Our Flagship Nonprofit Service

Cybersecurity Maturity Coaching.

Give a nonprofit a pentest and you secure it for a day. Teach a nonprofit to configure, govern and test its own technology and you secure it for good. We coach your team — hands on keyboards, in your tenant — until they can do it without us.

| The problem with buying security advice

The traditional consulting model delivers a report, an invoice, and a to-do list your team doesn't have the skills or hours to action. Twelve months later, the same findings reappear in the next report. Nonprofits — with small IT teams, volunteer workforces and every dollar accountable to donors — can least afford that cycle.

Maturity coaching breaks it. Instead of doing the work for you and leaving, we do the work with your team and leave the capability behind. Your people finish each session having configured a real control in your real environment — and knowing how to check it stays that way.

Coached, not consulted

Regular hands-on sessions with your IT staff or volunteers, working in your own Microsoft 365 tenant — not a slideware workshop or a report you file away.

Built on what you own

Most nonprofits already hold Microsoft 365 nonprofit-grant or discounted licensing with powerful security features switched off. We coach you to turn them on before you spend a cent on new tools.

Measurable maturity

Progress is tracked against the Cloud Security Alliance's CCM Lite, so your board — and your cyber insurer — can see maturity improving quarter on quarter.

| Technology coaching — Microsoft 365 and Intune

We coach your team through configuring the Microsoft 365 security suite for improved security, including:

| Governance coaching — CSA CCM Lite

Technology configuration without governance drifts. We coach your team to run a right-sized security governance program built on the Cloud Security Alliance's CCM Lite — a streamlined set of 91 foundational controls drawn from the Cloud Controls Matrix v4, designed for organisations of any size or maturity. It maps to more than 15 security standards including ISO, NIST and CIS, and ships with implementation guidance, so improvements keep paying off year after year.

| How an engagement runs

PhaseWhat happensWhat your team walks away with
Baseline A facilitated self-assessment of your Microsoft 365 tenant and governance against CCM Lite, done with your team so they learn the method. A maturity baseline and a prioritised coaching plan your board can understand.
Coach Regular hands-on sessions — configuring Entra ID, Intune, Defender and data protection controls in your tenant, one improvement at a time. Controls actually implemented, plus the skills and runbooks to keep them that way.
Govern Coaching your team to write policy, test controls and collect evidence against CCM Lite. A living, right-sized ISMS your team owns — not a binder from a consultant.
Graduate Sessions taper off as your team takes over. We remain available for the hard questions. Self-sufficiency, a repeatable quarterly self-assessment, and a maturity story for insurers and funders.

Pairs well with cyber insurance readiness

The same CCM Lite posture work that builds your maturity also answers your insurer's questionnaire. Many organisations combine maturity coaching with our cyber insurance readiness engagement to fund security improvement from premium savings.

Ready to build capability, not dependency?

A short conversation is enough to work out a coaching plan sized for your team and budget.

Contact us