Getting Started
What is SecureGap?
SecureGap is an AI-powered security assessment platform that helps mid-market organizations identify gaps across eight security layers and generate prioritized remediation roadmaps — without sitting through a six-week consulting engagement.
full overview of the product, the engine, and who SecureGap is built for.
Last updated: April 2026
Getting Started
How to create your account
Sign up takes about two minutes: an email, an organization profile, and you're in. This guide walks through each step and explains what each field is used for downstream.
signup walkthrough, organization profile setup, inviting teammates.
Last updated: April 2026
Getting Started
Running your first assessment
Pick an assessment type, answer context-aware questions, and watch the gap engine generate findings layer by layer. Most teams finish their first run in under an hour.
choosing assessment type, what to expect during the flow, tips for clean answers.
Last updated: April 2026
Getting Started
Understanding your results
Your results come in three views — the risk map, the findings list, and the remediation roadmap. Each one answers a different question; this guide explains when to use which.
risk map walkthrough, findings semantics, roadmap structure.
Last updated: April 2026
Assessments
Security Layer Assessment
The flagship assessment. Covers all eight layers with adaptive questioning that branches based on your environment profile and previous answers.
full breakdown of the SLA flow, question types, and output.
Last updated: April 2026
Assessments
Vendor Evaluation
A focused assessment for evaluating third-party vendors. Same engine, scoped to vendor-specific risk surfaces.
vendor evaluation scope, what's measured, how scores are calculated.
Last updated: April 2026
Assessments
Quick Scan
A 10-minute snapshot for teams that want a fast read on where they stand before committing to a full assessment.
quick scan flow, what's covered, when to upgrade to a full SLA.
Last updated: April 2026
The 8 Layers · L1
L1 · Perimeter & Network
The outermost layer — firewalls, network segmentation, ingress/egress controls, and the structural decisions that decide what touches your environment in the first place.
what L1 measures, common gaps, and how findings are structured.
Last updated: April 2026
The 8 Layers · L2
L2 · Identity & Access
Who can do what, with what credentials, under what conditions. Identity is where most real-world breaches start; this layer treats it that way.
identity controls, MFA posture, privilege boundaries.
Last updated: April 2026
The 8 Layers · L3
L3 · Endpoint Protection
Devices are where work happens — and where most malware lands. This layer covers EDR, hardening baselines, patching cadence, and BYOD posture.
endpoint controls, what coverage looks like, common shortfalls.
Last updated: April 2026
The 8 Layers · L4
L4 · Application Security
The code you ship and the dependencies you pull in. SAST, DAST, SBOM hygiene, and secret scanning all live here.
appsec controls, dependency posture, secret hygiene.
Last updated: April 2026
The 8 Layers · L5
L5 · Data Security
Where sensitive data lives, who touches it, and what happens to it at rest, in transit, and in use. Classification, encryption, DLP, and lifecycle.
data classification, encryption coverage, DLP boundaries.
Last updated: April 2026
The 8 Layers · L6
L6 · Cloud & Infrastructure
IAM in the cloud, configuration drift, exposed buckets, IaC posture, and the shared-responsibility lines that decide what's actually yours to fix.
cloud posture controls, common misconfigurations, IaC hygiene.
Last updated: April 2026
The 8 Layers · L7
L7 · Detection & Response
Telemetry coverage, alert quality, runbook readiness, and the difference between having a SIEM and being able to use one in a real incident.
detection posture, response readiness, telemetry gaps.
Last updated: April 2026
The 8 Layers · L8
L8 · Governance & Human Risk
Policy maturity, training cadence, role clarity, and the human side of security — usually the layer with the highest leverage and the lowest investment.
governance posture, training, role clarity, human risk signals.
Last updated: April 2026
Risk Map
Reading your risk map
The risk map is a heatmap of all eight layers crossed with severity. This guide explains what each cell means and how to read the patterns that show up most often.
anatomy of the risk map, common patterns, how to drill into a cell.
Last updated: April 2026
Risk Map
Severity levels explained
Critical, High, Medium, Low — and why SecureGap weights them the way it does. Severity isn't just impact; it's impact crossed with likelihood and dependency.
severity definitions, scoring methodology, edge cases.
Last updated: April 2026
Remediation Roadmap
How the roadmap is generated
Findings get grouped into initiatives, ordered by dependency, and slotted into phases. Here's the logic the planner uses to decide what comes first.
planner logic, phase boundaries, initiative grouping.
Last updated: April 2026
Remediation Roadmap
Managing initiatives
An initiative bundles related findings into a single piece of work. This guide covers editing, splitting, merging, and assigning owners.
initiative editing, splitting/merging, ownership.
Last updated: April 2026
Remediation Roadmap
Linking to projects
Push initiatives out to your tracker so the work happens where work already lives. Native links for Linear, Jira, GitHub Projects, and Asana.
integration setup, sync behavior, linking semantics.
Last updated: April 2026
Account & Billing
Managing your account
Profile, organization details, security settings, and notification preferences — all in one place.
account settings walkthrough.
Last updated: April 2026
Account & Billing
Team members & seats
Inviting people, assigning roles, and understanding how seats are counted across your subscription.
invitations, role matrix, seat accounting.
Last updated: April 2026
Account & Billing
Subscription & billing
Plans, billing cadence, invoices, payment methods, and how mid-cycle changes are handled.
plan structure, billing cadence, mid-cycle changes.
Last updated: April 2026
Account & Billing
Cancellation & data deletion
How to cancel, what happens to your data, the 30-day retention window, and how to request immediate deletion.
cancellation flow, data lifecycle, deletion requests.
Last updated: April 2026
FAQ
Frequently asked questions
Short answers to the questions we get most often — about pricing, data, the engine, and the trial.
FAQ entries, pricing, data, engine internals, trial.
Last updated: April 2026