GOOSEFRAME
Would your security basics actually hold during an incident?
Gooseframe gives small technical teams a clear, plain-English picture of where they stand — and exactly what to fix first. No pentest. No audit. No jargon.
The basics decide whether an incident is a bad afternoon or a bad quarter
Most small teams have security controls that are mostly there but unevenly enforced — and no one owns it full-time. That gap is exactly what turns a routine event into an expensive one.
Know where you stand
A readiness scorecard across identity, access, logging, backups, and incident response — rated honestly, in plain English your board and insurer can read.
Know what to fix first
Prioritized findings and a 30/60/90-day roadmap. Most fixes cost nothing but a decision and an afternoon.
Be ready for Day Zero
A break-glass packet and an IR handoff sheet you could hand a response firm on the worst day — so help can actually start working in the first hour.
Choose your depth
Every tier produces an executive-ready report and a prioritized action plan. They differ in how many domains are assessed and how much live, hands-on time is included.
- 3 core domains: identity/MFA, backups, IR process
- 1 leadership interview
- Executive summary + Fix-First findings
- Break-glass packet
- Async delivery · ~1 week
- All 8 domains + maturity scorecard
- Up to 2 interviews
- Full findings + 30/60/90 roadmap
- IR handoff sheet (Day Zero)
- Live findings readout call
- Everything in Standard
- Extended, multi-team interviews
- 60-minute live working session
- Written IR scenario walkthrough
- 30-day follow-up check
Day Zero readiness
A signed IR retainer means someone answers the phone. Readiness means they can do real work the moment they do. In the first hours of an incident, responders need visibility first and authority second — every hour lost to logistics is an hour the attacker keeps moving.
Gooseframe assesses the things that actually decide response speed, and hands you the artifacts to close the gaps before you need them.
- Pre-provisioned, tested responder access — not a scramble mid-incident
- A 90-day logging floor, so the timeline isn't already gone
- A platform & access inventory you can hand an IR firm on hour one
- Decision authority and out-of-band comms, settled in advance
From call to clarity in 1–2 weeks
Kickoff
A short scoping call to confirm scope, contacts, and the read-only evidence we'll need.
Evidence & interviews
You share screenshots and settings; we interview your eng and ops leads. Nothing touches production.
Analysis
Findings are developed, scored, and prioritized into a realistic roadmap.
Report & readout
You get the report — and, on Standard and up, a live readout call to walk leadership through what to do next.
An operator, not a checklist vendor
Gooseframe is led by Joshua Geise, an incident responder who has spent the better part of a decade on the front lines of national cyber defense. He spent 5+ years in incident response at CISA — the U.S. Cybersecurity and Infrastructure Security Agency — working nation-state intrusions and critical-infrastructure breaches, and leading a response team during the SolarWinds incident, and now leads incident response at a global IR firm.
That means your review isn't a generic scan or a junior analyst with a template. It's the same judgment that's used on real, high-stakes incidents — translated into practical, plain-English steps a small team can actually act on.
Find out where you stand
A 20-minute call is enough to scope it. No pressure, no jargon.
Times don't work for you? Email josh@gooseframe.net and we'll find one.