Security360 Assessment
Get a truly independent and 360-degree assessment of your information security.
No Conflicts
No Juniors
No Surprises
Your Situation
You’re being asked more frequent and detailed questions about your security, and you’re not quite sure your answers are good enough. You need to reassure your clients, prospects, regulators, or board members that you have appropriate security in place.
Seeking reassurance from those who manage your security is like asking someone to mark their own homework.
To get real reassurance, you need an independent view on what ‘appropriate security’ means for your organisation and how you can achieve it.
Your Challenge
Effective security is not just about technology.
It’s about so much more – policies, ways of working, governance structure, risk management, and the not-so-small matter of regulatory compliance.
That’s why an effective security assessment needs to consider more than just your technology.
And that’s why you should leverage my 25+ years of technical, regulatory compliance, and risk management experience.
Security360 Assessment
You don’t need more ‘tech’.
You need more clarity.
You need more clarity.
Who this is for
- CEOs / Boards who want confidence that security spend targets the real risks.
- IT & Security leaders asked for “a technical review” who know the issues are broader than tech.
- Organisations needing pragmatic guidance on how to align to industry best practice - e.g. ISO 27001; CyberFundamentals (CyFun).
What is it?
The Security360 Assessment is a high-level, interview-driven assessment of your current security measures.
The approach engages key stakeholders and provides strategic recommendations to align with best practices and regulatory expectations.
It ensures that security is assessed holistically, incorporating perspectives from staff, senior management, and the board.
By going beyond just the technicology, this approach helps organisations build a sustainable, business-aligned security strategy that reduces risk exposure, meets stakeholder expectations, and safeguards the organisation’s reputation.
By engaging all levels of leadership, it provides the clarity and alignment necessary to make informed, strategic decisions about cybersecurity.
This proven approach:
- Identifies quick wins – Painless actions that can be taken immediately to move closer to regulatory expectations and/or to reduce a clear security risk.
- Identifies areas for further assessment – Based on the findings of this high level review, you may choose to dig further into specific areas of concern, so blindspots are removed.
- Provides insights - To enable a pragmatic security strategy to be developed for the organisation, which is tailored to the organisation’s specific situation and needs, and which is supported at all levels, from operational teams to senior management and the board.
Why start here?
(rather than with a technical assessment)
Most incidents arise due to weaknesses in non-technical security: e.g. financial controls, weak processes, supplier oversight, unclear accountability, and staff awareness — areas a firewall tune-up can’t fix. Security360 establishes what “good enough” looks like for your organisation, rather than just focusing on the technology.
Financial controls
Reduce invoice/funds redirection risk with clear checks & approvals.
People & culture
Cut social-engineering success through practical, role-specific awareness.
Suppliers & oversight
Assure third parties with proportionate onboarding and monitoring.
What you get
The Security360 Assessment usually takes about 3 – 4 weeks, and involves the following phases:
1) One-to-one leadership interviews
I meet each senior leader (including the CEO) to capture priorities, risk appetite, and pain points. No techie speak involved.
2) A complete 360-degree view
Governance, roles & responsibilities, policies, supplier/third-party risk, people training & culture, financial-fraud controls, continuity & incident readiness, and risk management. All tailored to your capabilities and constraints.
3) Leadership workshop
Here we review findings together, agree a realistic target state, and prioritise next steps that fit capacity and client / regulatory expectations.
4) Board-ready pack
Clear current-state summary, agreed target state, and a pragmatic roadmap.
Why this works
- Independence: You don't get an upsell as I don't sell tech or MSP services. You get truly independent view.
- Experience: You don't get juniors. You get me and my 25+ years across regulated FS, SaaS, and MSPs.
- Pragmatism: You don't get theory. You get right-sized controls that your people can sustain.
Sam brought real clarity to our current situation and the steps required to get to where we want to be. His pragmatism was also very refreshing. Too many IT / Cyber Consultants that I have encountered just push the party line and do not consider the audience or organisational situation that they are dealing with. It is great that Sam was always on our wavelength in terms of identifying what is practical/possible, given the size and capability of our organisation and the needs of our clients.
Rebecca McGee, Head of IT, LIA
Typical flow
- Kick-off & light document request
- Exec & function-lead interviews
- Security analysis & draft findings
- Leadership workshop (collaborative prioritisation)
- Final pack: Describing where you are, where you need to be, and a high-level roadmap to get there.
Outcomes you can expect
Leadership alignment
Agreement on “reasonable security” for your context.
Real risk reduction
Lower likelihood / impact from the most common attacks and breaches.
Clear Roadmap
Actions that you can deliver and sustain.
Time & investment
Most mid-size organisations: 3–4 weeks elapsed from start to workshop.
No one likes surprises, so I will provide a clear fixed fee after a short scoping call. As a ballpark, the fee for a smaller organisation could be in the region of about €4,000 + VAT.
After the Security360
Depending on the outcome of the Security360 Assessment, you may need further assistance - For example:
- Targeted technical assessments (but only where justified).
- Strategy & operating model design so responsibilities are crystal clear.
- Implementation guidance and support
- Retained security / vCISO support.
I can help with all of these areas. But right now, you should focus on getting an independent assessment of your current security.
What clients say
“We knew we had blind spots, but could never get a handle on this. The Security360 gave us the clarity and roadmap that we needed.” - COO, Life & Pensions Provider
“You made what could have been a painful process very easy. And enjoyable... Almost!" - CEO, IT SaaS
FAQs
Is this an ISO 27001 audit?
No — it’s an ISO-informed, business-first review to define the right target state and priorities for you.
It will ensure that any money you spend on audits or technology in the future will be worth the investment.
How long does this take and how much does it cost?
For most mid-size organisations: 3–4 weeks elapsed from start to workshop.
In terms of costs, no one likes surprises. So, I will provide a clear fixed fee after a short scoping call. As a ballpark, the fee for a smaller organisation could be in the region of about €4,000 + VAT.
Will you replace our IT provider?
No. I stay independent and work with your internal and external teams.
However, if I think your current IT provider isn't up to the job, I will be quick to let you know and I can help you find a better alternative.
Ready to get started?
Book a free, no-obligation consultation. It’s a practical chat to see if this is the right first step for you.
Book a Free Consultation