What it is
An executive assessment to understand real posture, gaps, owners, available evidence and a 30-60-90 roadmap with a 3-6-12 view.
Talsoft service
Initial GAP + 3-6-12 Cybersecurity Roadmap
An executive assessment to understand real posture, gaps, owners, available evidence and a 30-60-90 roadmap with a 3-6-12 view.
Problem
Before buying or testing, the company needs to know where it stands.
Initial GAP applies when there is customer, audit, cyber insurance, growth or false-maturity pressure, but no clear read of risks, controls and evidence.
It is unclear which controls exist and which are only assumed.
Evidence is scattered or incomplete.
There is no shared criteria for prioritizing gaps.
Leadership needs decisions without getting lost in technical noise.
Solution
An assessment that turns uncertainty into sequence.
Talsoft reviews context, controls, evidence and external pressure to deliver priorities, owners and an executable roadmap.
Posture and priority-gap map.
30-60-90 roadmap and 3-6-12 view.
Evidence required by customers, audits or insurance.
Recommended next stage: Full, VIP, PenTest or readiness.
In summary
Who it is for
SMBs, startups, SaaS and fintechs under customer, audit, cyber insurance, growth or evidence pressure.
Main deliverables
- Risk and gap map.
- Initial evidence inventory.
- 30-60-90 roadmap.
What it does not promise
It does not promise total security, certification, audit approval, insurance approval or absence of incidents.
Mini Assessment vs Initial GAP
Two levels of clarity, two different decisions.
The Mini Assessment orients the entry point. Initial GAP goes deeper with scope, evidence review, owners and an executable roadmap.
Mini Assessment
A first read to avoid over-scoping the next step.
- Free and low-friction.
- Uses short answers to detect pressure, signals and initial priority.
- Helps decide whether resource, Starter Kit, Initial GAP, PenTest, readiness or conversation makes sense.
- Does not replace a professional assessment or audit.
Initial GAP + Roadmap
Professional assessment to organize posture, gaps, evidence and execution.
- Requires context, scope and deeper review.
- Maps controls, gaps, owners, risks and available evidence.
- Delivers priorities, 30-60-90 roadmap and 3-6-12 view.
- Prepares the path toward implementation, VIP, PenTest or readiness.
Neither guarantees compliance, certification, audit approval, insurance approval or absence of incidents. The difference is depth, scope and decision type.
When to start with Initial GAP
Applies when
- Controls, missing evidence or accepted risk are unclear.
- External pressure exists, but there is no defensible roadmap.
- A 30-60-90 and 3-6-12 view is needed before implementation.
Does not apply when
- A validated roadmap already exists and only execution is missing.
- The requirement is strictly a PenTest with closed scope.
- The company is looking for guaranteed certification.
Trust reference
Rivkin Securities case: ISMS, evidence and sustained operations.
Talsoft supported Rivkin Securities in Australia through a six-month program to formalize its cybersecurity structure, including an ISO 27001-aligned ISMS, live risk register, incident response, centralized monitoring and external PenTest.
View Rivkin case- Named case with a public CTO testimonial from Rivkin Securities.
- Relevant for companies facing audit pressure, enterprise customers or international expansion.
- The focus was not promising certification: it was organizing posture, execution, measurement and evidence.
Published testimonials
Client experiences working with Talsoft
Short references on professionalism, communication and support in cybersecurity work. Every project depends on its scope, context and objectives.
"Leandro and the team did a great job enhancing and formalising our existing security structure. The engagement was well-organised, consistently documented, and delivered to a high standard."
"The action plan made the security audit useful and effective."
"The service is very detailed and the report is clear. Very good report."
"Excellent service, very professional, with fast and clear responses."
Testimonials are qualitative references. They do not imply guaranteed outcomes or replace a context-specific assessment.
Feedback patterns
What clients tend to value when working with Talsoft.
Client comments reinforce a core idea: the value is not only finding risks, but explaining priorities, being available and turning findings into concrete next steps.
Clear action plan
Feedback highlights audits and assessments that end with concrete workstreams and improvements to implement.
Fast communication
Comments repeatedly mention clear responses, fluid contact and easy coordination during the project.
Availability under pressure
Several comments value team involvement when there was operational pressure or an active security issue.
Understandable reports
Feedback references detailed and clear reports that help business and technical teams understand what to do next.
Talsoft publishes qualitative patterns and short testimonials. Logos, metrics, architectures and sensitive details are not published without explicit authorization.
Free entry point
Not sure whether you need a full GAP assessment? Start with the free mini assessment.
When booking, you complete a short questionnaire. Based on that input, Talsoft prepares a first read and a mini diagnostic report to orient the next step without over-scoping the decision.
- Short pre-booking questionnaire.
- Mini diagnostic report with signals and suggested next step.
- Initial orientation without promising an audit, certification or guaranteed compliance.
How it works
Step 1
We review context, external pressure, assets and available evidence.
Step 2
We identify gaps, risks and pending decisions.
Step 3
We deliver prioritized next steps connected to the roadmap.
Deliverables
Risk and gap map.
Initial evidence inventory.
30-60-90 roadmap.
3-6-12 month view.
Owners and priority criteria.
Recommended next step.
Benefits
Clearer decisions on what to do first.
Better conversations with customers and auditors.
Less dependence on isolated urgency.
More organized evidence.
Stronger alignment between business and IT.
A foundation for ongoing advisory support.
Business impact
The value is in the decision it enables.
An isolated cybersecurity service can produce a report. A maturity-connected service produces criteria, evidence and execution sequence.
Reduces ambiguity around priorities.
Exposes accepted or pending risks.
Prepares third-party conversations without improvisation.
Keeps progress moving after the deliverable.
Frequently asked questions
How is this different from the Mini Assessment?
The Mini Assessment orients. Initial GAP reviews controls, gaps, evidence and owners in more depth to build a roadmap.
Does GAP include implementation?
Not necessarily. GAP defines priorities and roadmap; implementation can continue as Full GAP + Implementation or VIP.
Does it guarantee compliance?
No. It prepares posture, gaps and evidence, but does not guarantee compliance, certification or external approval.
Validate the next step with clarity.
The first step is not buying another tool. It is understanding which risk exists, which evidence is missing and what decision should be made now.