Home Assessments Solutions Reports Research Contact
// Solutions

You came here with a specific problem.

Below are the problems we solve most often, the combination of work each one requires, and the outcome you walk away with. Find the scenario that sounds like your week — that's the conversation we should be having.

// Scenario 01
I have a SOC 2 audit on the calendar in 90 days and we have never done one before.
CTO · Series B SaaS · pipeline blocked behind certification
→ The work, in order
  • Compliance Validation (SOC 2 Type II)Per-control gap register, evidence workbook, cross-walk to existing controls.
  • Remediation sprintClose every CC6 / CC7 gap that would draw a qualified opinion.
  • Pre-audit dry runLive walkthrough with engineering — auditor's questions answered before the auditor asks them.
→ The shape
  • Timeline8–10 weeks
  • Audit window90 days · achievable
  • OutputAuditor evidence pack
  • Best forFirst-time SOC 2
Outcome: Type II achieved on first attempt. No qualified opinions. Sales pipeline unblocked.
// Scenario 02
I just took the CISO seat and I don't trust the inventory I inherited.
CISO · 4,000-employee healthcare provider · first 90 days
→ The work, in order
  • External Threat Exposure AssessmentIndependent attribution of every internet-facing asset — finds what the inherited inventory missed.
  • Internal Threat AssessmentPrivilege paths, lateral movement, detection gaps. The full posture you can defend in front of the board.
  • 90-day briefing packFindings synthesized into a prioritized program plan you present in your first board cycle.
→ The shape
  • Timeline6 weeks
  • SequenceParallel + sync
  • OutputBoard-ready 90-day plan
  • Best forCISO transitions
Outcome: Independent baseline of attack surface and internal posture in week one of the new role. The first board update has data, not narrative.
// Scenario 03
We had an incident last quarter and the board wants accountability.
CIO · regional bank · post-incident · regulator notified
→ The work, in order
  • Post-incident reviewIndependent root-cause and detection-failure analysis. The document the board and regulator both need to read.
  • Internal Threat AssessmentWhat else does the attacker chain depend on? What other paths exist?
  • Detection-coverage upliftSigma + Defender XDR rules deployed for the techniques that were missed.
  • IR retainer activationPre-paid response capability so the next call is to a known number.
→ The shape
  • Timeline8 weeks + retainer
  • AudienceBoard + regulator
  • OutputIndependent IR review
  • Best forPost-incident accountability
Outcome: Regulator-acceptable independent review. Detection gaps closed. Board has a credible answer to "could it happen again."
// Scenario 04
M&A diligence — six weeks to validate the target before the deal closes.
VP Corp Dev · acquirer · target is a 200-person SaaS
→ The work, in order
  • Cyber diligence sprintCompressed external + internal assessment scoped against the deal timeline. No padding, no theater.
  • Compliance gap snapshotWhere does the target sit against the frameworks the parent company holds?
  • Integration risk registerWhat you inherit on day-one of close, ranked by exploitability and effort to close.
→ The shape
  • Timeline4–6 weeks
  • ConfidentialityNDA + clean-room
  • OutputDeal-team risk memo
  • Best forPre-close diligence
Outcome: Independent cyber risk register the deal team can price into terms or use as a closing condition.
// Scenario 05
Our cyber insurance carrier won't renew without proof of MFA, EDR, and tested backups.
CFO · 300-employee manufacturer · renewal in 60 days
→ The work, in order
  • Posture-proof packageEvidence the carrier actually accepts: MFA enforcement scope, EDR coverage map, backup restore test results.
  • Remediation sprintClose the specific gaps the carrier flagged in the renewal questionnaire.
  • Carrier-facing attestationA document signed by us that the broker can hand directly to underwriting.
→ The shape
  • Timeline3–5 weeks
  • AudienceCarrier underwriting
  • OutputAttestation + evidence pack
  • Best forRenewal at risk
Outcome: Renewal closed at quoted premium. Coverage uninterrupted.
// Scenario 06
Our cloud bill ballooned and security fell behind the migration.
VP Engineering · post-cloud-migration · AWS + Azure
→ The work, in order
  • Cloud security auditIAM trust graph, misconfiguration register, IaC drift — across every account in scope.
  • Detection coverage for cloud planesCloudTrail / Activity Log / Audit Log rules that match the threats you actually face.
  • DevSecOps integrationShift-left checks in CI so the next deploy is the last one that ships these gaps.
→ The shape
  • Timeline3–4 weeks
  • Scope1–3 cloud accounts
  • OutputIaC patches + rules
  • Best forPost-migration cleanup
Outcome: Cloud posture caught up to where the workloads actually are. Detection content tied to real cloud-plane threats.

Don't see your scenario?

Most engagements start with a 30-minute scoping call. We'll tell you whether we can help — or who can — by the end of it.

Scope a conversation →