Field notes from practitioners.
Short, practical writing from the CyberWolfe team, focused on the decisions IT, security, and business leaders actually have to make.
The CyberWolfe Security Maturity Checklist
A 15-minute self-assessment covering identity, endpoint, cloud, response, and governance. Score your organization, see your top three gaps, and book a follow-up with a practitioner at no cost.
Free scan
External Attack Surface Snapshot
A no-cost outside-in scan of your internet-facing surface, with a one-page summary of exposures we recommend you fix this quarter.
Request a scanLatest writing
Ransomware readiness in 10 questions
Ten questions that separate organizations that recover from ransomware in days from the ones that take months. Answer them honestly before you have to.
A defensible Conditional Access baseline
The Conditional Access policies we deploy on a Microsoft 365 tenant before anything else, and the reasoning behind each one.
What to do in the first hour of an incident
The decisions you make in the first sixty minutes shape what recovery costs and how long it takes. A practical guide for the people who get the call.
Penetration testing vs. vulnerability scanning
They get sold as the same thing. They are not. Here is how to tell which one you actually need, and how to avoid paying for the wrong one.
Getting SOC 2 ready without the theatre
Most SOC 2 projects produce a clean report and very little real security. Here is how to come out the other side actually safer, not just audited.
The five IAM pitfalls we keep finding in AWS
The same identity and access mistakes show up in almost every AWS environment we assess. Here are the five worst, with the smallest fixes that close them.
A monthly note from the CyberWolfe team.
One short email per month with the most useful thing we learned from real client work. No vendor spam.