A service ladder, not a menu.
Most clients arrive with something broken or messy. The rescue or cleanup fixes it for a fixed fee and produces the evidence; the evidence becomes an approved change list; and teams that want IT handled going forward take the monthly Outside IT plan, with the cleanup fee credited.
The ladder
Email and Access Rescue
Locked out of Microsoft 365 or Google Workspace, email down or bouncing, or the person who ran IT is gone with the passwords. Fast diagnosis, systems back, admin access properly in the owner's hands.
Systems and Access Cleanup
Fixed-fee cleanup that starts with a read-only audit of users, admins, file access, groups, shared inboxes, connected apps, OAuth grants, contractors, automations, AI tools, and offboarding gaps. The findings report is the foundation for everything below.
Departure Lockdown
Fast-turnaround access sweep after a resignation, firing, contractor dispute, partner exit, or messy departure. Ownership transfers first, removal comes last, everything is logged.
Cleanup Sprint
Implementation of the approved fixes from an audit: remove stale access, restructure groups, reduce admin roles, transfer ownership, clean risky app access, and document the workflow.
Agency Systems and Access Cleanup
The audit-and-sprint path shaped for agencies: client access, contractors, Slack, Google Workspace or Microsoft 365, Shopify, Meta, HubSpot, project tools, and internal operating workflows.
Secure Automation Review
Automations, API keys, OAuth tokens, Zapier, Make, and n8n workflows, AI agents, and connected apps reviewed for ownership, scope, secrets exposure, approval gates, and offboarding risk.
Email and Tenant Migration
Old host to Microsoft 365 or Google Workspace, tenant to tenant, or between platforms. Written cutover plan, old mail preserved, DNS and deliverability set correctly, 30 days of post-move support included.
Outside IT Plan
Your outside IT team, monthly: Workspace or Microsoft 365 run properly, every hire set up and every departure closed out, licenses matched to real people, access reviewed on a schedule, and one named person who answers.
Platform-specific audits
When the problem is confined to one platform, start narrower. Each of these feeds the same cleanup path.
Google Workspace Access & Admin Audit
Users, Super Admins, groups, shared drives, file ownership, and external sharing.
View auditMicrosoft 365 Access & Admin Audit
Users, guests, roles, groups, shared mailboxes, ownership, MFA gaps, and licenses.
View auditSaaS Access Cleanup Audit
Seats, owners, admins, former users, and external collaborators across your SaaS stack.
View auditAI Tool Access & Data Risk Review
AI inventory, connected agents, client data rules, approvals, and offboarding.
View reviewCloud Access & Hygiene Review
IAM, idle resources, budgets, alerts, tagging, and basic account guardrails.
View reviewPartner delivery
Referral, white-label, or subcontract delivery for MSPs, agencies, and fractional CTOs.
View partner optionsAdvanced implementation work
When a cleanup shows the fix is structural, VXSec scopes identity, cloud security, and systems projects as separate engagements. These are the growing edge of the practice, quoted case by case, and always after a cleanup.
Identity projects
Microsoft Entra ID and Google Cloud Identity configuration, SSO and MFA rollouts, and conditional access policies.
Secure baselines
CIS-mapped secure baselines for Google Workspace and Microsoft 365, plus offboarding automation so departures run themselves.
Automation governance
AI agent permission governance, secrets and token management, and secure workflow architecture for automation-heavy teams.
Systems and integration builds
API integrations, data and infrastructure migrations, and internal tooling for teams whose audit surfaces deeper systems work, engineered under the same fixed-scope, approved-changes discipline.
Not sure which rung to start on?
That is what the scope check is for. Fifteen minutes, your systems and team size, and a recommendation with a fixed fee. If VXSec is the wrong fit, you will hear that too.
Book a 15-minute scope check