Assess
Review processes, tooling, telemetry, governance, evidence, and operating model.
Strategic Services
Assessment-led cyber strategy for teams turning risk into action.
Threat Foundry strategic services help security leaders understand current maturity, prioritize investment, and build practical roadmaps across threat hunting, SOC operations, detection engineering, AI security, compliance, and OT/ICS resilience.
OperateThreat hunting, SOC maturity, detection engineering, metrics, and analyst workflows.
GovernNIST CSF, CIS Controls, CMMC, NIST 800-171, and risk-driven program planning.
ModernizeAI security readiness, model risk, data governance, secure development, and monitoring.
ProtectOT/ICS architecture, segmentation, monitoring, IEC 62443 gaps, and resilience planning.
Engagement Approach
From maturity signal to funded roadmap.
Each assessment is built to answer three questions: where are we now, what matters most, and what should we do next. The output is practical enough for technical teams and clear enough for executives, audit committees, and program sponsors.
Score
Benchmark maturity and map current state against the chosen framework or domain.
Prioritize
Separate quick wins, risk drivers, control gaps, and roadmap investments.
Enable
Deliver executive reporting, technical recommendations, and follow-on planning.
Assessment Catalog
Strategic services for cyber program improvement.
Choose a focused assessment or combine related services into a broader cyber program review.
01Operations
Threat Hunting Maturity Assessment
Evaluate the ability to proactively identify, investigate, and mitigate threats before they become incidents. Reviews hunting processes, data sources, workflows, ATT&CK coverage, hypothesis development, execution, and outcome measurement.
Deliverables
- Threat Hunting Maturity Scorecard
- ATT&CK Coverage Analysis
- Telemetry Gap Assessment
- Hunt Program Roadmap
- Executive Summary & Recommendations
02Operations
SOC Maturity Assessment
Assess people, process, technology, incident response, detection coverage, intelligence integration, automation, metrics, and governance against operating best practices.
Deliverables
- SOC Maturity Scorecard
- Current vs. Target State Analysis
- Operational Gap Assessment
- Strategic Improvement Roadmap
- Executive Briefing
03Detection
Detection Engineering Assessment
Measure how effectively the organization develops, validates, deploys, and maintains security detections across SIEM, EDR, Sigma, YARA, ATT&CK mapping, testing, false positives, and detection-as-code practices.
Deliverables
- Detection Coverage Analysis
- ATT&CK Technique Mapping
- Sigma and YARA Content Review
- False Positive Reduction Recommendations
- Detection Engineering Roadmap
04AI Security
AI Security Readiness Assessment
Evaluate readiness to securely adopt, govern, and operationalize AI, including governance, data security, model risk, third-party AI, secure development, compliance, and monitoring controls.
Deliverables
- AI Security Readiness Scorecard
- Governance & Risk Assessment
- AI Threat Exposure Analysis
- Compliance & Policy Review
- AI Adoption Roadmap
05Framework
NIST CSF 2.0 Assessment
Measure cybersecurity capabilities against NIST CSF 2.0 across governance, risk management, asset visibility, protection, detection, incident response, and recovery planning.
Deliverables
- NIST CSF Maturity Assessment
- Gap Analysis
- Risk Register
- Remediation Roadmap
- Executive Report
06Framework
CIS Controls v8 Assessment
Evaluate implementation and effectiveness of the CIS Critical Security Controls to identify practical, prioritized investments that reduce risk.
Deliverables
- CIS Controls Scorecard
- Control Implementation Review
- Prioritized Risk Findings
- Remediation Roadmap
- Executive Summary
07Compliance
CMMC 2.0 Readiness Assessment
Determine readiness for CMMC requirements by reviewing practices, evidence, documentation, policies, and operations needed to protect CUI and support certification objectives.
Deliverables
- CMMC Readiness Report
- Practice-Level Gap Analysis
- Evidence Requirements Review
- POA&M Development Support
- Certification Roadmap
08Compliance
NIST 800-171 Gap Assessment
Assess compliance with NIST SP 800-171 requirements for protecting CUI, including security controls, documentation, and operational processes.
Deliverables
- NIST 800-171 Assessment Report
- Requirement-by-Requirement Analysis
- SSP Review
- POA&M Recommendations
- Compliance Roadmap
09OT/ICS
OT/ICS Security Assessment (IEC 62443)
Evaluate OT and ICS security posture using IEC 62443 and industry practices across architecture, asset visibility, segmentation, remote access, vulnerability management, monitoring, and response.
Deliverables
- OT Security Assessment Report
- Network Architecture Review
- IEC 62443 Gap Analysis
- Risk Prioritization Matrix
- OT Security Improvement Roadmap
10Baseline
CISA Cybersecurity Performance Goals Assessment
Measure capabilities against CISA CPGs, focusing on a prioritized foundation of controls that reduce risk and improve cyber resilience.
Deliverables
- CPG Scorecard
- Gap Assessment
- Priority Risk Findings
- Quick-Win Recommendations
- Strategic Improvement Plan
Program Bundles
Combine assessments into a practical transformation path.
Strategic Briefing
Turn assessment findings into an executable cyber roadmap.
Bring the current challenge: detection gaps, SOC maturity, compliance readiness, AI governance, or OT risk. We will help map the right assessment path.