In each of our core areas of subject matter expertise, we have the knowledge and experience to dive deep into specific technologies or disciplines. We can narrow scope to provide rapid assessments that we complete in a few weeks, or we can equip you for self-assessments. We can also assist you with solution selection, evaluation, and business case development

Rapid Assessments

Our Rapid Assessments are streamlined engagements derived from our comprehensive assessment methodology. We work with you to determine what level of depth or breadth makes most sense for your situation and budget. The “rapid” assessment involves a lighter level of analysis with fewer interactions on any given domain than a “comprehensive” assessment. However, the rapid assessment will still capture critical points of analysis for the domains you select, and you still get the benefit of our experience from hundreds of similar engagements.

Self Assessments

Our self assessment tools empower your security and IT teams to continuously self-assess at an optimal level of detail and focus. Self-assessments provide early warning indicators that allow you to course correct as you execute against a roadmap or set of recommendations. By conducting self-assessments, you will be better prepared for formal audit and regulatory scrutiny, and can improve security-related decision-making.


Practice- and Technology-specific engagements focus on a single area from the security, identity, privacy, or risk management disciplines.

Practice-specific engagements help you evaluate skills gaps, develop policies, identify procedural improvements, conduct table top exercises, and implement improvements.

Technology-specific engagements help you identify business drivers, functional requirements, technical requirements, constraints, and dependencies.

Outcomes typically include recommendations for architecture improvements, identification of technology gaps, suggested solutions to address gaps (including open-source and commercial), and execution roadmaps.

Solution Evaluation & RFx

We facilitate collaborative workshops to prepare requests for information (RFIs) or request for proposal (RFPs) to help you select technology vendors and managed service providers. We help you gather technical and non-technical requirements collected during assessments and architecture improvement engagements, and format them into our RFI/RFP matrices. Our pre-built templates, requirements matrices, and scoring instruments help you objectively evaluate, assess, and score vendor responses. Working with us, your team will hit the ground running with sample requirements, weightings, and scoring methods – all completely customizable.

Business Case

We help you develop sound business cases for investing in technology or procedural improvements. We assist with estimating the financial impact and likelihood of expected losses from risks to be covered by a project. We rank the best available risk mitigation strategies (or alternative sets of controls) by their ability to reduce the impact and likelihood of loss. We estimate the capital costs, levels of effort and other costs of each element of your strategy. And we analyze the costs and benefits of the strategies against a set of scenario-based assumptions to recommend and drill deeper into the optimal approach.