How It Works
Getting a security review doesn't have to mean a lengthy engagement, a confusing proposal, or a stack of jargon-filled documents. Here's exactly what working with us looks like.
Fill out the short form on our Contact page. We'll ask for the basics: your business type, size, the tools and services you primarily use, and any specific concerns you're already aware of. No lengthy questionnaires. No calls required before we start.
We'll confirm receipt and scope within one business day. At that point, you'll know exactly what we'll be reviewing and what to expect.
What we ask for
Business type, employee count, primary tools (M365 or Google Workspace), website URL, and any known concerns
What you don't need
No discovery call required. No NDA before intake. No lengthy procurement process.
If it would be helpful, we'll schedule a 60-minute call to gather context that tools can't give us. We'll ask about how your team uses technology day to day, recent changes or incidents, and anything specific you're worried about.
This call is optional — many clients prefer to skip it and let the report speak for itself. Either approach works.
Topics covered
Day-to-day tech use, admin access, offboarding practices, backup status, and cyber insurance if applicable
Format
60 minutes via video or phone. You don't need to prepare anything — just talk through how your business operates.
We use professional-grade tools and your intake answers to work through all six areas: external exposure, email and domain security, website posture, account hygiene, device practices, and backup readiness.
Where we need read-only access to your Microsoft 365 or Google Workspace, we'll send specific access instructions in advance. We make no changes to your environment — ever.
Tools we use
Professional external scan tools, DNS/email analysis, and read-only admin access where applicable — nothing invasive
Our commitment
Read-only access only. We document everything we review and make zero changes to your systems or configuration.
We deliver a plain-English summary of everything we found: what's working, what isn't, and what matters most. Findings are prioritized by urgency — High, Medium, and Low — so you know exactly where to start without feeling overwhelmed.
The report is yours to keep. Share it with your IT person, your insurance provider, or your attorney. It's designed to be readable by someone without a security background.
Report format
PDF — readable, non-technical, with an executive summary and a prioritized action list at the front
Turnaround
Delivered within 5 business days of completing the intake. Complex environments may take slightly longer — we'll tell you upfront.
If you'd like to talk through the report together, we'll schedule a 30–45 minute call. We'll walk through every finding, answer your questions, and help you turn the action plan into concrete next steps you can actually execute.
This call is included in the Snapshot price — there's no extra charge. Many clients find it the most valuable part of the engagement.
What we cover
Each finding in plain language, prioritized next steps, and honest answers to any questions the report raised
No upsell
We don't pitch additional services on this call. It's a genuine conversation about your report and what to do next.
Common Questions
For the external portions of the review, no — we work with publicly available information and professional scanning tools. If you use Microsoft 365 or Google Workspace, we'll request read-only access to check your security configuration. We document exactly what we access and make zero changes.
A penetration test actively attempts to exploit vulnerabilities — it's an adversarial simulation. The Security Snapshot is a review and assessment. We're not trying to hack you; we're checking whether your current setup has obvious, fixable gaps. For most small businesses, a Snapshot is the right first step — a pen test only makes sense after you've addressed the basics.
We can still complete most of the Snapshot. The external exposure, email security, website, and backup portions don't require admin access to your email platform. We'll note in the report what we were and weren't able to assess, so you have a complete picture of the review's scope.
Yes. Every finding includes a plain-English explanation of what it is, why it matters, and what to do about it. High-priority findings come with specific, actionable next steps — not generic advice. The goal is a report you can hand to your IT person (or follow yourself) and actually make progress on.
The Snapshot is a standalone engagement — there's no ongoing contract or subscription required. If you want to track progress or do a follow-up review after making changes, we offer a Quarterly Check-In service (coming soon). The walkthrough call is the natural next step included in every Snapshot.
Yes. Everything you share with us — your intake answers, system access, and report findings — is strictly confidential and used solely to conduct your review. We do not share, sell, or publish client information. A scope and exclusions letter is provided before work begins.