Security and compliance,
owned end to end.
Secure Pixels is the practice of Rafał Męczkowski — 20 years across software, infrastructure, and security, and the person who took a US healthcare SaaS through SOC 2 Type 2 solo: controls, evidence, and audit, start to finish. I help teams become audit-ready, clear enterprise security reviews, and stay that way — as a hands-on fractional security lead, not a slide deck.
One senior operator, not a faceless agency
When you hire Secure Pixels, you get the person who's actually done the work — not a junior behind a brand.
I'm Rafał, and for the last 12 years I've been the end-to-end technical owner of infrastructure, security, and compliance for a healthcare SaaS platform: production Azure environments, the full security posture, and the regulatory readiness that lets enterprise customers say yes.
The thing most teams need and can't easily hire: someone who can build it, secure it, and prove it to an auditor — and sit in the assurance call with your biggest prospect's security team and earn their trust. That's the role I play.
Capabilities
Three ways to work together — pick the one that matches where you are.
SOC 2 / HIPAA Readiness
Get audit-ready — fast, and without derailing your team. I run readiness end to end: gap assessment, control design, policy and evidence, security training, and walking you through the audit itself. The same process I've driven solo to a clean Type 2 in healthcare.
Fractional Security Leadership (vCISO)
Your security authority, without a full-time hire. Ongoing, hands-on ownership for teams that need a CISO-level person but aren't ready to hire one. I own your posture, lead pen-test remediation, handle vendor and partner security reviews, represent you in enterprise assurance conversations — and can help you build and lead the security function itself.
Pen-Test Remediation & Vendor Security
Close the findings. Clear the security review. Win the deal. I coordinate third-party assessments, triage findings, and drive remediation to closure — plus the security questionnaires, DPAs, and due diligence that gate enterprise contracts.
Also: secure build & AI. Security-first web and cloud development (strongest in Azure, platform-flexible), and AI enablement done responsibly — platform usage, contract and data-flow review, and safe adoption.
Security by design
Primary security authority across infrastructure, applications, and vendor relationships. From pen test remediation to SOC 2 evidence — I own it end to end.
Compliance & audit readiness
SOC 2 Type II evidence, vendor security questionnaires, DPAs, and legal/security reviews.
Pen testing & remediation
Coordinating third-party assessments, triaging findings, and driving remediation to closure.
Incident response & training
IR policy ownership, security awareness programs, and internal training rollouts.
User research, UI design, accessible interfaces.
Security questionnaires, DPAs, due diligence.
Full-stack web apps, marketing sites, portals.
AI contract review, platform enablement, data flows.
Continuous monitoring with proactive remediation.
Let's get you
audit-ready
Tell me about your platform, your compliance target, or the security review that's blocking a deal. I respond within one business day, and I'll sign an NDA on request.
I'm on it
Your message has been securely delivered. Expect a response within one business day.