Direct Answers to the Questions
We Get Most Often

What is the Ascend Framework?

The Ascend Framework is DOYB's structured assessment methodology — a documented process for evaluating an organization's actual security posture, compliance gaps, infrastructure health, and AI readiness before any service scope is defined. It exists because most security and IT engagements begin with assumptions about what the environment looks like. The Ascend Framework replaces those assumptions with documented findings. Every Ascend product produces a written assessment report, a risk-rated findings list, and a prioritized remediation roadmap.

Why does DOYB require an assessment before scoping services?

Because service scope defined without a documented baseline is essentially guesswork. An organization that completes an Ascend assessment has a verified record of their current state — what controls exist, what gaps exist, and what risks are rated at what severity. That baseline changes the entire engagement: recommendations are tied to actual findings, remediation is sequenced by risk priority, and outcomes are measurable against a documented starting condition. DOYB does not sell services to organizations whose risk posture hasn't been documented.

How many Ascend assessment types are there?

Eight. Ascend Cyber evaluates cybersecurity posture. Ascend Cyber 360 is the full-scope enterprise cybersecurity review. Ascend Infrastructure evaluates your IT infrastructure health. Ascend Compliance maps your environment against applicable regulatory frameworks. Ascend Physical evaluates physical security controls. Ascend AI Readiness evaluates your organization's readiness to implement AI. Ascend AI Implementation evaluates an active AI deployment. Ascend Enterprise is the comprehensive multi-domain assessment for organizations that need coverage across all dimensions.

How long does an Ascend assessment take?

Scope and complexity determine timeline. A focused Ascend Cyber assessment for a mid-size organization typically runs 2–4 weeks from kickoff to final report. An Ascend Enterprise assessment covering multiple domains and locations runs longer. Timeline is defined in the engagement proposal before any work begins — there are no open-ended assessments.

What does an Ascend assessment produce?

Every assessment produces three deliverables: a written assessment report documenting current state and methodology, a risk-rated findings list with severity classification for each identified gap, and a prioritized remediation roadmap sequencing remediation by risk level. These documents are designed to withstand scrutiny from auditors, insurers, regulators, and board members.

What's the difference between DOYB's managed security and a standard MSP?

Most managed service providers offer a fixed service catalog applied uniformly. DOYB's service delivery begins with an assessment of your actual environment — the service scope reflects what the assessment found, not what fits a standard package. Additionally, DOYB's service portfolio spans security operations, compliance programs, virtual executive advisory, and AI readiness — functions that most traditional MSPs don't offer. The engagement model is also different: DOYB acts as an advisory partner with documented outcomes, not a help desk with a monthly retainer.

What is a vCISO and does my organization need one?

A virtual Chief Information Security Officer (vCISO) provides executive-level security leadership without the cost of a full-time hire. The vCISO owns security strategy, policy governance, board reporting, vendor management, incident response oversight, and compliance program direction. Organizations that need executive security leadership but can't justify a $250,000+ full-time CISO are the primary vCISO customer — which includes most organizations under 500 employees and many larger organizations in cost-constrained industries. An Ascend Cyber assessment will identify whether your organization has the security governance gap that a vCISO fills.

Does DOYB provide on-site services or only remote delivery?

Both. Most Ascend assessments, compliance programs, and virtual executive advisory engagements deliver effectively via secure remote collaboration. Physical security assessments, data center evaluations, and infrastructure deployments require on-site presence and DOYB coordinates travel to client sites nationally. DOYB maintains offices in Atlanta and Macon, Georgia and serves clients across the United States.

How does DOYB handle incident response?

DOYB's managed security service includes incident response as part of ongoing coverage — clients don't pay separately for IR when an incident occurs during active managed service coverage. Organizations not currently on a managed security engagement can engage DOYB for incident response on a retainer or emergency basis. DOYB recommends having an incident response retainer in place before an incident occurs — engaging a firm mid-breach is significantly more expensive and slower than activating a pre-existing relationship.

What does DOYB's AI readiness assessment cover?

The Ascend AI Readiness assessment evaluates four dimensions: technical readiness (infrastructure, data quality, integration capability), governance readiness (AI policy, acceptable use frameworks, risk management), compliance readiness (EU AI Act risk classification, sector-specific AI requirements, data privacy obligations), and organizational readiness (training, change management, leadership alignment). The output is a documented baseline and a prioritized readiness roadmap — not a recommendation to buy a specific AI product.

What's the first step to working with DOYB?

A 30-minute consultation. DOYB doesn't define engagement scope before understanding your organization — your industry, current security posture, compliance obligations, and what's driving the need for an assessment. The consultation is free, takes 30 minutes, and produces a recommendation for which Ascend assessment is the right starting point for your situation. You can schedule directly via the link on this page or contact us by phone or email.

Does DOYB work with small organizations?

Yes, with a caveat. DOYB's engagement model is structured around documented assessments and formal service delivery — which carries overhead. Organizations with fewer than 10 employees and no compliance obligations may not get the value from a formal Ascend engagement that a larger or regulated organization would. DOYB will tell you this directly in a consultation if it applies to your situation. The consultation is free and there's no commitment to proceed.

How is DOYB's pricing structured?

Engagement-based pricing tied to assessment scope. Every engagement begins with a fixed-scope proposal — scope, methodology, deliverables, timeline, and price are all defined before any work begins. There are no open-ended retainers that grow without client approval and no surprise change orders. Ongoing managed services (managed security, managed IT, virtual executive advisory) are priced on a monthly basis against a defined scope of coverage. Pricing is discussed in the consultation after the right assessment type is identified.