The Advisory Services team will conduct lightweight risk assessments that covers all 23 categories of the NIST Cybersecurity Framework. This will be accomplished primarily through interviews, as well as document review. The objective is to develop a baseline understanding of the organization’s cybersecurity strategy and implementation, including the people, processes, and technology stack.
By analyzing technology and internal personnel, we can discover blind spots in the organization that could lead to a significant compromise. Our team examines the day-to-day function of cyber within the organization, which leads to critical recommendations by exposing vulnerabilities in software, people, and processes.
Through gap analysis, we help businesses examine their current security posture and compare it to the security posture of competitors in the same industry. A gap analysis can be useful when companies aren’t using their resources, security tools, or technologies to maximize their full potential. By defining the gap, the company’s management team can create a roadmap to move the company forward and fill in the gaps their overall cybersecurity posture.
Tabletop exercises are active, situational-based sessions designed to test how various individuals and teams would respond to a cybersecurity incident in their environment. All tabletops led by our Advisory Services team are based on the most current tactics, techniques, and procedures employed by threat actors, as well as perceived gaps in your current incident response plan. Following the exercise, we identify key findings, opportunities for improvement, and remediation steps to strengthen your ongoing security posture.
Tabletops will help your organization determine maturity in responding to a breach. We take real world threats and apply them to your current exercises to help ensure no single points of failure. Our final deliverable will be a document capturing findings, recommendations, lessons learned, and any other feedback from the engagement. It typically includes specific recommendations to enhance the plan’s effectiveness and usability with respect to preparation, detection, containment, eradication, and recovery related to security incidents. We would also address the roles and responsibilities of stakeholders, escalation and communication processes, threat-specific playbooks, and other critical functions of the incident response process. Finally, test procedures will be suggested to keep the plan current and useable over time. SpearTip offers three types of tabletop exercises.
Our team walks your executive team through a simulated cybersecurity incident to help prepare an effective response to an event.
Our team walks your technical team through a simulated cybersecurity incident to help prepare an effective response to an event.
SpearTip collects key information related to the engagement.
SpearTip reviews the information collected during discovery to develop interview questions and request additional documentation.
SpearTip meets with key individuals inside the organization. Interviews allow SpearTip to both collect new information and validate information already collected.
SpearTip analyzes collected documents, data, interview results, and all other information and begins to formulate findings and opinions.
SpearTip clarifies received information and analysis to prepare for the final preparation of the deliverables.
Finalized deliverables are presented to and reviewed with the client.
The client provides feedback and ask questions about the deliverables and findings of the engagement.
©2025 SpearTip, LLC. All rights reserved.
Please fill out our Information form
and SpearTip will contact you shortly.