THE SECURITY MOSAIC · OUR FLAGSHIP BUILD

Every Imagine If — assembled into one Mosaic.

The Security Mosaic is the proof. It’s the flagship build that takes every Imagine If on the home page and turns it into something real, working, deployable. Each prompt becomes a tile. Each tile is wired to your tools, your data, your team. Together they form a complete intelligence picture your leadership has never seen before.

It connects your existing security stack (CrowdStrike, Tenable, Wiz, Okta, Splunk and more) and produces a board-ready intelligence picture in 48 hours. Real risk. Real exposure. Quantified in AUD. Compliance evidence mapped to Essential Eight, CPS 234, SOCI.

Every tile is proven. Every tile is yours. The Mosaic is the starting point — not the destination.

THE PROBLEM · THE PICTURE

Fifteen fragments. No picture.
Until now.

BEFORE
CrowdStrike
Tenable
Wiz
Okta
Splunk
Qualys
AWS
Azure
GCP
Snyk
ServiceNow
Microsoft
Palo Alto
SentinelOne
Rapid7
15 fragments. No picture.
AFTER
CrowdStrike
Tenable
Wiz
Okta
Splunk
Qualys
AWS
Azure
GCP
Snyk
ServiceNow
Microsoft
Palo Alto
SentinelOne
Rapid7
15 fragments. One picture. Board-ready.
THE SECURITY MOSAIC · ARCHITECTURE

Fifteen tools in. Five board outputs out.

One orchestration layer in the middle does the assembly.

YOUR EXISTING STACK
CrowdStrike
Tenable
Wiz
Okta
Splunk
Qualys
AWS
Azure
GCP
Snyk
ServiceNow
Microsoft
Palo Alto
SentinelOne
Rapid7
ORCHESTRATION
PATTERN LIBRARY
MOSAICAL ENGINE
DEPLOYMENT LAYER
BOARD OUTPUTS
Unified risk posture
Financial exposure in AUD
Compliance gap analysis
Attack chain correlation
Remediation roadmap

The Security Mosaic. Built. Running. Proven.

HOW IT WORKS · THE DECISION FACTORY

From fragmented cyber work to enterprise-grade decisions.

Disconnected sources on one side. Structured, accountable, audit-ready outputs on the other. The Decision Atlas in the middle does the work.

FRAGMENTED CYBER WORK
Disconnected sources. Manual work. Limited visibility.
Security tools
SIEM, EDR, IAM, Cloud, Vulnerability Scanners, Email Security
12,384 events
Policies & procedures
Internal policies, standards, operating procedures
156 documents
Standards & obligations
NIS2, DORA, CPS 234, ISO 27001, SOC 1, GDPR, sector standards
892 requirements
Risk registers
Enterprise risk, third-party risk, scenario libraries
235 risks
Audit evidence
Control evidence, test results, assurance reports
3,742 evidence items
Incident notes
Tickets, post-incident reviews, root-cause notes
1,207 notes
DECISION ATLAS
Normalize. Correlate. Decide. Prove.
Evidence graph
Entities, relationships and context from across your environment.
Decision cells
Structured decision points with criteria, impact, and options.
Asset exposure to internetRisk decision
Impact HighConf. 0.78
Role lenses
One canvas. Different perspectives. Built for every accountable role.
SecurityRiskLegalAuditOpsBoard
Accountable actions
Decisions turn into actions with owners, due dates, dependencies.
Segment workloadsIn progress
Audit lineage
End-to-end lineage from source to decision to evidence.
AI ORCHESTRATION LAYER Normalize · Correlate · Recommend · Explain · Track
DECISIONS THAT RESOLVE
Structured outputs. Accountable. Audit-ready.
Board artefact
Quarterly pack with priorities, scenarios, recommended actions and decision log.
  • Decision summary
  • Risk movement
  • Recommended actions
  • Sign-off pack
Regulator evidence pack
Obligation mapping, control evidence, test results and attestations.
  • Evidence index
  • Control mapping
  • Test results
  • Attestations
Action log
Live actions, owners, due dates and status across the organisation.
  • Open actions
  • Overdue
  • Completed
  • Audit trail
One source of truth
All decisions connected to evidence and context.
Built for regulated environments
APRA CPS 234, NIS2, DORA, GDPR, SOCI, ISO 27001.
Every accountable role
Security, Risk, Legal, Audit, Operations, Executives and Boards.
Enterprise risk movement
Decisions reduce exposure and improve resilience over time.
Prove it. Every time.
Full lineage, audit-ready evidence, on demand.
Deployed into your world
Runs in your environment. Works with your tools. Your data. Your people.
WHAT YOUR BOARD SEES · BOARD PROOF

Evidence connected. Decisions ranked. Outcomes defensible.

Six categories of evidence on the left. Three top decisions ranked by confidence and impact in the middle. Four board-ready output packs on the right.

SECURITY EVIDENCE
Source lineage
Systems, owners, feeds
128 sources
Standards & obligations
NIS2, DORA, CPS 234, GDPR
312 obligations
Risk registers
Enterprise & operational
24 registers
Control library
Controls, tests, owners
1,876 controls
Tool signals
SIEM, EDR, GRC, Cloud
42 integrations
Incidents & issues
Tickets, investigations
87 open
DECISION ATLAS Ranked Decisions Dependencies Scenario Impact View: Executive ▾
Top decisions this cycle Last updated: today, 09:41
1
Critical vulnerability remediation
Reduce exploitable exposure across internet-facing assets
CPS 234NIS2ISO 27001
CONFIDENCE
92%
OWNER
CISO
DUE DATE
23 May 2026
STATUS
● In Progress
2
Third-party risk management
Strengthen oversight of critical suppliers
DORANIS2ISO 27036
CONFIDENCE
84%
OWNER
Head of Risk
DUE DATE
06 Jun 2026
STATUS
● On Track
3
Identity & access governance
Reduce excessive access and privilege risk
CPS 234NIS2ISO 27001
CONFIDENCE
78%
OWNER
IAM Lead
DUE DATE
20 Jun 2026
STATUS
● Planned
Decision Context
Risk Impact
High
Effort
Medium
Dependencies
7
Stakeholders
12
$
Budget Impact
A$1.2M
Time to Value
30–60 days
BOARD PROOF OUTPUTS
Sign-off pack
Board-ready decision pack
View pack →
Regulator evidence pack
CPS 234 · NIS2 · DORA · GDPR
View pack →
Risk movement
Enterprise risk trend
View trend →
Audit trail
Decision history & lineage
28 AprDecision created
28 AprEvidence updated
28 AprRisk assessed
28 AprAction initiated
View trail →
Connected evidence
All sources. One lineage.
Confident decisions
Ranked by impact, effort, and risk.
Accountable actions
Owned, dated, and tracked.
Defensible outcomes
Prove it. Every time.
MOSAICAL AI
Real security work.
Delivered through software.
Deployed into your world.
PROOF · REAL SHAPES FROM REAL WORK

Four chart shapes from real engagements.

Drawn from the FAIR / Cyber Doppler quantification work, TEF v7 board exhibits, the TEF Master Tracker, and in-house security maturity assessment. Numbers anonymised. See all eight on the proof page →

01

Loss exceedance curve (LEC)

A$100KA$1MA$10MA$100M 0.1%1%10%100% LOSS SIZE · AUD (LOG SCALE) ANNUAL EXCEEDANCE PROBABILITY

Source. Pattern from FAIR / Cyber Doppler quantification engagements (TEF DSI, Sixt Risk P&L). Real curve shape — characteristic log-log decreasing slope with mid-range knee. AUD amounts illustrative.

02

Residual risk waterfall

0M25M50M75M100M 100M Inherent risk −45M Existing controls −20M IAM hardening −10M Vendor SOC 2 verification −7M Detection improvements 18M Residual exposure EXPOSURE · AUD M (ILLUSTRATIVE)

Source. Pattern from TEF v7 'Path to Green' board exhibit. Real category structure — inherent risk → existing controls → planned controls → residual. Values anonymised.

04

Composite posture score breakdown

Composite score · 6.4 / 10 02.557.510 Coverage 7.2 w 20% Control effectiveness 6.5 w 20% Operational maturity 6.1 w 20% Detection / response ops 6.4 w 20% Quantified risk reduction 6.0 w 20%

Source. Pattern from TEF Master Tracker. Real composite-scoring structure (DSI 6.4 = weighted sum of coverage / effectiveness / maturity / operations / risk reduction). Component values illustrative.

08

Maturity radar · 12 security domains

IAMAppSecCloudDataNetworkDetectRespondVuln MgmtThird-PartyPrivacyBCDRGovernance █ current ┄ target (3.5) 4-level maturity scale · 1 ad-hoc · 2 repeatable · 3 defined · 4 optimised

Source. Pattern from in-house security maturity assessment (4-level model across 12 domains). Real domain set used in CISO advisory. Current vs target band. Scores illustrative.

THE 48-HOUR PROTOTYPE · NOT A POC

Two days. Your data. A report you keep.

We do not run POCs. POC is theatre — a word vendors use to dress up a free trial for procurement. We build a working prototype on your data in 48 hours. If the output is not board-ready, you owe us nothing. You keep the report either way.

Our 48-hour prototype uses your actual data from day one. No synthetic demos. No vendor theatre. You see what your environment actually looks like — then decide.

See the hour-by-hour walk-through →
48 HOURS TO REPORT
ENGINEERING RECEIPTS
15
TOOL CONNECTORS
SIEM · EDR · CSPM · VM · IAM · CASB · API-verified
5y
SIGNAL BASELINE
multi-year telemetry reconciled to published benchmarks
7
FRAMEWORKS
Essential Eight · CPS 234 · SOCI CIRMP · ISO 27001 · NIS2 · IEC 62443 · FAIR
48h
FIRST REPORT
from NDA signed to board-ready output

Client names on request, under NDA

The Mosaic is the starting point, not the destination. It’s the proof we can do this for you — whatever ‘this’ turns out to be.

Start the conversation →