SIEM Tuning & Operations
Detection content review, false-positive reduction, log source coverage gap analysis, and sustainable alert triage workflows. Particular depth in CrowdStrike Falcon NG-SIEM and LogScale.
What we do
Security work,
scoped honestly
Engagements are tightly scoped, plainly written, and delivered by a working security practitioner. Below is the work we typically take on — if your need doesn't match neatly to one of these, get in touch and we'll tell you whether we can help.
Detection & response
Getting useful signal out of the security tooling you already own, and making sure someone can act on it.
EDR Deployment & Tuning
Endpoint detection rollout, exclusion review, custom IOA design, and triage runbooks. Built around CrowdStrike Falcon, with Microsoft Defender for Endpoint where appropriate.
Incident Response Readiness
Tabletop exercises, playbook authoring, and IR runbook design. Templates aligned to the most common scenarios: ransomware, insider threat, third-party breach, business email compromise.
Vulnerability & exposure
Knowing what's exposed, what matters, and what's actually getting fixed.
Vulnerability Management Programme
Stand up or restructure a vulnerability management programme: scanner deployment, asset inventory alignment, risk-based prioritisation, and a reporting cadence the business will actually read.
External Attack Surface Review
Mapping your internet-facing footprint — including the bits you forgot you had — and producing a remediation list ranked by exploitability, not just CVSS.
Patching & Remediation Governance
Defining SLAs, exception processes, and KPI reporting that hold remediation accountable without grinding operations to a halt. Where Patch Tuesday meets reality.
Identity & access
Most modern incidents start with an identity. Most identity programmes haven't caught up.
Entra ID / Azure AD Hardening
Conditional Access design and review, Privileged Identity Management rollout, role-assignment audits, and elimination of standing privilege. E5 / Entra P2 environments a particular focus.
Privileged Access Review
Audit of who has what, where it came from, and whether they still need it. Output is a documented baseline plus a remediation plan and the governance to keep it that way.
MFA & Authentication Strategy
Phishing-resistant MFA rollout planning, authentication strength policy, and break-glass account design. Works for organisations on the journey to passwordless and those still cleaning up legacy MFA.
Governance & compliance
Frameworks aligned to your context — not the other way round.
Cyber Essentials Plus Readiness
Pre-assessment gap analysis, technical evidence preparation, and remediation guidance. We'll tell you what you'll fail before the assessor does.
ISO 27001 Alignment
Annex A control mapping, risk treatment plans, and policy / procedure / governance suite authoring. Not a certification body — but we'll get you ready for one.
Policy & Procedure Authoring
Vulnerability management, incident response, acceptable use, third-party risk, joiner-mover-leaver — written to be read, approved, and actually followed.
How engagements work
Every engagement starts the same way: a no-charge 30-minute scoping call to understand what you need, what you've got, and whether Spartan is the right fit.
From there, we'll send a written scope and fixed-price quote. Most short engagements run one to three weeks; project work longer; retained advisory by the day or month. No long-term lock-ins, no minimum commitments.