Skip to content

How we work

Assess to Protect to Monitor

A three-step lifecycle, not a one-off project.

012 to 3 weeks

Assess

  • Kickoff call: understand operations, critical systems, recent incidents
  • Device and access inventory (we walk the site and remote)
  • Risk scoring against your operational priorities
  • Findings review with you in plain language

Output

Risk register + 30 / 60 / 90 plan

022 to 6 weeks

Protect

  • Harden the high-impact findings first
  • Network segmentation where it matters
  • Identity and access cleanup
  • Document every change we make (rollback path included)

Output

Hardening report + audit evidence

03Ongoing

Monitor

  • Quarterly mini-assessment
  • Monthly security summary
  • CVE tracking for your inventory
  • Configuration drift alerts

Output

Monthly summary email + dashboard access (your internal team only)

Honest scope

What we don’t do

Trust starts with being clear about what’s out of scope.

We don’t manage your IT helpdesk.

Password resets, printer queues, and laptop imaging belong with your IT team or MSP. We stay focused on the security work.

We don’t ship a security agent on every device unless it earns its keep.

Endpoint agents have real costs — performance, license, blast radius. We deploy them where they matter and not where they don’t.

We don’t make compliance attestations on your behalf.

We give you the evidence, the controls, and the documentation. The auditor — not us — signs the attestation.

Start with an assessment.

Every engagement begins the same way: a short kickoff, a clear scope, and a written proposal before any work begins.

Request assessment