Hayshack Security Assessment

Know Your Risk. Close Your Gaps.

A senior-led cybersecurity assessment for organisations that need straight answers, not a stack of certificates and a generic report.

Most organisations do not have a security problem. They have a visibility problem.

You do not know exactly what an attacker sees when they look at your business. You do not know whether your Office 365 tenant is properly locked down, whether your staff would recognise a phishing attempt, or whether a ransomware attack would encrypt your backups along with everything else.

The Hayshack Security Assessment gives you that visibility. In plain English. In 5 to 7 business days.

What You Receive

A single fixed-price engagement covering eight control domains. You receive a board-ready report with an evidence-based maturity score, a ransomware probability estimate, and a prioritised remediation roadmap that tells you what to fix immediately at no cost, what requires low-cost intervention, and where strategic investment is warranted.

Every finding is evidence-driven and specific to your environment. Nothing is copied from a template.

The eight domains we assess:

  • Identity and access controls
  • Endpoint protection
  • Network controls
  • Data governance
  • Security awareness
  • Threat detection
  • Incident recovery capability
  • Data protection compliance alignment

How It Works

Five steps. Approximately one hour of your team’s time. No site visits.

Step 1 — Kick-off
A 30-minute video call to confirm scope, agree contacts, and understand your existing IT setup.

Step 2 — Evidence Collection
Your administrator runs a PowerShell script on one Windows PC. We conduct external scans and Office 365 analysis independently.

Step 3 — Policy Review
You share any existing policies by email — acceptable use, security, incident response. If you do not have them, we note that as a finding.

Step 4 — Analysis and Report
We analyse all evidence, score every control domain, and draft your report. We may ask one or two clarifying questions.

Step 5 — Review and Delivery
We issue a draft for your team’s review, incorporate any feedback, and deliver the final board-ready report.

Total time from kick-off to final report: 5 to 7 business days.
Total effort from your team: approximately one hour.

What Makes This Different

This is not a penetration test. We do not attempt to breach your systems, brute-force credentials, or exploit vulnerabilities. We observe, measure, and report — the same disciplined approach used to build and run enterprise security operations at scale.

The ransomware probability model estimates the likelihood that a commodity ransomware attack would succeed in your environment right now. It is built from five weighted factors — initial access controls, lateral movement risk, privilege escalation exposure, detection capability, and recovery readiness. You receive a percentage score with a plain-English explanation of what is driving it and exactly what to do about it.

Remediation Guidance

The assessment delivers a fully actionable remediation roadmap. Every finding includes specific guidance on what to do, in what order, and at what level of investment.

Implementing the remediation is not part of this engagement. However, the roadmap is designed to be acted on — either by your own team or with external support. Where resolution requires specialist delivery, Hayshack can provide recommendations and, where appropriate, work with trusted partners to support implementation. That conversation happens after the report is in your hands.

Who This Is For

The Hayshack Security Assessment is designed for any English-speaking organisation that:

  • Has between 20 and 500 users
  • Runs Microsoft 365 or a hybrid environment
  • Has not had an independent security assessment in the past 12 months
  • Needs to demonstrate security posture to a board, insurer, or regulator
  • Wants honest answers from a senior practitioner, not a sales pitch

We work with organisations in South Africa, the United Kingdom, Australia, and beyond. The assessment is conducted entirely remotely.

Why Hayshack

Greg Hay leads every engagement. Where specialist skills are required, we bring in trusted professionals with the right expertise for the work. You deal with senior people throughout.

29 years of enterprise IT and security leadership. MBA from Edinburgh Business School at Heriot-Watt University. MSc in Cybersecurity from EC-Council University. DBA candidate 2027. Certified Ethical Hacker, CompTIA PenTest+, MCSE.

Previously Group Technology and Operations Executive at a large South African retailer — responsible for a Security Operations Centre processing 350 million security events per month, achieving an 82 out of 100 security posture score, and SD-WAN deployment across more than 1,200 sites.

The credentials are real. The experience is hands-on. The report you receive reflects both.

Get Started

The assessment is fixed-price with no hourly billing and no scope creep. Pricing is provided in your local currency on request. A signed proposal and purchase order are both required before work begins. Payment is due on delivery of the final report.

To receive a proposal tailored to your organisation, contact us below.

Request a Proposal →

info@hayshack.co.za
hayshack.co.za

Hayshack Enterprises (Pty) Ltd | Reg No: 2024/349388/07