Cloud & Cybersecurity Consulting

Security that actually
fits your environment.

HIPAA-aligned, cloud-native security programs for healthcare, legal, and financial organizations. Built by a practitioner — not a generalist.

Start a Project View Services
6+
Sites Secured
83+
Users Protected
14+
Governance Docs
100%
Cloud-Native
What We Offer

Tiered engagements.
Flat-rate clarity.

No vague retainers. Every engagement is scoped, documented, and delivered against defined outcomes.

Tier 1
IT Foundation
$2,500

Baseline hardening and documentation for organizations getting their security posture off the ground.

  • M365 / Entra ID baseline hardening
  • MFA & Conditional Access deployment
  • Endpoint enrollment (Intune)
  • Security policy documentation
Tier 2
Security Hardening
$5,500

Deep-dive security hardening aligned to CIS benchmarks with full audit-ready documentation.

  • CIS / NIST control mapping
  • Defender for Business configuration
  • Vulnerability assessment (Nessus)
  • Incident response runbooks
Tier 3
Compliance Program
$15,000

Full HIPAA or SOC 2-aligned security program build-out for regulated industries.

  • HIPAA Security Rule gap analysis
  • Full governance library (14+ docs)
  • Risk assessment & remediation plan
  • Audit-ready evidence packaging
Full Stack
Complete Engagement
$30,000

End-to-end security program: infrastructure, compliance, governance, and ongoing support.

  • Everything in Tiers 1–3
  • Multi-site infrastructure management
  • Network security (Meraki / firewall)
  • Ongoing advisory included
Retainer
Monthly Advisory
$1,800 /mo

Continuous security oversight for organizations that need a fractional security engineer.

  • Monthly Secure Score review
  • 4 hrs dedicated support / month
  • Quarterly policy reviews
  • On-call incident response
About

Practitioner-built.
Not consultant-flavored.

Lafontaine Security was founded by a working IT & Cloud Security Engineer with hands-on experience securing HIPAA-regulated, cloud-native environments — not a reseller repackaging vendor tools.

Real architecture decisions. Real documentation. Programs that hold up under audit scrutiny.

Microsoft 365Entra IDIntune Defender for BusinessAzurePurview HIPAANIST CSFCIS Controls KQLCisco MerakiNessus Cisco DuoLog Analytics
$ run assessment --target org --framework hipaa
 
✓ Entra ID baseline — PASS
✓ MFA coverage — 100%
✓ Conditional Access — 12 policies active
⚠ Legacy auth — remediating
✓ Defender for Business — active
✓ Purview DLP — configured
✓ Intune compliance — enforced
 
$ generate report --format audit-ready
 
Report generated: hipaa_assessment_2026.pdf
$
Case Studies

Real work. Real outcomes.

Sanitized engagements from production environments — no fabricated metrics.

Healthcare · Multi-Site
HIPAA Security Program Build-Out

Built a complete HIPAA-aligned security program from scratch for a 6-site diagnostic imaging organization with 83 users across M365 Business Premium.

14-document governance library
7 incident response runbooks
Beazley cyber insurance program completed
Full Defender for Business deployment
Infrastructure · Network Security
Cisco Meraki MX75 Hardening

Hardened Meraki MX75 firewalls across 6 sites with consistent policy, IDS/IPS tuning, and segmentation aligned to HIPAA network controls.

6 sites standardized
IDS/IPS policies tuned
Network segmentation documented
Centralized monitoring configured
Identity · MFA Deployment
Cisco Duo RADIUS MFA Rollout

Deployed Cisco Duo RADIUS MFA for legacy systems outside Entra ID Conditional Access scope, achieving 100% MFA coverage organization-wide.

100% MFA coverage achieved
Legacy system compatibility resolved
Zero user lockout incidents
HIPAA access control satisfied
Get Started

Tell us about your environment.

We'll review your submission and follow up within one business day with a scoping call or proposal.

client_intake_form.init()
// Responses within 1 business day · contact@lafontainesec.dev
✓ Intake received. Expect a response within one business day.