Common Questions
Short answers.
No runaround.
The things people ask before reaching out: scope, pricing, timelines, and how we actually work.
Who does Virovici work with?
Virovici works with organizations across sizes and industries. Positioning is size-agnostic: a two-person startup with a production payment flow and a hundred-person company modernizing a legacy platform both fit. The constraint is fit, not headcount. If we are not the right partner for an engagement, we will say so directly.
What is the difference between a security audit and a penetration test?
A security audit is a scoped review of your stack, codebase, and infrastructure posture that produces written findings with risk ratings and a prioritized fix list. A penetration test simulates an attacker against a specific target to find exploitable gaps, then delivers a report with remediation steps. Audits map the landscape; pen tests probe it.
How long does a typical engagement take?
A security and infrastructure audit runs one to two weeks. Penetration tests are scoped to the target and usually land in one to three weeks. Full-stack builds depend on scope; we give a written timeline in the proposal within 48 hours of a discovery call.
How are engagements priced?
Fixed-scope work is priced as a flat fee with a 50% deposit to begin. Retainers are monthly, ranging from roughly $750 to $3,500 depending on coverage. Every proposal breaks down problem, solution, scope, timeline, and pricing in writing before any work begins.
Do you sign NDAs before discussing engagements?
Yes. If your situation requires confidentiality before the discovery call, send a mutual NDA to [email protected] and we will execute it before the conversation.
Is the person I talk to also the person doing the work?
Yes. Engagements are handled personally, without account managers or subcontractors between you and the work. The person you speak with on the discovery call is the one building and testing your systems.
What happens after a project ships?
Every full-stack build includes 30 days of post-launch support by default. Beyond that, an optional retainer covers monitoring, patches, and ongoing security review. If you prefer to take ownership in-house, we hand off clean documentation and walk your team through the system.
Do you work remotely or onsite?
Remote by default, with onsite visits available for engagements that require them. Communication is asynchronous weekly updates for projects and scheduled calls every two weeks for retainers.
Still have questions?
Email us with your situation. We will give you an honest read on whether we can help, and if we are not the right fit, we will say so.