Design Poise supports security as a program — strategy, risk, compliance, training, and vendor risk — with framework-aligned governance, documented runbooks, and senior practitioners doing the work that turns a tool stack into a managed security program.
Maturity assessment, multi-year roadmap, governance model, and RACI definition — aligned to a recognised framework (NIST CSF, ISO 27001, or CIS) and to the business, not just to the latest threat report.
Risk register, risk treatment plans, and risk reporting — built on NIST RMF, ISO 27005, or FAIR depending on what the organisation can actually operate, not what looks best in a deck.
Preparation and ongoing support for SOC 2, ISO 27001, HIPAA, PCI DSS, and similar audits — control mapping, evidence collection, gap remediation, and auditor liaison.
Role-based training programs, phishing simulations, and security-culture initiatives — measured by behavior change, not by completion percentages.
Third-party risk assessments, supply-chain risk reviews, and ongoing vendor monitoring — the work that turns a procurement form into an actual risk picture.
Four phases that take a security program engagement from current-state assessment through strategy and implementation to ongoing operations — with senior practitioners on the governance work and the program designed to run, not just to launch.
Current-state security program assessed against a chosen framework — controls, governance, risk processes, training, and vendor management mapped, with maturity scored and gaps registered.
Multi-year roadmap built with prioritised initiatives, RACI, governance cadence, and KPIs — tied to business priorities, not just to the gaps that scored lowest in the assessment.
Roadmap initiatives executed with senior practitioners on the work — policies authored, risk register stood up, audit prep run, training rolled out, vendor process implemented.
Ongoing program support with governance meetings, risk reviews, audit cycle management, and continuous improvement — the program runs after the engagement, not just during it.
Start with a design review. Senior engineers on every engagement. Royalty retainer standard, full IP transfer at premium.
No junior delegation. No hourly billing. Every engagement is led by a senior practitioner with a Fortune 500 portfolio — Alienware, Dell, Viper Motorcycle, Load King, Starbucks.
The professional services practice funds the ventures. ROAR BE+ — 800hp, 1.9s 0-60 — is in design phase. YOND electric boat fleet. FlyDrone aerial access. Vehicle Share. Groom Club. RX Kit. One wallet.