About

Managed security for small organizations that can't afford to get it wrong.

Secure Origin helps teams with sensitive data protect endpoints, reduce exposure, test security, and operate private infrastructure. Nonprofits, NGOs, and newsrooms are part of our experience, not the limit of who we serve.


Our philosophy

Operator-led security with clear scope

Validation-first security

We prove controls through penetration testing, adversary emulation, detection review, restore checks, and operational evidence. If we cannot demonstrate it, we do not claim it.

Two security paths plus infrastructure

Managed Security provides an ongoing baseline for endpoints, email, identity, alert triage, and reporting. Security Testing validates applications, cloud, identity, exposed services, and detection paths. Private Infrastructure supports hardened systems that need more control.

Small-team focused

We serve clinics, law firms, professional services firms, SaaS teams, nonprofits, newsrooms, NGOs, legal aid teams, and privacy-first teams where a breach or outage creates real stakeholder risk.

Direct and transparent

No account managers and no unnecessary layers. You work directly with a senior security engineer, and deliverables, responsibilities, timeline, assumptions, and price are explicit before work begins.


Meet your consultant

Rafael Gutierrez

Rafael Gutierrez
Founder & principal consultant

Rafael founded Secure Origin to give small organizations access to serious cybersecurity through clear packages, practical delivery, and direct senior engineering judgment.

His background spans security architecture, detection engineering, adversary emulation, and infrastructure operations. That combination shapes the service model: protect critical systems, test what matters, build secure foundations, and keep reporting close to the systems it describes.

Whether it is security testing for a public media organization, managed security for a small team, or private infrastructure for a legal aid nonprofit, the principle is the same: prove what works, fix what matters, and support clients with direct senior engineering judgment.

Secure contact
For sensitive inquiries, email hello@secureorigin.io. PGP fingerprint for hello@secureorigin.io:
0BA7 6A2D 2761 340E 394F 7F13 129B A65D 2CA7 34C5

Frequently asked questions

Common questions

What types of organizations do you work with?
Small organizations that handle sensitive data and do not have large internal security teams: clinics, law firms, professional services firms, SaaS companies, nonprofits, NGOs, newsrooms, legal aid teams, and privacy-first organizations. If customer trust, funder confidence, or operational continuity depends on protecting your systems, we are built for you.
How do I get started?
Use the intake form on the Security services page. Share the basics about your organization, service interest, endpoint count, timeline, and what you need help securing. Use email only when the inquiry itself is sensitive.
How is this different from a standard penetration test?
Security Testing covers penetration testing and exposure review for applications, cloud, Kubernetes, identity, exposed services, and relevant detection paths.
What does the infrastructure service include?
Private Infrastructure includes hardened application hosting, cloud foundations, private collaboration environments, access control, logging, monitoring, backups, restore validation, and operating notes. See the Infrastructure page for details.
How long does an engagement take?
Each proposal includes a written timeline before work begins. Security Testing typically runs over a few weeks. Managed Security onboarding and Private Infrastructure timelines depend on endpoint count, workload complexity, and infrastructure scope.
What are your fees?
Managed Security starts at $35 per endpoint per month, with minimum engagement and onboarding costs scoped before work begins. Security Testing starts at $6,500, and Private Infrastructure starts at $9,500. Every proposal includes deliverables, responsibilities, timeline, assumptions, and price before work begins.
Request review Book call