Ransomware Readiness Review
A focused review of your defenses, backups, and recovery posture against a ransomware event — the threat schools face most.
Whether you need a one-time picture of your risk or a leader to own the program, every TRAG engagement ends the same way: you know what to do next, and you can defend the spend.
The flagship engagement. A structured review of your security posture across all 18 areas, scored against recognized frameworks and delivered as a plan — not a verdict.
The baseline is built from your team's own structured responses — fast, and light on staff — with optional verification against real evidence when you need findings that hold up to auditors and insurers. You receive a maturity baseline, a ranked findings register, and a remediation roadmap with cost and effort attached to every item.
See how the assessment works →A seasoned security advisor on call for your district — the expert judgment, none of the hiring cost or risk.
Most districts need CISO-level judgment but can't justify a $200K+ hire — and can't find one anyway. TRAG fills that gap as an independent advisor: helping you make risk calls, keeping your roadmap moving, vetting vendors, satisfying auditors and insurers, and being the person you call the moment something looks wrong. You get continuity and a steady hand, scaled to the hours you actually need. We advise — we don't sell you tools or take over your team.
See retainer tiers →You already know you have problems. TRAG turns them into a plan you can execute and track.
Pen test results, an auditor's findings, a cyber-insurance questionnaire, or the aftermath of an incident — TRAG consolidates them into one prioritized backlog. Each item gets effort sizing, cost, dependencies, an owner, and a target phase, so progress is visible to everyone from the help desk to the board.
This is the namesake of the practice, and it's the artifact clients come back for: a roadmap that stays current instead of dying in a spreadsheet.
The cheapest control you own is a team that knows what to do. TRAG builds that muscle.
Technical training lifts your IT staff's day-to-day defensive skills. Tabletop exercises put your leadership through a realistic incident — a ransomware demand, a data exposure, a vendor breach — so the first time they make those decisions isn't during a real one. Every session is tailored to your environment, not generic slideware.
Targeted, à la carte work that often follows an assessment or rides alongside a retainer.
A focused review of your defenses, backups, and recovery posture against a ransomware event — the threat schools face most.
An authenticated network scan delivered with a clear, prioritized findings report your team can act on.
A review of AD privileges, configuration, and the common misconfigurations attackers target first.
A structured risk analysis delivered with a risk register your district keeps and reuses going forward.
Help completing insurer questionnaires accurately and closing the controls that drive your premiums.
Practical, enforceable security policies written for your district — not boilerplate nobody reads or follows.
That's exactly what the briefing is for. Tell us what's keeping you up at night and you'll get a straight recommendation — even if the honest answer is "you don't need us yet."