// tools / self-audit // // 7 questions · instant report · answers never leave your browser //

How healthy is your stack? Find out in two minutes.

The questions I’d ask in the first thirty minutes of an engagement — distilled into a self-audit. Answer honestly; the report updates as you go. Nothing is submitted anywhere: the grading runs entirely on this page.

// the audit //

0 of 7 answered

Get help with the gaps →

the email button pre-fills a summary of your results — that’s the only way anything leaves this page, and only if you send it.

What this is — and isn’t

This is a screening tool, not a security assessment. It covers the failure modes I see most in small organizations and nonprofits: spoofable email, partial MFA, orphaned accounts, backups nobody has restored, origins one grudge away from a bad day. A real engagement verifies instead of asking — the domain health check is a small taste of that, and a case study shows where it leads.