Your external attack surface across domains, certificates, and exposed assets — refreshed with every scan.
External Exposure
5.46/10
Lower is better
Risk Band
Medium
Improved from High
Critical Findings
0
Across all surfaces
Last Scanned
Feb 23
2026
01 / Exposure by Surface
Where exposure lives.
Email Security
1 Critical · 1 High · 1 Medium
3 findings
Web Security
2 High · 3 Medium
5 findings
DNS & Infrastructure
2 Medium
2 findings
SSL/TLS
1 High
1 finding
Exposed Assets
2 High · 4 Medium
6 assets
02 / Scorecard
Posture at a glance.
5.5/10
External Exposure Score · Live
Quarterly Trend−1.2 vs Q1
Status
ScanCompleted
Domains scanned12 of 12
Subdomains discovered47
Next scanMay 2026
Powered by Claude Opus 4.8Enrolled in Anthropic's Cyber Verification ProgramMapped to NIST CSF and CIS v8.1SOC 2 practices, encrypted in transit and at rest
THE PROBLEM
You are accountable for a risk you cannot see.
Most leaders are asked to stand behind their cybersecurity without a clear picture of where they are exposed. The tools speak in technical scores. The reports assume a security team you may not have.
KNOWN VENDORS
Signed MSAs, current DPAs, quarterly reviews. The vendors leadership can name in a boardroom.
PATCHED SYS
The endpoints IT reported patched last cycle. Green in the dashboard, green in the audit.
SOC 2 REPORT
The bound PDF that says we're compliant. Dated, cited, and framed on the wall.
SHADOW SAAS
Marketing spun up an unlisted workspace holding client PII. No SSO, no MDM, indexable by Google.
3P ACCESS
A vendor's contractor still holds VPN credentials from a 2023 project. Nobody rotated them.
EXPIRED CERTS
Two internal certificates lapsed last month. Users clicked through the warnings. Attackers noticed first.
CLOUD MISCONFIG
A bucket meant for staging went public in a Friday deploy. It is still public.
LEAKED CREDS
A developer pushed a .env file to a fork. It has been indexed on a paste site for six weeks.
UNMANAGED EPS
Fourteen laptops the MDM has never seen. Contractors, personal devices, ex-employees.
EXPOSED APIS
A legacy /admin endpoint from a sunset product. No auth. Still routing to production data.
LEGACY DOMAINS
An old campaign domain still points to your DNS. Attackers stood up a phishing page there yesterday.
WHY NOW
The bar for "we take security seriously" just moved.
Three forces turned cyber from an IT line item into a governance obligation. Boards are now held accountable. Insurers now demand proof, not promises. And attackers now use AI to move in hours, not weeks.
30%
of breaches now involve a third party, double the year before.
Verizon 2025 DBIR
82%
of denied cyber-insurance claims involved organizations without fully implemented MFA.
Coalition, 2024
86%
of Fortune 100 companies now cite cyber expertise at the board level, up from 53% in 2019.
EY
THE STAKES
The cost of finding out the hard way.
A breach is rarely just an incident. It is a stalled grant or deal, a denied claim, a regulator's letter, and years of trust, often at once.
IBM 2025
$10.22M
average U.S. breach cost in 2025, an all-time high.
NTEN Nonprofit Cybersecurity
60%
of nonprofits hit in the past two years.
Deloitte 2024
43%
of family offices attacked in the last 12 to 24 months.
Hiscox 2026
56%
of small businesses hit by a cyberattack in the past year.
An exposure review is a rounding error against any one of these. For qualified nonprofits, it is free.
The Platform
See the platform in action
From external attack surface scanning to executive reporting — explore how TitanDef gives you complete visibility and control over your cyber exposure.
External Attack Surface Scan
Enter your domain. Get a complete picture of your external exposure — no agents, no credentials, no disruption to your systems.
Passive, non-intrusive scanning — no agents or access needed
Findings across Email, Web, DNS, and SSL/TLS with severity ratings
Each finding includes plain-language explanation, remediation steps, cost, and effort
Prioritized remediation roadmap with immediate, short-term, and quarterly actions
Domain Summaryexample.com
Email Security
3 findings
Critical 1High 1Medium 1
Web Security
5 findings
High 2Medium 3
DNS & Infrastructure
2 findings
Medium 2
SSL/TLS
1 finding
High 1
PLATFORM
Everything to understand and reduce cyber exposure.
From your first exposure review to executive-ready reports — assessment tools built for organizations that need clarity, not complexity.
Drag the slider to see how we translate technical data into executive insights.
IT & Security View
Executive View
Security Assessment
NIST CSF · CIS v8.1
Framework Compliance
Control
Status
Framework
Coverage
Access Control
Implemented
NIST PR.AC
88%
Data Protection
Partial
NIST PR.DS
62%
Incident Response
Gap
NIST RS.RP
35%
Vendor Management
Partial
CIS 15
54%
Security Awareness
Implemented
CIS 14
91%
Risk by Category
Network SecurityHigh
Identity & AccessMedium
Data GovernanceCritical
Endpoint ProtectionLow
Remediation Queue
Incident response planHighQ2
Vendor risk scoringMedQ2
Data classificationLowQ3
MFA enforcementLowQ1
Executive Risk Summary
Q2 · Board Brief
Exposure Score
72/100
Moderate
Est. Financial Exposure
$2.4M
High
Posture
68%
+12% QoQ
Key Findings
Backup provider carries a critical vulnerability — estimated $2.4M exposure.
Three vendor connections use outdated encryption — upgrade recommended this quarter.
Remediation Progress
16 of 23 controls passing
‹›
FOR IT & SECURITY TEAMS
Built for the people running the controls
• Security controls mapped to real threats
• Progressive assessment relevant to your risk profile
• Prioritized remediation with effort & cost estimates
• Peer benchmarking against similar organizations
FOR EXECUTIVE LEADERSHIP
Built for the people accountable for the outcome
• See exposures in plain English
• Understand risk as financial impact, not technical scores
• Executive-ready reports without scheduling IT meetings
• Automated improvement metrics over time
WHAT BROUGHT YOU HERE
Most programs start with a single moment.
You do not need a security title to know it is time. Pick the one that sounds like this quarter.
“A funder or client sent us a security questionnaire.”
Answer it with evidence, not a best guess.
“Our cyber-insurance renewal wants proof of controls.”
Generate the evidence underwriters now require.
“A board member asked how exposed we are.”
Walk in with a number and a plan, not a shrug.
“An examiner or auditor is coming.”
Map controls to the framework they check: FFIEC, FINRA, SEC, SOC 2, HIPAA.
“A peer organization just got breached.”
Find out if the same door is open in your environment.
“We gave a new vendor access to our data.”
See the exposure that partnership just introduced.
SOLUTIONS
Tailored exposure analysis, for your sector.
TitanDef adapts its assessment framework, threat models, and reporting to your organization. Every sector faces different exposures — your assessment should reflect that.
More than a checklist. Less than a full-time hire.
Most organizations your size are stuck choosing between a spreadsheet and an enterprise build. TitanDef is the level in between: platform-grade rigor at close to spreadsheet cost.
RIGOR →LOWPLATFORM-GRADECOST →FREE$200K+/YRSPREADSHEETENTERPRISE GRCFULL-TIME CISOTITANDEF← YOU ARE HERE
Spreadsheet
Cheap and familiar — until an auditor asks for evidence and the tabs stop mapping to reality.
Enterprise GRC
Built for Fortune 500 programs. Six-figure licenses, a dedicated admin, and a year to stand up.
Full-time CISO
$200K+ base plus benefits. The right hire eventually — not the right first move for most.
TitanDef
Platform-grade rigor, quarterly Fractional CISO oversight, at roughly spreadsheet cost. The middle path made real.
How organizations are managing cyber exposure and strengthening governance with TitanDef.
TitanDef's offensive engagements run through its sister property titandef.ai, led by certified offensive engineers paired with Claude Opus 4.8, and findings flow back into the program you run here.
24 hrs
TO FIRST EXPOSURE SCORE
12 pages
BOARD PACK, AUTO-GENERATED
0
AGENTS INSTALLED
"TitanDef made cybersecurity feel approachable—nothing overwhelming, and the report layout was clear, concise, and quick to digest (the 'why it matters' really landed). The assessment itself felt fast, and having a clean, printable report at the end makes it easy to share and act on."
Codi Farrar
IT Operations Manager
"TitanDef gives us an executive-ready view of cyber risk—clear prioritization, plain-language implications, and a format that's easy to review at the board level. Just as important, it produces a shareable, audit-friendly reporting that supports governance conversations and keeps remediation focused on what materially reduces risk."
Board Member · Regional Foundation
Verified customer
"TitanDef gives me a clear, high-level picture of where we're exposed and what needs attention first, without getting lost in technical detail. The output is a polished, shareable report that makes it easy to align stakeholders, approve priorities, and track progress against the issues that most reduce organizational risk."
Executive Director · Nonprofit Organization
Verified customer
"TitanDef gives my team a fast, repeatable way to surface and prioritize the issues that actually drive operational risk—so we can focus effort where it moves the needle. The reporting is clean and action-oriented, making it easy to translate findings into tickets, drive cross-team accountability, and communicate progress up the chain."
VP Security Operations · Mid-Market SaaS
Verified customer
FAQ
Frequently asked.
Common questions about TitanDef and our cybersecurity platform.
Getting Started
Qualified 501(c)(3) nonprofits get Starter tier free. All other organizations start at $2,499/year. Additional tiers with deeper assessment, AI-powered guidance, and multi-org management are available as you grow.
The Inherent Exposure Review takes about 15 minutes to complete. You'll have your risk score, peer benchmarking, and prioritized action plan within 24 hours.
TitanDef is designed for organizations without dedicated security staff. The assessment uses plain language, and every report translates findings into clear next steps — not technical jargon.
How It Works
An IER shows you what attackers can see about your organization from the outside — your public-facing digital exposure scored and assessed with specific recommendations for improvement.
Most platforms are built for enterprises or offer generic checklists. TitanDef adapts its assessment to your industry, frames risks in financial terms your leadership understands, and benchmarks you against real peers — not abstract averages.
We recommend reassessing annually or after any major change — new systems, staff turnover, a merger, or a security incident. Each assessment captures a point-in-time snapshot of your risk posture.
Plans & Security
Nonprofits, family offices and foundations, MSPs and security consultants, and small to mid-size businesses. Our assessment framework adapts to each organization's specific threat landscape and regulatory context.
Starter gives you a clear picture of your inherent exposure. Upgrade to Core when you're ready for a full organizational risk assessment, executive-ready reports, policy generation, and vendor & third-party assessments. Stewardship adds AI guidance, threat intel, and the executive oversight portal. Need hands-on leadership? Add fractional CISO advisory as a retainer on top of any plan.
All data is encrypted in transit and at rest. We follow SOC 2 practices, enforce role-based access controls, and never share your data with third parties. Your assessment data belongs to you.
Offensive engagements — external pen tests, web application assessments, and red-team exercises — run through our sister property, TitanDef.ai. Certified offensive security engineers lead the work, paired with Claude Opus 4.8 for reconnaissance, exploit reasoning, and reporting. TitanDef is an officially enrolled participant in Anthropic's Cyber Verification Program. Findings flow back into the program you run here.