I have seen the architecture of a bank's new system and can see how a reverse proxy as the front door of the website leading to flat HTML pages protects the real assets, which are coded in Java and are further back in the chain of machines. Go to security forums and PM the cluey posters to see if they are interested.
I also agree with the previous posts that most contractors will not work free on the possibility of future revenues. Volunteers are also a good idea but they may not hang around if personal issues get in the way. Ask yourself how far would the big bad industry go to shut you down and then take that on board.