85% of Philippine organizations were breached last year. Most didn't know where the gaps were.
Source: BlueVoyant 2025 Supply Chain Risk Survey
Tools alone don't protect your business. In 10 business days, we assess the 25 security fundamentals that matter most: who owns them, are they're enforced, and where the gaps are. No technical jargon. No tool sales. Just a clear, prioritized action plan.
Know Your Gaps- 10 Business Days
- Built on NIST Cybersecurity Framework 2.0
What You Get
See Exactly Where You Stand
25 critical security controls assessed against your actual operations. Each one scored as Present, Partial, or Absent, with evidence, not assumptions. Weighted by what matters most for your industry and size.
Know What to Fix First
Your top 10 priority gaps, ranked by impact. Each one comes with specific remediation guidance . Not "buy this tool," but "assign this owner, create this policy, verify on this schedule."
Built for Decision-Makers
Every deliverable is written in plain English for leadership. A 2-page executive summary, a prioritized action list, and a clear picture of your security posture, ready to share with clients, investors, or your board.
Want the full sample package? Get in touch.
Our Approach: Security Fundamentals First
Most security assessments check whether you have the right tools. We check whether anyone actually owns the outcomes those tools are supposed to deliver.
The difference matters.
You can have world-class backup software, but if no one verifies that backups actually run, no one tests restores, and no one knows what to do when a restore fails, you're not protected. You just think you are.
We assess security ownership: who is responsible for each critical security outcome, how that responsibility is enforced, and what happens when it breaks down.
Security fundamentals first. Automation second. Tools third.
Built on NIST CSF 2.0
Our methodology is built on the NIST Cybersecurity Framework 2.0, the most widely recognized security standard, used by organizations worldwide. It's outcome-based, vendor-neutral, and understood by investors, clients, and regulators.
We've distilled it into 25 controls that matter most for growing businesses based on a focused methodology we call CSFLite. No compliance checklists. No unnecessary complexity. Just the security fundamentals that protect your operations.
Complete Security Coverage Assessment
Coverage Assessment
Present/Partial/Absent scoring across 25 security controls, with evidence notes
Gap Analysis
Weighted gap scores showing exactly where your security coverage falls short
Priority Ranking
Your 10 highest-priority gaps, ranked by business impact
Coverage Heatmap
Visual snapshot of your security posture across five core areas: Identify, Protect, Detect, Respond, Recover
Executive Summary
2-page summary written for leadership — ready to share with clients, investors, or your board
Action Roadmap
Prioritized remediation steps with clear timelines: immediate, 30-day, and 90-day actions
See What You'll Receive
Coverage Heatmap by CSF Function
Executive Summary - Page 1
Gap Analysis & Priority Ranking
All client data anonymized.
Is This Right for Your Organization?
This assessment is designed for growing companies, typically 20 to 200 employees, that need clarity on their security posture. If you're facing security questionnaires from clients, compliance pressure from regulators, or simply need to understand where your security stands before your next growth stage, this is built for you.
This is a security fundamentals assessment, a structured review of your security ownership, policies, and controls through stakeholder interviews and documentation review. It identifies which of the 25 most critical security controls you have in place, which ones are missing, and what to do about it.
It is not a vulnerability scan, penetration test, or automated tool report. If you need those services, we can recommend trusted partners.
Simple 10-Day Process
Days 0-2: Understanding Your Organization
We learn how your business operates, what data you handle, and what compliance requirements you face. This ensures our assessment reflects your actual priorities, not generic benchmarks.
Days 3-4: Analysis
Control assessment, gap scoring, priority ranking
Days 5-6: Documentation
Executive summary, action roadmap drafting
Days 7-9: Delivery
We walk you through the findings, answer your questions, and refine the deliverables based on your feedback.
Day 10: Close
You receive your complete deliverables package, plus a 30-minute session to plan your first remediation steps.
Why LeanSecurity
20+ years of building and operating the systems we assess. Unlike traditional security auditors, our assessments are grounded in hands-on experience leading engineering teams, managing cloud infrastructure, and delivering technology across financial institutions, startups, and international organizations.
Focused exclusively on security fundamentals. No tool sales. No managed services. One service, delivered well.
Built for organizations that need clarity on their security posture. We translate complex security frameworks into clear, actionable language that leadership can act on and not shelf.
Investment
Starting at ₱50,000
- 50% upfront, 50% on delivery
- Final price based on company size and documentation maturity
- All deliverables included: coverage assessment, gap analysis, priority ranking, heatmap, executive summary, and action roadmap
- Delivery presentation and Q&A session included
- 30-day follow-up check-in included at no additional cost
Most assessments for companies under 100 employees fall in the ₱50,000–75,000 range.
Start Your Assessment
No commitment required. We'll schedule a 30-minute call to determine if this assessment is right for your organization.
Or email directly: erik@leansecurity.pro