Available Now:


We are developing cyber risk management tools for nonprofits with funding and support provided by the U. S. Department of Homeland Security, National Protection and Programs Directorate, Office of Infrastructure Protection, through the National Infrastructure Protection Program Security & Resilience Challenge which is implemented by The National Institute For Hometown Security (NIHS).

Our Toolkit Includes:

  • An executive guide to the NIST Cybersecurity Framework for nonprofits
  • A budget sizing tool – specific to nonprofits
  • A strategic cyber risk assessment – specific to nonprofits


Our founder wrote the book on managing cyber risk from a business perspective.

Cybersecurity: A Business Solution explains:

  • Why owners, executives, and board members should care about cybersecurity
  • How an organization’s top leaders manage cyber risk
  • How to set priorities and establish budgets
  • How to leverage cybersecurity investments to gain marketshare and increase profits

Coming Soon!


We help small businesses manage risk to prepare for and respond to cyber attacks.

We help you:

  • Manage cybersecurity from the top of the organization
  • Prioritize efforts across a diverse team of staff and vendors
  • Allocate budgets according to forecasted risk
  • Meet NIST Cybersecurity Framework and SP 800-171 Risk Assessment Requirements


Threat Sketch provides solutions for IT service providers that manage risk for small and medium enterprises.

How we help:

  • Engage and educate top management
  • Illustrate the value proposition of cybersecurity spending
  • Align proposals with executive strategies
  • Deliver tailored proposals without extensive, up-front site evaluations


Our expertise is a natural fit for providers of cyber insurance.

Our services include:

  • Mitigating risk in your existing cyber insurance portfolio
  • Cost-effective, non-invasive, value-at-risk underwriting

Need some free stuff to get you started?

We offer free tools and resources for small businesses looking to learn more about the NIST Cybersecurity Framework. If you are a provider of cybersecurity solutions, and would like to co-brand any of the free resources, please pop over to the Contact Us page and let us know.

Why is cybersecurity a business problem?

The economic impact of cyber attacks and the incentives for hackers are changing the cybersecurity landscape. One reason is that the information businesses collect, process, and exchange has become more valuable and easier to exploit for nefarious gain. Second, but equally important, is the liability created when this data comes into an organization’s possession. Third, is the trend toward hackers using automation to attack weaker, less protected small businesses on an industrial scale. The convergence of these three trends means that modern attacks can easily eclipse a small company’s cash reserves and bankrupt an unprepared business.

The business problem of cybersecurity is solved when forward thinking leaders take charge of the big picture. The primary tool that enables them to take charge and see the entire landscape in the context of their business objectives is a strategic cyber risk assessment.

What is a strategic cyber risk assessment?

In addition to technical IT products and services, managing cyber risk requires legal, financial, insurance, and other solutions. Managing the big picture across these diverse fields of expertise is an executive-level, fiduciary duty. A strategic cyber risk assessment is the cornerstone tool for evaluating and managing cyber risk, which answers three key questions:

• What are the major categories of threats?
• Which threats will have the most impact?
• Which threats will we encounter most frequently?

Our strategic cyber risk assessments provide solutions for small businesses and the cybersecurity industries that serve them.