The fastest way to find out where you actually stand.
Most engagements start here. Two weeks, a senior practitioner, and a prioritized roadmap your board can act on. The right answer to most security questions is a risk assessment first.
- Duration
- 2 weeks
- Engagement
- Fixed price
- Team
- Senior lead
- Deliverable
- Roadmap + readout
What gets assessed
Identity & access posture
MFA coverage, privileged-access controls, lifecycle automation, federation hygiene.
Endpoint & cloud telemetry
EDR/SIEM coverage map against MITRE ATT&CK, with gap analysis.
Vendor & supply-chain risk
Critical third parties inventoried with concentration-risk view.
Compliance gap (if relevant)
Mapped against the framework that actually applies to you — SOC 2, CMMC, HIPAA, etc.
Incident readiness
Runbook review, escalation paths, contact verification, tabletop scenario.
Board-level narrative
Your security story translated for executive and board audiences.
Two weeks from kickoff to readout
- 01Day 1–3
Stakeholder interviews
60-min conversations with engineering, security, IT, legal, and an executive sponsor. We listen before we recommend.
- 02Day 3–7
Stack & data review
Configuration review of the most-load-bearing controls. Active scanning where authorized.
- 03Day 7–10
Synthesis & roadmap
Findings synthesized, prioritized, and ranked by business impact. We build the 12-month plan.
- 04Day 10–14
Executive readout
90-minute readout with leadership + Q&A. You get the deck, the detailed findings, and the prioritized punch list.
What you walk away with
- 12-month security roadmap with quarter-by-quarter priorities
- Risk register tied to actual business impact
- Quick-win punch list — things you can act on this week
- Compliance gap map (if a framework applies)
- Board-ready executive readout deck
- Authoritative recommendation on what to build vs. buy vs. outsource
Start with the assessment.
It's the cheapest engagement we offer and the most leveraged. We'll be honest with you about whether you need us at all.