Service

GAP analysis & roadmap

The best first step for most clients. In 2–4 weeks you get a document you can make decisions with: what to handle now, what can wait, what isn't your problem.

What you get

  • Map of current state across ten key areas (asset management, identity, network, endpoint, monitoring, incident response, backup/BCM, awareness, supply chain, governance).
  • Prioritized list of gaps with impact and effort estimate for each.
  • Roadmap broken into phases with realistic timelines.
  • Cost framework for each activity so you can plan the budget.

How it works

  1. Kickoff call (30–60 min) — align on scope and expectations.
  2. Workshops with your people (typically 2–4 sessions).
  3. Technical review — configurations, documentation, possibly sample scanning.
  4. Document and presentation of findings to leadership.

Within your means

A standard GAP analysis takes 2–4 weeks. For smaller firms or specific scopes (NIS2 only, M365 only, web app only) we can do a mini GAP in 5–8 person-days. Ask — we’ll likely fit.

Who it makes sense for

  • IT manager at an SMB who needs a case to make to leadership.
  • Owner without an IT team who doesn’t want to buy a pig in a poke.
  • Compliance officer who needs technical validation of current state.
  • Before audits, before insurance, before company sale — anywhere your security will be assessed.

Ask about GAP analysis View other services