From first contact to final report, we make the assessment process straightforward and predictable. Here's exactly what to expect.
We start by understanding your business, your industry, and your security concerns. This phase is about gathering the information we need to give you the most relevant, actionable assessment possible.
Complete a short online form (5 minutes) so we understand your company size, industry, and what triggered your interest in an assessment.
We send you an 11-section questionnaire covering your current technology, security tools, policies, and compliance needs. This is the foundation of our assessment.
Based on your responses, we recommend the assessment tier that best fits your needs and budget. No upselling, just the right fit.
After payment and SOW acknowledgment, we schedule a brief kickoff call to clarify your questionnaire responses and set expectations for the engagement.
This is where the real work happens. We conduct a thorough review of your security posture using industry-standard frameworks, tailored to your specific tier.
We analyze your systems, networks, access controls, and security tools against established frameworks (CIS Controls v8, NIST, HIPAA, etc.).
Every control is scored for maturity. We identify what's in place, what's partially implemented, and what's completely missing.
Not all gaps are equal. We prioritize findings by business impact so you know what to fix first, second, and what can wait.
Your assessment is conducted by John Codis personally, not a junior analyst. You get senior-level expertise from start to finish.
You receive everything you need to understand your security posture and take action. No vague recommendations. Every finding includes specific, practical next steps.
A clear, detailed report with an executive summary, maturity scores for each control area, and specific findings with evidence.
A prioritized roadmap with immediate quick wins (30 days) and longer-term improvements (90 days), ranked by risk and effort.
Where we identify policy gaps, we provide templates you can customize and implement immediately. No starting from scratch.
Recommendations written for companies without a security team. Clear language, specific tools, realistic timelines.
We don't just drop a report in your inbox and disappear. We walk you through every finding, answer your questions, and make sure you have a clear path forward.
A live walkthrough of your report findings, risk priorities, and action plan. Ask anything. This is your time.
If you want ongoing support implementing recommendations, our CyberReady Guard vCISO retainer is available month-to-month. No pressure, no lock-in.
From kickoff to report delivery, here's what to expect for each tier.
All timelines measured in business days from kickoff call.