What this service does
Carrier-coordinated underwriting support, continuous evidence packaging, breach counsel access, and policy-aligned MDR. We work with the carriers your insurance broker works with , AIG, Beazley, Coalition, Resilience, Travelers, Chubb, Munich Re, Hartford , and run the cybersecurity controls they require.
Senior practitioner on every engagement. Quinnlan Varcoe (Founder and CEO) oversees every engagement and reviews every case before findings leave the practice; Jose Santana, Lead Technical Consultant, oversees the practitioner team executing the technical work under her methodology. NDA-protected. No black-box delivery, no off-shoring, no junior staff bait-and-switch.
What we deliver
- Carrier-Coordinated Underwriting. We sit on the underwriting call with you and your broker. Pre-built evidence package, technical Q&A handled by us, not your engineers. Carriers we work with regularly: AIG, Beazley, Coalition, Resilience, Travelers, Chubb, Munich Re, Hartford.
- Continuous Evidence Package. Refreshed quarterly, not at renewal. SOC, EDR coverage, MFA enforcement, backup posture, IR retainer, training program , all documented in the format carriers actually score against. No scrambling at renewal time.
- Policy-Aligned MDR. Our MSSP layer maps controls to the most-asked-for policy provisions: ransomware coverage, BEC/social engineering, contingent business interruption, regulatory defense. We make sure the controls actually meet the policy language, not just the application form.
- Renewal Negotiation Support. We translate posture improvements into premium impact. Year-over-year evidence of risk reduction, supported by metrics carriers respect. Brokers love working with us , we make their renewal pitch credible.
- Breach Counsel Network. Pre-vetted privileged-counsel firms on retainer. When an incident hits, the first call goes to counsel, second to us. Privilege protected from minute one.
- Carrier-Accepted IR Retainer. 48-hour engagement start. Hourly rates pre-accepted by major carriers (we're paid as readily as Mandiant or Kroll). Insurance-paid IR is the only IR you should rely on for a serious incident.
- Post-Incident Carrier Coordination. After containment: forensic report formatted to carrier requirements, regulator-coordinated notification timelines, vendor invoicing routed correctly through the policy. We've run this at the senior level , no first-time-buyer mistakes.
- Sub-limit + Coinsurance Strategy. Most underwhelming claims are caused by sub-limits, not denials. We review your policy for the sub-limits that bite (ransomware extortion, regulatory fines, contingent BI) and align controls + carrier negotiation accordingly.
How an engagement begins
- Confidential consultation. NDA-protected. 30 to 60 minutes. Direct conversation with Quinn, not a sales rep.
- Scoped engagement. Written proposal with defined deliverables and pricing. Hourly with milestone caps for open scopes; fixed fee where the work is well-defined.
- Delivery and reporting. Court-admissible methodology where evidence matters. Written deliverables you can hand to counsel, the board, or your auditor.
Why this work runs through Witness
Witness is the parent brand for the practice. The same firm operates a B2B sister brand at varcoe.ai for buyers whose procurement workflow expects a B2B website and a B2B sales motion. Same legal entity (Blueberry Security Global, Inc., Delaware C-corp). Same Quinn. Same delivery team. The split is by audience, not by capability.
