Some examples of work previously done:

• A quick (in)vulnerability analysis for a web-based product that was claimed to be hackable (turned out to be an empty claim).
• Help in translating not-complete-formed security policy ideas to a policy and then actual practical implementation into the organization.
• Analysis of a security product and its applicability to the organization's security policy.
• Threat analysis of a services with public interest, with additional attention to external image management even in the face of a claimed attack.