A decent short answer for this is that we'd work it out the same way you'd work it out in the hiring process for a Director of Security: by discussing your needs and determining what we were able, as "one entity", to do. The website gives a sort of sweeping idea of what things we're capable of tackling.

I should add, though, that I think a lot, maybe even most, startups don't need this, or dedicated security of any kind.