project-specific |
[BENCHMARK] Industry Pricing: - vCISO services typically range $5,000-$20,000/month depending on engagement depth (Cynomi, BlueRadius vCISO Market Report 2025) - Hourly rates for fractional security executives range $200-$500/hour in major metro markets
PLAN Services (Strategic Advisory)¶
vCTO Services¶
| Tier | Hours/Month | [INTERNAL] Target | [EXTERNAL] Sales Language | Best For |
|---|---|---|---|---|
| Standard | 8-12 hours | $6,000-$8,500/month | Starting at $6,000/month | 50-150 employees |
| Professional | 16-20 hours | $10,000-$14,000/month | Starting at $10,000/month | 150-300 employees |
| Enterprise | 24+ hours | $15,000-$22,000/month | Starting at $15,000/month | 300-500 employees |
| On-Demand | As needed | $275-$375/hour | Starting at $275/hour | Project-specific |
[BENCHMARK] Industry Pricing: - Fractional CTO services typically range $5,000-$15,000/month for SMBs (Toptal, MarkiTech vCTO Report) - Hourly rates for fractional technology executives range $250-$500/hour in major metro markets
Strategic Projects¶
| Service | [INTERNAL] Target | [EXTERNAL] Sales Language | Timeline | Deliverable |
|---|---|---|---|---|
| IT Strategy Development | $18,000-$30,000 | Starting at $18,000 | 4-6 weeks | 3-year strategic roadmap |
| Technology Roadmapping | $15,000-$25,000 | Starting at $15,000 | 3-4 weeks | Technology roadmap + budget |
| IT Budget Optimization | $10,000-$18,000 | Starting at $10,000 | 2-3 weeks | Cost reduction plan (typical 20-35% savings identified) |
| Vendor Selection | $12,000-$20,000 | Starting at $12,000 | 2-4 weeks | RFP + evaluation + recommendation |
| M&A Technology Due Diligence | $20,000-$40,000 | Starting at $20,000 | 2-4 weeks | Risk assessment + integration plan |
[BENCHMARK] Industry Pricing: - IT Strategy Consulting: $150-$350/hour, $5,000-$15,000 for assessments (CIO.com) - Vendor Selection Projects: $10,000-$30,000 typical for SMB (Gartner)
OPERATE Services (Managed Services)¶
Managed Security¶
| Service | [INTERNAL] Target | [EXTERNAL] Sales Language | Per-Metric Option | Scope |
|---|---|---|---|---|
| Security Monitoring (SIEM) | $3,500-$7,500/month | Starting at $3,500/month | $30-$50/endpoint/month | 24/7 monitoring, alerting, response |
| Endpoint Protection Management | $20-$35/endpoint/month | Starting at $20/endpoint/month | — | EDR management + response |
| Vulnerability Management | $2,500-$5,000/month | Starting at $2,500/month | $3-$8/endpoint/month | Scanning + remediation tracking |
[BENCHMARK] Industry Pricing: - Managed SIEM services range $2,000-$7,500/month for SMBs depending on log volume and complexity (Arctic Wolf, Gartner SIEM Market Guide) - Managed SIEM: $5,000-$10,000/month, $30-50/endpoint (Rapid7 InsightIDR) - EDR/MDR services typically range $15-$40/endpoint/month (Forrester MDR Wave 2024) - Managed EDR: $8-$16/agent/month (CrowdStrike Falcon Go), $2.99-$30/endpoint/month (Huntress) - Vulnerability Management: $1,000-$5,000/assessment, $3/endpoint/month ongoing (Tenable.io)
IT Operations Support¶
| Service | [INTERNAL] Target | [EXTERNAL] Sales Language | Per-Metric Option | Scope |
|---|---|---|---|---|
| Help Desk (Tier 1-2) | $100-$175/user/month | Starting at $100/user/month | — | 8x5 or 24/7 support |
| Network Management | $1,000-$2,500/month | Starting at $1,000/month | — | Monitoring + maintenance |
| Cloud Operations | $2,000-$5,000/month | Starting at $2,000/month | — | AWS/Azure/GCP management |
[BENCHMARK] Industry Pricing: - Managed IT services for SMBs typically range $100-$250/user/month in major metro markets (ChannelE2E MSP Pricing Survey 2024) - Help Desk: $100-$200/user/month (Electric, Datto Autotask)
INNOVATE Services (Digital Transformation)¶
| Service | [INTERNAL] Target | [EXTERNAL] Sales Language | Per-Metric Option | Timeline | Deliverable |
|---|---|---|---|---|---|
| Cloud Migration Assessment | $12,000-$20,000 | Starting at $12,000 | — | 2-3 weeks | Migration roadmap + TCO analysis |
| Cloud Migration Execution | $35,000-$150,000 | Starting at $35,000 | — | 2-6 months | Completed migration |
| Process Automation | $20,000-$100,000 | Starting at $20,000 | $5,000-$15,000/bot | 1-3 months | Automated workflows |
| AI/ML Readiness Assessment | $15,000-$35,000 | Starting at $15,000 | — | 3-4 weeks | AI opportunity analysis |
[BENCHMARK] Industry Pricing: - Cloud migration projects for SMBs typically range $25,000-$500,000 depending on complexity (Flexera State of the Cloud Report 2024) - Cloud Migration: $2,000-$5,000/month (small-scale), $100,000+/month (enterprise) (Appinventiv, Mission Cloud) - Process Automation/RPA: $10,000-$250,000 implementation, $150-$250/hour consulting (Prioxis, SmartDev) - RPA per bot: $1,000-$5,000 typical, up to $15,000-$20,000 complex (VIDI Corp) - AI/ML consulting engagements typically start at $10,000-$25,000 for assessment phases (Deloitte AI Institute) - AI Readiness Assessment: $5,000-$25,000 (OrientSoftware, Leanware) - AI Consulting Hourly: $150-$300 (junior), $300-$600+ (senior) (Nicola Lazzari)
Pricing Philosophy¶
Core Principles¶
- Transparency: All pricing clearly communicated upfront
- Value-Based: Pricing reflects value delivered, not hours consumed
- No Hidden Costs: No product markups, commissions, or kickbacks
- Flexibility: Adaptable to client needs and budget constraints
- Per-Client Terms: Payment terms negotiated individually
Pricing Models¶
| Model | Use Case | Structure |
|---|---|---|
| Fixed Project | Defined scope engagements | Total price for deliverables |
| Monthly Retainer | Ongoing advisory (vCTO/vCISO) | Fixed monthly investment |
| Time & Materials | Variable scope projects | Hourly rate + expenses |
| Hybrid | Complex engagements | Base retainer + project fees |
| Per-Metric | Scalable services | Per-user, per-endpoint, per-device |
Rate Card¶
| Role | [INTERNAL] Target Rate | [EXTERNAL] Sales Language |
|---|---|---|
| Senior Consultant / vCTO / vCISO | $350-$450/hour | Starting at $350/hour |
| Consultant | $275-$350/hour | Starting at $275/hour |
| Analyst | $200-$275/hour | Starting at $200/hour |
| Project Coordination | $150-$200/hour | Starting at $150/hour |
[BENCHMARK] Industry Pricing: - Senior IT consultants in NYC metro command $300-$500/hour (Glassdoor IT Consulting Rates 2024) - Big 4 consulting rates range $400-$700/hour for senior resources (Consultancy.org Rate Benchmarks)
Target Market Segments¶
Primary: Small & Medium Business (SMB)¶
| Segment | Employee Count | Typical IT Staff | Annual IT Budget |
|---|---|---|---|
| Small Business | 10-50 | 0-1 | $50K-$200K |
| Lower Mid-Market | 50-150 | 1-3 | $200K-$750K |
| Upper Mid-Market | 150-500 | 3-10 | $750K-$2.5M |
Industry Focus¶
| Industry | Compliance Drivers | Primary Services |
|---|---|---|
| Healthcare | HIPAA, HITECH | Compliance, vCISO, Security |
| Professional Services | Client confidentiality, SOC 2 | vCTO, Security, Strategy |
| Financial Services | GLBA, SOC 2, SEC | Compliance, vCISO, Risk |
| Manufacturing | CMMC, NIST 800-171 | Compliance, OT Security |
| Non-profit | Grant requirements, donor trust | vCTO, Cost Optimization |
| Legal | Bar requirements, client confidentiality | vCTO, Security, Compliance |
Value Propositions by Buyer¶
CFO / Finance Decision Maker¶
Primary Value: Cost optimization and risk reduction
| Value Point | Quantified Benefit |
|---|---|
| Budget Optimization | 20-35% waste identification |
| Vendor Cost Reduction | 15-25% through negotiation |
| Risk Mitigation | Avoid $50K-$500K breach costs |
| Audit Efficiency | First-time pass saves $20K+ in remediation |
Proof Points: - "Your IT budget has 30-40% waste." - "We don't sell products, so our advice is actually in your interest."
IT Director / Manager¶
Primary Value: Expert backup and strategic support
| Value Point | Benefit |
|---|---|
| Expert Resource | Access to senior expertise on-demand |
| Vendor Management | Objective evaluations without sales pressure |
| Strategic Planning | Roadmaps that align with business goals |
| Compliance Support | Expert guidance for audits and frameworks |
Proof Points: - "Stop fighting vendor-driven recommendations." - "100+ years combined expertise without products to sell."
Business Owner / CEO¶
Primary Value: Trusted technology guidance
| Value Point | Benefit |
|---|---|
| Decision Confidence | Technology decisions you can trust |
| Cost Control | No surprises, no hidden markups |
| Risk Protection | Security expertise without the BS |
| Business Alignment | IT that serves business goals |
Proof Points: - "Is your IT advisor on your payroll? Or your vendor's?" - "Family-run since 2010. Zero vendor conflicts. Ever."
Compliance Officer / Risk Manager¶
Primary Value: Audit readiness and risk management
| Value Point | Benefit |
|---|---|
| First-Time Pass | 90%+ audit pass rate |
| Evidence Management | Organized, audit-ready documentation |
| Continuous Compliance | Ongoing monitoring and maintenance |
| Framework Expertise | Deep knowledge across 35+ frameworks |
Proof Points: - "Pass audits first try." - "Compliance guidance without upselling products."
Engagement Entry Points¶
Discovery Offers¶
| Offer | [INTERNAL] Target | [EXTERNAL] Sales Language | Deliverable | Conversion Target |
|---|---|---|---|---|
| IT Health Check | $1,500-$3,500 | Starting at $1,500 | Assessment report + recommendations | vCTO/vCISO retainer |
| Security Posture Review | $2,500-$5,000 | Starting at $2,500 | Risk overview + priority actions | Security services |
| Cost Optimization Scan | $1,500-$3,500 | Starting at $1,500 | Waste identification + savings plan | Budget engagement |
| Compliance Readiness Check | $2,500-$5,000 | Starting at $2,500 | Gap summary + roadmap | Full assessment |
[BENCHMARK] Discovery Offer Pricing: - IT Health Assessments: $1,000-$5,000 for basic assessments, often offered free as lead generation by MSPs (Xperts Unlimited, VC3) - Security Posture/Vulnerability Assessments: $1,000-$5,000 basic, $12,000-$15,000+ comprehensive for up to 200 users (Qualysec, KR Group, Network Assured) - IT Consulting Rates: $100-$350/hour general, $150-$300/hour in NYC/major metros (Sigma Solve, TATEEDA, Corsica Tech) - SOC 2/HIPAA Readiness Assessments: $5,000-$25,000 consultant-led, typically $10,000-$17,000 (Secureframe, Sprinto, Drata, Thoropass)
Note: Discovery offers are designed as low-barrier entry points that demonstrate value and typically convert to larger engagements at 40%+ rate. SBK pricing targets small business accessibility while maintaining professional margins.
Packaging Strategy¶
Good-Better-Best Framework:
| Tier | Description | Price Point |
|---|---|---|
| Essential | Core service, standard scope | Entry level |
| Professional | Enhanced service, expanded scope | Mid-market |
| Enterprise | Comprehensive, customized | Premium |
Competitive Positioning¶
Market Landscape (Northeast)¶
| Competitor Type | Typical Approach | SBK Differentiation |
|---|---|---|
| Regional MSPs | Product-first, service-second | Advisory-first, vendor-neutral |
| Big 4 Consulting | Enterprise focus, high rates | SMB focus, accessible pricing |
| Solo Consultants | Limited capacity, narrow expertise | Full team, broad expertise |
| National MSPs | Cookie-cutter solutions | Customized to each client |
Win Themes¶
- vs. MSPs: "We're your advisor, not your vendor."
- vs. Big 4: "Enterprise expertise at SMB pricing."
- vs. Solo Consultants: "Full team depth without the overhead."
- vs. DIY: "Stop Googling your compliance requirements."
Related Documents¶
Last Updated: January 2025 Version: 2.0