Methodology
How we work, week by week.
A first engagement runs about four weeks. Senior-led, with a fixed scope and a written deliverable you keep. Below is what each week actually looks like.
One call. We map your environment, your obligations, and what’s keeping you up at night.
A 60-minute conversation. We learn what your business does, what would hurt if it stopped, and what you’re already doing.
No tooling pitch. The goal is a shared picture of the environment and the obligations — regulatory, contractual, customer-driven — that actually apply to you.
We work through your stack against the NIST CSF and produce ranked findings.
We review your environment against the NIST Cybersecurity Framework, interview the people who actually use the systems, and write findings in plain English.
Findings are ranked by what would hurt your business, not by CVE score. The list is short enough to read in a sitting and specific enough to act on.
Prioritized fixes, sequenced for budget and disruption.
A prioritized list with rough effort estimates. Most items you or your IT provider can do.
The ones that need us, we quote separately and fixed-scope — no surprise hours, no retainer creep.
Written report. Yours to keep. Yours to act on, with or without us.
You keep the report, the inventory, and the plan. If you want us back, you know where we are.
If you don’t, you’re not stuck. No managed contract that quietly renews, no proprietary tooling you can’t take with you.
Free 10-minute tool · NIST CSF 2.0
Start with the free assessment.
24 plain-English questions across the six NIST cybersecurity functions. You walk away with a maturity score, a function-by-function breakdown, and a downloadable PDF report. No email required to start.
Take the free assessment →Runs entirely in your browser. Nothing is sent to a server.