Former Mandiant Incident Responder Developed Faster, Better and Cheaper Method for Risk Assessments

If you would like an honest and trustworthy assessment of your security practices, but you don't see the value in spending $100,000 or more to get it, then this page will show you how.

Earlier in my career, for several years I ran expensive assessments...

Now, I'm not saying it happened all the time, but every once in a while we would be hired by a client that clearly blew their entire budget on our high-priced assessments. We would spend days sitting around their conference table asking questions. It would be several consultants outnumbering those representing the client. And that was the first red flag that this assessment wasn't a good fit for  the client. Later, during the discussions we would discuss the client's budget numbers. Their technology budget for both operations and capital expenses and their security spend. And then we had the confirmation. The assessment we were running made up the majority of their security budget. WOW

So what budget did that leave them on the backend for addressing any of the gaps we found? Nada. Zip. But the whole purpose of running a security assessment to identify gaps so you can fix them!

The Groman Cyber assessment philosophy is different. We built a quicker process so we can charge a fixed low fee.

This is by design:
It helps our clients start addressing gaps right away and immediately reduce their cyber risk.

This is what you get with our security assessment:

  • Save time and travel expenses with our unique online questionnaire
  • Entire process can be completed remotely (perfect for the COVID-19 era)
  • Our proprietary assessment aligns with the NIST CSF
  • Assessment report will satisfy your auditors
  • Nothing invasive – no penetration tests or equipment to install in your environment
  • We can work with your legal team to perform an assessment under the cloak of legal privilege
  • Money left over to address any gaps we identify
  • A team that wants yo partner with your business to help you get the most value and effect from your security spend¬†

However, this assessment isn't right for everyone.

And even with the low cost, it may not be the right fit for your company. We work best with companies that are interested in addressing the gaps that we identify during the assessment. While that may seem obvious, we have found there are many companies that just want an assessment and aren't interested in learning and fixing issues.

If your interested in engaging us for a security assessment, the first step is scheduling an initial meeting:
Groman Cyber Online Calendar

P.S. We schedule assessments to kickoff the first week of the month. If you have a specific timeline to complete your assessment, it is best to get it on our calendar at least 120 days before your assessment report is due.