> ## Documentation Index > Fetch the complete documentation index at: https://docs.cantina.xyz/llms.txt > Use this file to discover all available pages before exploring further. # Advisory > Strategic security advisory and executive-level guidance **Advisory** (formerly known as vCISO) provides on-demand security leadership, offering expert guidance tailored to the unique needs of Web3 protocols. This service is designed for projects requiring high-level, strategic security expertise at various stages of development and operations, without the need for a full-time security hire. ## Service Process The advisory process is consultative and can be adjusted to the specific requirements of your protocol. The engagement typically follows these steps: ### 1. Initial Assessment * **Objective**: Understand the protocol's architecture, goals, and security posture. * **Activities**: Audit technical specifications, identify key areas of concern, and establish security priorities. * **Outcome**: A clear understanding of the current security landscape and a framework for addressing key risks. ### 2. Security Strategy Development * **Objective**: Provide a security strategy that aligns with the protocol's goals and development roadmap. * **Activities**: Develop a tailored security roadmap with short- and long-term security objectives. * **Outcome**: A security strategy document that outlines actionable steps to mitigate risks and improve the protocol's security posture. ### 3. Technical Guidance and Recommendations * **Objective**: Deliver actionable insights across various security domains. * **Activities**: * **Smart Contract Best Practices**: Audit and advise on secure development practices for smart contracts. * **Architecture Audits**: Evaluate protocol architecture to identify systemic vulnerabilities and improve resilience. * **Web2 Security Guidance**: Provide expertise on Web2 security practices that can be integrated into Web3 protocols, such as network security and threat modeling. * **Development Framework Recommendations**: Recommend frameworks and tools that promote security throughout the development lifecycle. * **Outcome**: Clear and concise recommendations for improving security and mitigating risks in the protocol's design and implementation. ### 4. Ongoing Consultations and Security Audits * **Objective**: Provide continuous support and periodic audits to ensure security remains robust over time. * **Activities**: * Conduct periodic security audits to assess the protocol's evolving threat landscape. * Address emerging vulnerabilities and adjust security practices as necessary. * **Outcome**: Regular security updates and adjustments based on new threats, vulnerabilities, or changes in protocol functionality. ### 5. Managed Detection and Response & Post-Incident Analysis * **Objective**: Offer support in case of security incidents to minimize damage and enhance future resilience. * **Activities**: * Provide technical expertise during and after an incident to help mitigate impact and identify root causes. * Conduct post-incident analysis to improve future incident response protocols and reduce risk exposure. * **Outcome**: A detailed incident report with lessons learned and recommendations for preventing similar issues in the future. ### 6. Documentation and Compliance * **Objective**: Ensure the protocol is aligned with security best practices and compliant with relevant standards. * **Activities**: * Provide guidance on building and maintaining comprehensive security documentation. * Assist in achieving compliance with Web3 and Web2 regulatory standards, such as data privacy laws and security standards. * **Outcome**: Security documentation that clearly articulates the protocol's security posture, decision-making processes, and compliance efforts. ## Contact Us For more information or to scope a potential engagement, reach out via [cantina.xyz/contact/spearbit/](https://cantina.xyz/contact/spearbit)