Methodology

How CDA works.

Five campaign phases. Defined outcomes. No ambiguity.

Every CDA engagement follows the same operational methodology. Five phases, each with specific objectives, deliverables, and completion criteria. We don't sell hours. We execute missions.

Start Your FRM View Pricing

Campaign Phases

Five phases. One operational flow.

CDA structures every engagement as a campaign. Each campaign moves through five defined phases, from initial reconnaissance to ongoing command operations.

1C-RECON

Reconnaissance

Assessment, discovery, and threat landscape mapping. This is where your Foundational Risk Model (FRM) lives. We map your assets, identify gaps, and build the mission plan.

2C-BUILD

Build

Architecture, deployment, and infrastructure setup. We implement the security controls, deploy tools, configure systems, and establish the operational foundation.

3C-HARDEN

Harden

Configuration tightening, policy enforcement, and surface reduction. Every system is hardened against known attack vectors and configured to minimize exposure.

4C-DRILL

Drill

Testing, exercises, tabletop simulations, and red team operations. We validate that defenses hold under pressure and teams know how to respond.

5C-COMMAND

Command

Ongoing operations, governance, monitoring, and continuous improvement. The steady-state phase where CDA maintains and improves your security posture.

Your First Year

Day 1 to Day 365

A typical CDA engagement moves through all five phases within the first year. Here is what that looks like.

Days 1-14: FRM Assessment

Your Foundational Risk Model begins immediately. Asset discovery, vulnerability scanning, policy review, and threat landscape analysis across all six PDM domains.

Days 15-30: Mission Planning

Based on your FRM findings, we design a prioritized mission plan. Your commander presents the plan, answers questions, and locks the operational timeline.

Days 31-90: Build Phase

Implementation begins. Security controls deployed, tools configured, policies written, and access controls established. Every mission has a defined deliverable.

Days 91-150: Harden Phase

Systems are tightened. Configurations are validated against benchmarks. Attack surface is measured and reduced. Compliance evidence is collected.

Days 151-210: Drill Phase

Red team exercises, tabletop simulations, and penetration testing validate your defenses. Staff training and awareness programs are delivered.

Days 211-365: Command Phase

Ongoing operations begin. Continuous posture monitoring, regular reporting, compliance maintenance, and incident response readiness. This is the steady state.

Mission Architecture

How missions work

Defined Scope

Every mission has explicit objectives, boundaries, and acceptance criteria. No scope creep, no ambiguity, no surprise invoices.

Domain Mapped

Each mission maps to one of the six PDM domains. Your posture score in that domain improves as missions are completed.

Operator Assigned

A qualified operator with domain-specific certification is assigned to each mission. You know who is doing the work.

Deliverable Produced

Every mission produces a concrete deliverable: a configuration, a report, a policy, a test result. Not just an alert or a ticket.

Outcome Measured

Mission success is measured against defined criteria. Pass or fail, not 'in progress' indefinitely.

Posture Updated

Completed missions automatically update your PDM posture scores in C3. Progress is visible and quantifiable.

See the methodology in action.

Start with a Foundational Risk Model. See exactly where you stand across all six defense domains.

Schedule Your FRM Browse Missions