How we work
How engagements work
GTSP engagements are structured to be safe, measurable and executiveâready.
You get clear scope, agreed rules of engagement, evidence-driven findings and a remediation plan you can action immediately.
1) Scoping
- Confirm target type (web / API / internal / AD / OT / AI), environments, and constraints.
- Define rules of engagement: time windows, safety limits, contact points and escalation.
- Agree deliverables: executive summary, technical annex, evidence packs, and optional retest.
2) Execution
- Threat modelling and test plan aligned to relevant standards (OWASP, MITRE, CIS, NIST AI RMF).
- Manual testing with targeted tooling validation (no âscan-and-dumpâ).
- Evidence collection and severity ranking by impact and likelihood.
3) Reporting
- Executive summary: what matters, business impact, and decisions required.
- Technical report: reproduction steps, affected components, and remediation guidance.
- Remediation roadmap: quick wins, strategic fixes, and recommended control uplift.
4) Retest
- Validate fixes for agreed findings and confirm residual risk.
- Update the report with verification notes and closure status.
Engagement options
- Onceâoff assessments (from a few days)
- Retainers (monthly cadence with burnâdown reporting)
- Programmes (security uplift, governance, and maturity improvement)
What we need from you
- Primary technical contact and escalation path
- Access method (where applicable) and test window
- Asset inventory / endpoints / relevant documentation
Ready to scope an engagement?
Send a short description of your environment and desired outcomes.
Request a Quote
