Plan, prepare, respond.
The guides, checklists, and tools we use with clients — adapted for general use. If you're trying to figure out where you stand, start with the Cyber Risk Checklist.
Learn
Background reading on the problems we work on every day.
Blog
Threat write-ups, vendor-agnostic guidance, incident retrospectives.
Cybersecurity Guides
Long-form guides on core controls, threat models, and program design.
Compliance Guides
Framework-by-framework walkthroughs: CMMC, SOC 2, ISO 27001, HIPAA, PCI.
Incident Response Resources
Plans, playbooks, decision trees, communication templates.
AI Security Resources
Practical guidance for LLM apps, agentic systems, and AI-supply-chain risk.
Downloads
Templates and checklists we use with clients — adapted for general use.
Cyber Risk Checklist
A 12-point self-audit that surfaces the gaps most teams find only after an incident.
Ransomware Readiness Checklist
A pragmatic checklist focused on the controls that actually shorten an event.
CMMC Readiness Checklist
Level 1 and Level 2 control-by-control readiness map.
SOC 2 Readiness Checklist
Trust services criteria mapped to the evidence your auditor expects.
Incident Response Plan Template
A starting-point IR plan you can adapt in an afternoon.
Tools
Lightweight, no-signup interactive tools.
Cyber Risk Calculator
Quantify exposure in dollars — frequency × magnitude — calibrated to your industry.
Compliance Readiness Quiz
Five minutes to find out which framework actually applies to you.
Vendor Risk Questionnaire
The 30-question short form we'd use to evaluate a new third party.
Cyber Insurance Readiness Checklist
Pre-binding control review to keep premiums sane and claims paid.
A monthly write-up worth opening
Threat retrospectives, framework updates, and short pieces on practical security. No marketing emails. Unsubscribe is one click.