Solutions::Methods
Clients need easily consumed advice; long reports are yet another burden on people who are too busy already. Our reports are typically eight to fifteen pages. They provide straight answers to the important questions and concrete prioritized recommendations. We challenge ourselves to produce findings that are concise, easy to understand, and straightforward to implement - and our clients appreciate it.
Our methodologies avoid the classic "audit" problems. The very name "Security Audit" sets the wrong tone for most security projects. Audits generally focus on finding and cataloging symptoms, not causes and are first and foremost about assessing blame. Also, inherent in that name is an adversarial relationship that undermines rather than supports problem resolution. All of our methodologies are structured to ensure that we work as a partner with our clients to make things better.