FAQ

Clear answers to the most common questions about our cybersecurity services.

General Questions

What does Cyber Craft Solutions do?
We provide cybersecurity consulting and assessments for small to medium-sized businesses (SMBs), as well as contract-based support for larger organizations. Our core services include:

  • Vulnerability Assessments
  • IT Infrastructure Reviews
  • Compliance Audits (e.g., HIPAA, PCI DSS)
  • Penetration Testing
  • Security Awareness Training
  • AI Security Assessments
  • Cloud Security Reviews

Who do you work with?
We primarily serve SMBs, but we also work with larger businesses on a contract basis. Many of our clients are based in Lancaster, PA and surrounding areas, including Lititz, Ephrata, Manheim, and Central PA. We also support remote clients across the U.S.

  • 🛍️ Retail – PCI DSS compliance, payment system reviews
  • 🏥 Healthcare – HIPAA compliance, patient data protection
  • 📊 Professional Services – law firms, accountants, consultants
  • 🏛️ Local government and nonprofit organizations
  • 🏢 Enterprise teams – specialized contract-based assessments

How do I know if my business needs cybersecurity support?
If your organization:

  • Handles sensitive customer, health, or payment data
  • Uses cloud platforms (e.g., Google Workspace, Microsoft 365, AWS)
  • Is subject to compliance requirements (HIPAA, PCI DSS, etc.)
  • Hasn’t had a security review or penetration test in over a year
  • Wants to reduce risk through employee awareness training
    …then our services are likely a great fit.

Services & Assessments

What is a vulnerability assessment?
A vulnerability assessment identifies known security issues in your environment—things like outdated software, misconfigured systems, or exposed services. We scan:

  • Networks (firewalls, routers, wireless)
  • Servers and workstations
  • Web apps and cloud services

You’ll get a risk-prioritized report and clear remediation steps.

How is that different from penetration testing?
A vulnerability assessment finds the cracks.
A penetration test tries to break through them.

Penetration testing simulates real-world cyberattacks to see what an attacker could do with the vulnerabilities we find. It’s hands-on, authorized hacking to test your defenses.

Do you perform penetration testing?
Yes. We perform legal, ethical pentests under contract with full client authorization. You’ll receive a complete report of our findings, impact assessments, and step-by-step remediation guidance.

What compliance frameworks do you support?
We help clients meet or prepare for:

  • PCI DSS – Payment security compliance
  • HIPAA – Healthcare data privacy and protection
  • PII/Data Privacy – Personal information security
  • General Best Practices – NIST CSF, CIS Controls, and more

We perform gap assessments and provide actionable steps to close compliance gaps.

Pricing & Working Together

How much do your services cost?
Pricing depends on scope, complexity, and organization size. General ranges include:

  • 🔍 Vulnerability Assessments: $1,250–$6,000
  • 🧾 Compliance Audits: $1,875–$8,000
  • 🎯 Penetration Testing: $2,500–$12,000
  • 📚 Security Awareness Training: $1,000–$10,000

📅 Initial consultations are free, and we offer custom bundles and retainers.

Do you offer long-term or retainer-based support?
Yes. Many clients retain us for:

  • Ongoing security consulting
  • Regular compliance check-ins
  • Monitoring support and remediation guidance
  • Incident response planning

Packages are tailored to your needs and business goals.

What does the engagement process look like?
Here’s how we typically work with clients:

1️⃣ Free Consultation – Understand your goals and environment
2️⃣ Assessment – Conduct scans, reviews, or testing
3️⃣ Report – Deliver findings with action items
4️⃣ Support (Optional) – Help with remediation and implementation

We keep the process transparent, actionable, and aligned with your priorities.

Security & Confidentiality

Can you guarantee I won’t get hacked?
No one can guarantee complete protection—but we dramatically reduce your exposure to threats through layered, proactive defenses. Cybersecurity is about reducing risk, not eliminating it.

Will your assessments disrupt our operations?
Not at all. Vulnerability scans and audits are designed to be non-intrusive. For pentests, we coordinate carefully to schedule testing during off-hours and minimize business impact.

Is our data safe with you?
Yes. All client data is strictly confidential. We operate under nondisclosure agreements (NDAs) and never share information without your explicit consent.

Getting Started

How do I reach you?
Reach out any time:

📧 Email: jeremy@craftedcybersolutions.com
📞 Phone/Text: (717) 638-1223

Where are you located?
We’re based in Lancaster, Pennsylvania, and serve clients both locally and remotely across the United States.

Do you support remote engagements?
Absolutely. Most of our services can be delivered remotely. We also travel locally when on-site work is required.