— C·05Advisory
Identity Threat Modelling.
A workshop-based engagement that maps identity attack paths across SaaS ecosystems, SAP environments, and AI integrations. The output is a model — not a report.
— I · Ideal client
For organisations that…
- 01Want to validate identity assumptions
- 02Need a threat-led identity roadmap
- 03Are preparing for an audit or board review
— II · Scope of assessment
4 domains. Architecture-level.
01Crown Jewel Identification
What an attacker would target. Data, systems, identities.
02Attack Path Mapping
From foothold to crown jewel via identity hops.
03Control Coverage
Which controls break which paths. Where coverage is thin.
04Prioritised Remediation
What to fix first to break the highest-value paths.
— III · Engagement cadence
Week by week.
Day 1–2
Discovery interviews. Crown-jewel mapping.
Day 3–4
Workshop: attack path mapping.
Week 2
Synthesis and report.
— IV · Deliverables
What you receive.
- 01Attack path model (Miro)
- 02Control coverage matrix
- 03Prioritised remediation list
⊘ Out of scope
- Red team exercises
- Penetration testing
Tools used
MiroVisioExcel
— The next step
Begin where every Flowuity engagement begins — discovery.
Forty-five minutes. No deck. No pitch. We ask better questions about your identity estate than you have been asked.