Playbook
Ransomware readiness in 10 questions
A focused checklist for IT and security leaders to test their organization against the controls and decisions that actually matter on day zero.
Coming soon
Resources & blog
Field notes from practitioners.
Short, practical writing from the CyberWolfe team, focused on the decisions IT, security, and business leaders actually have to make.
Featured
The CyberWolfe Security Maturity Checklist
A 15-minute self-assessment covering identity, endpoint, cloud, response, and governance. Score your organization, see your top three gaps, and book a follow-up with a practitioner at no cost.
Free scan
External Attack Surface Snapshot
A no-cost outside-in scan of your internet-facing surface, with a one-page summary of exposures we recommend you fix this quarter.
Request a scanLatest writing
Microsoft 365
A defensible Conditional Access baseline
What we deploy on every Microsoft 365 tenant before any other change, and why each policy earns its place.
Coming soon
Incident Response
What to do in the first hour of an incident
The handful of actions and non-actions that disproportionately determine cost, recovery time, and legal exposure.
Coming soon
Offensive
Penetration testing vs. vulnerability scanning
Why they are different work, when each one is the right answer, and how to avoid paying for the wrong one.
Coming soon
Compliance
Getting SOC 2 ready without the theatre
How to build controls that pass an audit and reduce real risk, without burning the engineering team out.
Coming soon
Cloud
The five IAM pitfalls we keep finding in AWS
Recurring IAM misconfigurations we see across cloud assessments, and the smallest changes that fix them.
Coming soon
More writing in the pipeline, including playbooks on Active Directory hardening, Kubernetes admission control, and detection engineering. Subscribe via the contact form to be notified.
Get the newsletter
A monthly note from the CyberWolfe team.
One short email per month with the most useful thing we learned from real client work. No vendor spam.