How AmbiSecure engagements work.
There is no published price list, because the engagements that produce good outcomes are scoped to the problem — not to a tier. Below is how we typically work, what gets delivered at each stage, and which one fits your situation.
The five engagement shapes
Architecture review
A fixed-scope engagement to assess an existing or proposed deployment — identity, transit, IoT, PKI. Output: a written architecture review and a remediation backlog.
Pilot deployment
Stand up a small-scale, production-grade pilot. Real hardware, real users, real validation server. Output: a working pilot you can extend, plus a deployment plan for the wider rollout.
Enterprise rollout support
Long-engagement support across a full rollout. Issuance line, IdP integration, helpdesk training, recovery design, audit. Engineering by us, programme by you.
Integration consulting
Targeted help on a specific integration — FIDO behind CAS, DESFire SAM provisioning, JavaCard applet personalisation, EST-backed IoT lifecycle. Output: working integration plus runbook.
Secure manufacturing consultation
For product manufacturers adding hardware-rooted identity to a connected-device line. SMT-line personalisation, attestation flow, key custody. Output: production-line design + acceptance criteria.
Custom JavaCard development
When standard applets don’t fit. Bespoke applet engineering, GP integration, personalisation script, certification support. Output: a deployed applet under your AIDs.
Which one fits?
| If your current question is… | Start with… |
|---|---|
| "Is what we have working defensible?" | Architecture review |
| "What would a production-grade version of this look like?" | Pilot deployment |
| "We’re going to roll this across the workforce; help us not break it" | Enterprise rollout support |
| "The protocol works in isolation; we need it to work behind X" | Integration consulting |
| "Our new product line needs hardware identity at the SMT line" | Secure manufacturing consultation |
| "Off-the-shelf applets don’t do quite what we need" | Custom JavaCard development |
How the first call works
- You send context. Use the contact form — tell us what you’re trying to deploy, what you’ve already done, and what constraints are non-negotiable.
- We bring engineering to the first call. Not a BDR. The person you talk to has shipped the architecture you’re asking about.
- We propose a shape. One of the five above. If your situation doesn’t fit, we’ll say so.
- Fixed-scope or co-delivered. Fixed-scope work is priced and timeboxed. Co-delivered work is structured around milestone acceptance, not hours billed.
What we do not do
- Pure resale. If your situation is "we just need to buy a hundred FIDO keys", you’ll be happier with a distributor.
- Open-ended retainers without milestones. Engagements have outcomes; retainer billing without outcomes ages badly.
- Compliance-only theatre. If the engagement won’t actually improve the security posture, we’ll say so and not take it.
Ready to talk about scope?
The first call is engineering. The first deliverable is a one-page sketch of your deployment, not a deck. Send us your context.