Compare · Pillar
Free vs. paid security assessment — what you actually get
A tier-by-tier comparison of SecurityStack Free ($0), Essentials ($499), and Expert ($2,499). By Arien Seghetti · Updated April 2026.
SecurityStack's Free tier shows you the methodology on up to 20 tools with no exports. Essentials ($499) unlocks unlimited tools, AI-generated recommendations, and PDF plus PPTX outputs. Expert ($2,499) adds a one-hour consultation with the founder. All three are per-assessment, not subscriptions — and upgrading from Free to Essentials is lossless.
The short version
- Free ($0). You see the Cyber Defense Matrix 2.0 rendered against your stack. You do not get a document to send to anyone.
- Essentials ($499). You get the full matrix, the AI-generated recommendations, and two exports — a PDF executive report and a PPTX board deck.
- Expert ($2,499). You get everything in Essentials plus a one-hour consultation with Arien Seghetti, scheduled within two weeks.
Free — who it's for and what it shows
The Free tier is a faithful demonstration, not a crippled trial. It runs the same five-phase questionnaire, applies the same CAN-vs-IS coverage engine, and renders the same 7×9 Cyber Defense Matrix you would see on a paid tier. The only deliberate limits are the 20-tool cap, the absence of PDF and PPTX exports, and the absence of AI-generated recommendations. Everything else — the matrix, the coverage percentages, the gap summary, the CAN-vs-IS comparison — renders in full.
The Free tier is designed for three kinds of users. First, security leaders who want to see the methodology on their own stack before paying. Second, consultants and internal-audit teams evaluating whether to bring the platform into a client engagement. Third, small organizations running under 20 tools who genuinely do not need an export — they want a permanent coverage record for their own reference. For all three, the Free tier is a complete product, not a sales funnel.
There is no credit card required, no trial clock, and no auto-upgrade. Assessments stay open indefinitely. You can return six months later, update your tool list, and watch the matrix re-render.
Essentials — who it's for and what unlocks
Essentials is the standard annual-assessment tier and is where roughly 80% of paid customers land. It removes the 20-tool cap and adds four capabilities that turn the assessment from a visualization into a deliverable.
Unlimited tools and the full matrix. A mid-market program typically runs between 25 and 60 distinct tools, often climbing into the 80s for security-heavy industries or post-acquisition stacks. Essentials handles any count. Custom and unmatched tools can be self-mapped via a provisional-mapping flow that feeds directly into the coverage engine.
AI-generated "Do This Now" recommendations. The coverage engine identifies gaps. The AI layer turns those gaps into prioritized, business-language recommendations — with the "You Already Own the Fix" moves surfaced first, new purchases second, and consolidation opportunities third. Every recommendation includes a specific next step and an owner-role hint drawn from the questionnaire.
PDF executive report. Eleven sections covering coverage summary, the matrix, detailed gap analysis, 30/60/90 day roadmap, spend-at-risk analysis, and a plain-language executive summary. Cached by assessment hash so it regenerates only when your answers change. This is the artifact most CISOs send to their CEO or audit committee.
PPTX board deck. Five to six slides, board-ready, covering the same findings compressed to talking-point density. Used at quarterly risk committee reviews and in procurement justification meetings.
At $499 per assessment, Essentials is roughly 1% of the cost of a comparable consulting engagement. The unfair advantage is the vendor database that powers the CAN layer — 27 years of field judgment encoded as capability mappings. The software is the delivery mechanism.
Expert — who it's for and what the consultation covers
Expert is Essentials plus one hour of direct consultation with Arien Seghetti. The in-app experience is identical to Essentials — the differentiator is the human. A typical Expert engagement runs three blocks inside the hour. Twenty minutes walking through the matrix and the key findings. Twenty-five minutes pressure-testing a specific vendor decision, procurement question, or board narrative. Fifteen minutes on sequencing — which recommendations to act on first, which to defer, and which to skip entirely given organizational constraints.
Expert is chosen most often in three situations. A contentious vendor decision — typically in the SIEM, XDR, or identity space — where the CISO wants an outside read before signing a multi-year contract. A board or audit committee conversation where outside validation strengthens the narrative. And a merger or acquisition scenario where two stacks are being rationalized and sequencing matters as much as the finding itself.
The consultation is scheduled within two weeks of the assessment completing. It is vendor-neutral and delivered under a professional-services engagement letter, not an advisory-retainer relationship.
The decision matrix
Four scenarios that cover most buyers.
| If this sounds like you | Pick | Why |
|---|---|---|
| Security leader at a 200-person firm, 35 tools | Essentials | Over the 20-tool Free cap. Needs the PDF report for the CEO and the PPTX deck for the board. AI recommendations pay for themselves the first time they surface a 'You Already Own the Fix' finding. |
| Consultant evaluating the methodology before a client engagement | Free | The free tier is a faithful demonstration. Build a sample assessment on your own stack, see the matrix render, and decide whether to bring Essentials to the client as a deliverable. |
| CISO heading into a contentious SIEM or XDR decision | Expert | The assessment identifies the gap. The hour of consultation is where the judgment call — which specific vendor, which deployment model, which migration sequence — gets pressure-tested before a multi-year contract. |
| Small org under 20 tools, no export requirement | Free | If you are under the tool cap and do not need a PDF for internal distribution, the Free tier is a complete product for your use case. Upgrade only when you grow past 20 tools or need an export. |
The upgrade path is lossless
Starting on Free and upgrading later is the recommended path for most mid-market buyers. Every tool you enter, every questionnaire answer you record, and every provisional mapping you submit on the Free tier carries forward unchanged when you upgrade. The matrix re-renders with the paid feature set against your existing data — there is no re-entry, no re-computation penalty, and no data loss.
Upgrading from Essentials to Expert is similarly frictionless. Pay the difference, schedule the consultation, and nothing in the in-app experience changes — Expert and Essentials are identical inside the product. What you are buying at Expert is the hour, not a different report.
There is no downgrade flow and none is needed. Because every tier is per-assessment, a purchase at one tier does not obligate you to repeat that tier next year. Run Essentials this year, Free next year if your stack has not meaningfully changed, and Expert the year you face a major vendor decision. Each assessment is a separate transaction.
Frequently asked questions
Can I downgrade from Essentials back to Free?
There is no downgrade action because every tier is per-assessment rather than a subscription. When you pay for Essentials, you pay for that specific assessment and keep the full outputs forever. Your next assessment is a separate decision — you can run it on the Free tier, or any other tier, based on what you need that time.
Is this a subscription?
No. All three tiers are one-time, per-assessment charges. You pay once, keep the outputs indefinitely, and pay again only when you rerun the assessment — typically once a year or after a major change in your tool stack.
Is the free tier time-limited?
No. The Free tier is not a trial. There is no clock, no auto-upgrade, and no credit card required. You can leave a free assessment open indefinitely and return to it whenever your stack changes.
What do mid-market enterprises typically pick?
Mid-market organizations (100–999 employees) almost always land on Essentials. They have more than 20 tools, they need the PDF executive report for internal distribution, and they use the PPTX board deck for quarterly risk committee reviews. Expert is chosen when a specific vendor decision or procurement cycle warrants the consultation.
If I start on Free and upgrade, do I lose my progress?
No. The upgrade is lossless. All tools, answers, and provisional mappings from your Free-tier assessment carry forward into Essentials the instant you upgrade. You do not re-enter anything, and the matrix re-renders with the full paid feature set against your existing data.
How does this compare to hiring a consultant?
A comparable consulting engagement runs $50K–$150K and takes 6–12 weeks. SecurityStack at the Essentials tier covers roughly 80% of that work — inventory, CAN-vs-IS coverage analysis, gap identification, and prioritized recommendations — in 30–60 minutes for $499. The Expert tier adds the 20% that software cannot deliver on its own: organizational judgment calls and vendor-specific context from a human practitioner.
Does the Free tier include AI-generated recommendations?
No. The Free tier shows coverage status and a basic gap summary, but the AI-generated 'Do This Now' recommendations — including the 'You Already Own the Fix' moves — are an Essentials+ feature. The principle is that visibility is free and actionability is paid.
When does the Expert consultation happen?
Within two weeks of the assessment being completed. The hour is scheduled directly with Arien Seghetti and is structured around your specific findings — typical agenda is 20 minutes walking through the matrix, 25 minutes pressure-testing a vendor decision or procurement question, and 15 minutes on next-step recommendations.
Start here
Run the Free assessment first
See the methodology on up to 20 of your tools. Upgrade losslessly to Essentials when you need the full matrix, AI recommendations, or exports.