Interactive tools
Interactive tools.
Four tools built from the numbers we see inside real engagements. Run them in your browser (nothing leaves your device unless you request the emailed report on the security scan). Use them to sanity-check a vendor quote, a readiness claim, a scoping decision, or your own external security posture before you commit budget.
Calculator
MSSP TCO Calculator
Build vs. buy for security operations. 3-year TCO comparing in-house SOC against managed MDR with analyst loaded cost, tooling, training, and turnover math most spreadsheets skip.
Assessment
CMMC Level 2 Readiness Quiz
Twenty-question self-assessment across the 14 NIST SP 800-171 control families. Produces a score, a gap list, and a next-step recommendation tied to where you land.
Analyzer
PCI Scope Reduction Analyzer
Map your payment architecture to the scope reduction techniques that actually move the needle: tokenization, P2PE, iframe redirection, segmentation, outsourced processing.
Scanner
Free Security Scan
Enter your domain and we run a 60-second external audit: registrar, DNSSEC, SPF/DKIM/DMARC, BIMI, MTA-STS, subdomains, TLS, security headers, cookie flags, and IP reputation. Full report lands in your inbox.
Why we publish these
Most vendor calculators are marketing dressed as math. The numbers are set to make the vendor look cheaper, the assumptions are hidden two layers deep, and the output is a PDF that lands in procurement with no audit trail. That is not useful. The tools on this page run entirely in your browser, show their work, and use default cost ranges drawn from engagements we actually priced and delivered. You can change every input. Nothing is sent to us unless you decide to start a conversation about the output.
The other reason these exist is that we get asked the same three questions every week (in-house SOC vs. MDR, CMMC readiness, PCI scope). Writing the answer once in a tool that anyone can run is more honest than charging a retainer to answer it again in a slide deck.
How to use the output
Treat every number as directional. A TCO calculator cannot see your specific contract terms, your specific ramp curve, or the political cost of a failed in-house build. A readiness quiz cannot substitute for a gap assessment against documented evidence. A scope analyzer cannot replace a QSA review of your actual network diagram. What these tools do is get you to a shared starting point with whoever signs the check, so the next conversation is about the gap between the estimate and reality rather than starting from scratch.
If you want to pressure-test the output against your environment, the button at the bottom of every tool routes to a 30-minute working session with one of our engineers. No deck, no discovery call template (the tool output is the discovery).
What the tools do not do
None of these produce a procurement-grade number on their own. The TCO model does not price in-kind contributions (office space, shared IT overhead, benefits load variance by geography). The CMMC quiz does not produce an SSP or POA&M. The PCI analyzer does not substitute for a QSA ROC or a SAQ-D self-assessment. They are decision aids for the first conversation, not the last one. If a vendor hands you a single-page calculator output and tells you the procurement decision is done, that is the signal to ask a harder question.