Security Program Roadmap Builder // Stratagem Cyber

Company Profile

How large is your organization?

Affects staffing recommendations, tool selection, and budget benchmarks.

1 – 25 people

Early-stage startup or small professional services firm.

Startup

26 – 100 people

Growing company, likely one IT generalist.

SMB

101 – 500 people

Mid-market with some IT infrastructure and policy.

Mid-Market

501 – 1,000 people

Established company, likely a small security team.

Enterprise-Adjacent

1,000+ people

Large organization with dedicated security function.

Enterprise

Industry & Compliance

What industry are you in?

Determines applicable regulatory frameworks and compliance-driven priorities.

Professional Services

Consulting, marketing, staffing, or general business.

Financial Services

Banking, fintech, insurance, investment management.

SOX / GLBA / PCI

Healthcare

Providers, payers, health tech, life sciences.

HIPAA / HITECH

Legal / Accounting

Law firms, CPA firms, fiduciaries.

High Data Sensitivity

Technology / SaaS

Software, cloud services, platforms.

SOC 2 Likely Required

Manufacturing / Industrial

Discrete or process manufacturing, supply chain.

OT / ICS Risk

Government Contractor

DoD, federal, or state/local contractor.

CMMC / FedRAMP

Retail / E-Commerce

Consumer-facing, payment processing, logistics.

PCI DSS

Current Security Posture

How would you describe your organization’s security program today?

Be honest — this determines how aggressive your 30-day priorities need to be.

We don’t really have one

Security is handled reactively. No formal policies, no dedicated security staff, tools are whatever came with the OS or default SaaS settings.

Starting from zero

We have the basics

Antivirus, maybe MFA on some systems, a firewall. Someone owns security part-time. No formal program, but not completely dark.

Ad hoc

We’re building it out

We have policies, MFA enforced, some security tooling. We’re aware of gaps but haven’t systematically addressed them.

Developing

We have a defined program

Documented policies, dedicated security staff or MSSP, tooling across endpoint/identity/cloud, regular reviews. Looking to mature further.

Defined

Risk Profile

What are your top concerns? Select all that apply.

These drive prioritization across your phases — the roadmap weights initiatives by your stated risk areas.

Ransomware / malware

Business email compromise

Data theft / exfiltration

Insider threat

Compliance / audit failure

Third-party / vendor risk

Cloud misconfiguration

AI / shadow AI exposure

Incident response readiness

Software supply chain

Resources

What resources are available for security this year?

Determines whether recommendations lean toward tooling, people, services, or process-first approaches.

Minimal budget

Under $25K. Security competes with many other priorities.

Process-first approach

Modest investment

$25K – $100K. Room for targeted tooling and some outside help.

Selective tooling

Committed investment

$100K – $500K. Serious about building a real program.

Full program build

Significant investment

$500K+. Security is a strategic priority with executive backing.

Enterprise build

Your Personalized Roadmap

Current Maturity

Initiatives are ordered by risk reduction per dollar — highest impact first.

Take the Next Step

Turn this roadmap into an execution plan.

Stratagem Cyber can scope, sequence, and run every initiative on this roadmap — at a fraction of the cost of a full-time hire. Start with a free 30-minute call.

Book a Free 30-Minute Call

Build your 12-month security roadmapin under 5 minutes.

Turn this roadmap into an execution plan.

Build your 12-month security roadmap
in under 5 minutes.