πŸ‡¨πŸ‡¦VancouverπŸ‡¨πŸ‡¦TorontoπŸ‡ΊπŸ‡ΈMiamiπŸ‡ΊπŸ‡ΈOrlandoπŸ‡ΊπŸ‡ΈLos Angeles
1-855-KOO-TECH
KootechnikelKootechnikel
Search⌘KFree Health Check
Insights Β· Field notes from the SOC
Plain-language briefings from the people watching the alerts.
Weekly Β· No spam
Read4
Field GuideNewEngineer-written playbooks.β†’Blog & Field NotesWeekly threat briefings.β†’WhitepapersDeep dives on Secure AI, Zero Trust.β†’Case StudiesReal clients, real numbers.β†’
Watch & listen3
WebinarsMonthly Β· live Q&A with the team.β†’PodcastNew"Stronger.Smarter" Β· biweekly.β†’Quick Clips90-second how-tos on YouTube.β†’
Use3
Free Vulnerability Scan30-sec domain + email check.β†’Compliance ChecklistsSOC 2, HIPAA, PCI printable.β†’ROI CalculatorEstimate cost-of-incident savings.β†’
New series
Field Guide
Engineer-written playbooks for the problems 30-100 person companies actually hit.
MFA rollouts, SOC 2 timelines, M365 backup, HIPAA/PHIPA, CIS Controls, AI governance β€” specific, narrow, practical.
Open the Field Guide
Subscribe to weekly β†’All resources β†’
NO SPAM Β· UNSUBSCRIBE IN ONE CLICK
12 Questions Β· CIS Controls v8 Β· 3 Minutes

Score your security posture honestly.

Twelve questions grounded in the CIS Controls v8 implementation groups β€” the controls Verizon's DBIR consistently ranks as highest-impact. Real scoring. Per-control gap chart. Top remediation priorities. Engineer-reviewed 90-day roadmap on submit.

No fabricated benchmarks. No β€œcongratulations, you scored 87” before you click anything. Every point in your score is traceable to an answer you gave.

Question 1 of 120 answered
CIS-6 Access Control Management

How widely is MFA enforced for your team?

Multi-factor on every email, identity, and admin account is the single highest-impact control.

How this assessment works

Step 1

Answer 12 questions

Each question maps to a CIS Controls v8 family. Pick the option that most honestly describes your current state.

Step 2

See your tier + gaps

Tier verdict (STRONG / MODERATE / WEAK / CRITICAL), per-control gap chart, and the top 5 gaps to address first. All scoring transparent from your answers.

Step 3

Get the remediation roadmap

Submit your result for an engineer-reviewed 90-day remediation roadmap. PDF inside two business days. No marketing follow-up.

Adjacent reads

IT Risk Calculator (broader) β†’Real website security scan β†’Microsoft 365 security architecture β†’Managed SOC service β†’Talk to an engineer β†’