steelefortress.com

What It Is

Steele Fortress is a U.S.-based cybersecurity and privacy consulting firm positioned as a boutique provider with dual capabilities in “law + technology.” Its core offering is not a single security product, but professional services spanning incident response, digital forensics, virtual CISO, compliance consulting, security assessments, privacy, and asset protection. The website highlights founder Jonathan D. Steele’s legal background as well as security credentials such as CompTIA Security+, ISC2 CC, and CEH, making it a fit for clients that need to manage technical risk while also considering regulatory, litigation, and notification obligations.

Core Capabilities and Managed Alerts

In terms of protection coverage, Steele Fortress includes 24/7 incident response, ransomware, data breaches, BEC, malware, insider threats, DDoS, penetration testing, vulnerability assessments, cloud security, and application security testing. SOC-as-a-Service is described as outsourced 24/7 monitoring, threat detection, continuous network surveillance, incident response, and compliance reporting, but the main content does not disclose the specific platform, data collection methods, or tool stack. Its vCISO service is relatively comprehensive, covering 30/60/90-day security roadmaps, risk registers, security policies, vendor risk assessments, board reporting, and KPI dashboards. Incident response deliverables include IOC reports, forensic timelines, root-cause analysis, regulatory notification materials, and hardening recommendations.

Compliance, Deployment, and Integration

Compliance coverage is broad, including HIPAA, SOC 2, CMMC, GDPR, CCPA/CPRA, BIPA, NIST, ISO 27001, and more. Services include gap analysis, policy packages, control mapping matrices, evidence templates, and mock audits. Deployment is mainly through consulting and managed services: incident response supports remote-first triage, vCISO is available on a monthly retainer or project basis, and compliance audit preparation typically takes 4-8 weeks. For integrations, incident response requires clients to provide log sources such as SIEM, EDR, firewalls, and cloud consoles, and AWS, Azure, and GCP assessments are supported. However, no standardized APIs or specific integration marketplaces are listed.

Pricing, Pros, and Cons

Pricing has some degree of transparency: vCISO is listed at $5,000/month, security assessments start at $2,500, rapid incident response is billed hourly with a 4-hour minimum, and compliance and privacy services are mostly project-based. Its strengths are clear deliverables, a combination of legal and technical expertise, suitability for highly regulated industries, and an emphasis on direct service from senior experts. Limitations include the constrained capacity typical of a boutique team. SOC-as-a-Service is prominently promoted but lacks detailed pricing, detection rule information, SLA scope, and technical architecture. The firm also does not handle ransom negotiations, legal representation, or ransom payment decisions.

Best Fit and Access from China

Steele Fortress is better suited to healthcare, legal, financial, manufacturing, SaaS, and professional services companies in the U.S. and cross-border markets—especially SMBs without a full-time CISO but facing audit, privacy, or incident response pressure. It may also suit high-net-worth individuals seeking privacy and anti-surveillance services. Access from China, payment methods, and Chinese-language support are not disclosed, so china_access can only be rated as unknown. If a mainland Chinese company needs MLPS, commercial cryptography compliance, local on-site support, and Chinese ticketing, it may also evaluate domestic alternatives such as 奇安信, 深信服, 绿盟, and 安恒. For international MDR/SOC options, Arctic Wolf, Expel, Red Canary, and CrowdStrike are relevant comparisons.