Services
Four areas, one standard.
Systems that are secure, documented, and automated.
01
Identity and Access (IAM)
- Okta and identity stack design, build, and cleanup, backed by the Okta App Auditor module.
- Access audits, SoD and stale-access detection, and infrastructure-as-code for identity via the Access Review module.
- SSO, MFA, and joiner/mover/leaver automation designed with the HRIS Lifecycle module.
Typical engagement
6 to 12 week project or ongoing retainer
Related guides
02
Device and Endpoint Management
- MDM at scale across macOS, Windows, and mobile (Jamf, Kandji, Intune).
- Zero-touch enrollment, patch and update rings, device trust.
- Phased MDM and GitHub EMU cutovers planned with the Migrations Planner module, gates and rollback included.
Typical engagement
8 to 16 weeks for a fleet migration; ongoing for steady state
Related guides
03
IT Operations and Compliance
- IT general controls for SOX and SOC 2, with the SOC 2 Gap Analysis and HIPAA Readiness modules drafting the missing policies.
- Google Workspace audits, ticket triage, and incident response handled by the Workspace Auditor, IT Ops Copilot, and Incident Postmortem modules.
- Vendor and SaaS management with the Spend & Vendor module, clean offboarding, least privilege.
Typical engagement
Quarterly SOX cycle support, or scoped SOC 2 or HIPAA prep (10 to 14 weeks)
Related guides
04
AI Enablement
- Internal AI tooling: agents, MCP servers, automated workflows.
- Code Security and AI Prompt Security modules to scan repos and guard what reaches a model.
- Hands-on enablement: we teach your team to use AI well, not just install it.
Typical engagement
4 to 8 weeks for a first agent or MCP server, often into a retainer
Related guides
The Paragon platform
The same work, as a product you can run.
The twelve modules backing these four areas live in Paragon, a unified governance dashboard that assesses your stack and writes the remediation. See every module work on real data.