For mid-market security leaders & their brokers

Turn cyber risk into a lower premium.

Theodolite translates your cyber risk into precise dollar exposure using FAIR methodology, benchmarks your control environment against NIST CSF, and delivers broker-ready premium reduction intelligence — in days, not months.

Get Your Indicative PremiumTry the Interactive Demo

30-minute call. No slides. Real numbers, not a generic quote.

Scroll

Frameworks & standards we quantify against

FAIREPSSSOC 2NIST CSFMITRE ATT&CKCISA KEVOCSFISO 27001CVSSCIS ControlsPCI DSSHIPAACMMCOWASP Top 10GDPR

Vuln Intel

NessusQualysOpenVAS

Risk Frameworks

FAIREPSSNIST CSF

Data Discovery

AWSAzureGCP

SOC 2 Compliance

ControlsEvidenceAudit

Theodolite

>

In 30 minutes, Theodolite helps you answer the most important question

“How much could we lose?”

A different approach to cyber risk.

Traditional

  • Siloed scans with no business context
  • CVSS scores that mean nothing to the board
  • Weeks to compile a risk report

With Theodolite

RISK$4.2M
SOC 2: 91%
Findings: 847
Actions: 12
  • Every finding quantified in dollars
  • Board-ready risk reports in 30 minutes
  • One cyber risk balance sheet for your CFO

The Story Behind Theodolite

“I built Theodolite because no tool gave me what I needed in that boardroom: a single number, in dollars, that told the truth about our risk posture.”

Nick Shevelyov, Founder

Founder, Theodolite & vCSO

15 years CSO, SVB

Author, “Cyber War…and Peace” — on translating cyber risk for boards

Cyber Risk Balance Sheet

Every finding in dollars.

Vulnerability Intelligence

Import scans from Nessus and OpenVAS. Quantify every finding in dollars using FAIR methodology, not just CVSS scores.

Learn how XYZ quantified 14k Nessus scans
Findings by Risk ($)
14,247 total
CVE-2025-1234Critical
$2.1M
Affected hosts: 12
EPSS score: 94.2%
Exploitable: Yes
Action: Patch Apache Struts to 6.4.1+
CVE-2025-5678High
$1.4M
Affected hosts: 8
EPSS score: 67.1%
Exploitable: Yes
Action: Rotate exposed API keys in vault
CVE-2025-9012High
$890K
Affected hosts: 23
EPSS score: 31.4%
Exploitable: No
Action: Update OpenSSL to 3.2.2+
CVE-2025-3456Medium
$340K
Affected hosts: 5
EPSS score: 12.8%
Exploitable: No
Action: Enable MFA on admin endpoints
CVE-2025-7890Low
$120K
Affected hosts: 2
EPSS score: 3.1%
Exploitable: No
Action: Update TLS cipher suites
Annual Loss Expectancy$4.87M
SOC 2 Readiness
91%READY
Access Control95%
Change Mgmt88%
Risk Assessment92%
Monitoring85%
442
Answered
44
Pending
17
Categories

Compliance Automation

486 assessment questions auto-answered across 17 categories. Generate audit-ready evidence packages.

Self-service Theodolite for SOC 2

Data Discovery

Scan AWS, Azure, and GCP for PII, PHI, and exposed credentials — before attackers find them.

Risk Exposure Identified
Sensitive Data Found
3 providers
AWS
AWS S38.2 TB
47 containers · 1243 findings
PIICRED
prod-user-uploads
3.1 TB412PII
backup-db-exports
2.8 TB567PII
config-secrets
240 GB264CRED
AZ
Azure Blob3.1 TB
23 containers · 891 findings
PIIPHI
patient-records
1.4 TB523PHI
hr-documents
890 GB241PII
analytics-raw
810 GB127PII
GCS
Google Cloud Storage1.1 TB
12 containers · 234 findings
CRED
ci-cd-artifacts
680 GB145CRED
ml-training-data
420 GB89PII
Total exposure across all providers12.4 TB

How it Works

Three Steps. One Report.

Connect

Analyze

Act

$4.2M$1.8M$890K$3.1M$560KQuantifying findings...
Actions Required

Stop Guessing.
Start Measuring.