Mission Control
Business Roadmap Progress Tracker
CyberOne Assurance LLC — tracking every milestone from formation to first client. Goal: first paying client by end of Q1 2028.
0Completed
0Remaining
0Total Tasks
Q1 2028Target Date
Phase 1
Foundation
✅ Completed
LLC Formation — CyberOne Assurance LLC
Filed with Arkansas Secretary of State. Filing ID 998252, Transaction 144859146.
EIN — Employer Identification Number
EIN 42-3801799 issued via IRS Notice CP575G.
Primary Domain — cyberoneassurance.com
Purchased and live on Namecheap. Website deployed on Netlify with SSL.
Defensive Domain — cyber1assurance.com
Purchased and parked to prevent competitor registration. Not in active use.
Website — Live on Netlify with SSL
Informational / pre-launch site live at cyberoneassurance.com. SSL certificate active.
M365 Business Tenant — CyberOne Assurance
Dedicated Microsoft 365 tenant configured for CyberOne Assurance LLC operations.
Logo Direction Decided
Crosshair + corner brackets icon. Colors: Midnight blue #042C53 (primary), Electric blue #378ADD (secondary), Ice blue #E6F1FB (tertiary). Circular badge format to be commissioned via Fiverr.
🔲 This Week
Call AR State Police Regulatory Services
Call 501-618-8600. Ask whether solo penetration testing / vulnerability assessment requires a PI or private security license under Act 393. Get the answer in writing.
Open Business Bank Account
Recommended: Novo Business Checking (novo.co) — $0/month, no minimums, free ACH, built-in invoicing, integrates with QuickBooks/Stripe. Have LLC docs + EIN ready. Runner-up: Relay (relay.fi).
Start TryHackMe — Free Tier
Create a free account at tryhackme.com. Start the "Jr Penetration Tester" learning path. Do not pay yet — evaluate whether you're logging in consistently before subscribing.
🔲 Within 30–60 Days
Get E&O / Cyber Liability Insurance Quotes
Contact Insureon, Hiscox, and TechInsurance. Request "technology E&O" + "cyber liability" quotes as a solo cybersecurity consultant. Quotes are free — get your real number before budgeting anything further.
Commission Final Logo on Fiverr
Search "circular badge logo cybersecurity" on Fiverr. Provide: crosshair + corner brackets icon, Guardian Forensics badge format reference, hex codes #042C53 / #378ADD / #E6F1FB, name "CyberOne Assurance."
Upgrade TryHackMe to Premium (if using it)
Only upgrade if you are logging in consistently. Annual billing is better value: ~$108–140/year vs ~$14/month.
Set Up Home Lab
Install VirtualBox (free) or VMware Workstation Player (free) on your current machine. Download Kali Linux (free). No additional hardware needed to start.
🔲 Before Quarter Ends
Update Domain Registrant Info on Namecheap
Update cyberoneassurance.com registrant name from personal to "CyberOne Assurance LLC." Pay future renewals from the business bank account.
Set Calendar Reminder — AR Franchise Tax
$150 annual franchise tax due May 1, 2027. Set a recurring calendar reminder. Pay from business bank account.
Phase 2
Skill Building — Foundations
Purchase PJPT Exam Voucher
TCM Security Practical Junior Penetration Tester. Includes 12 months of Practical Ethical Hacking course (20+ hrs) + one exam attempt + one free retake. Vouchers do not expire. Purchase at certifications.tcm-sec.com/pjpt
Begin PJPT Study — Practical Ethical Hacking Course
Work through the included PEH course alongside TryHackMe Jr Penetration Tester path. Study pace: 1–2 hours/day weekdays. Target exam-ready by end of Q1 2027.
Build Active Directory Home Lab
Set up Windows Server + Windows 10 VMs in VirtualBox following the PEH course instructions. Windows Server evaluation licenses are free for 180 days. Minimum 16GB RAM required — budget for upgrade if needed.
Phase 3
Skill Building — PJPT & PNPT
Sit & Pass PJPT Exam
2 days to compromise an internal AD network + 2 days to write a professional pentest report. No CTF flags, no multiple choice. Real methodology. Result: first verifiable hands-on pentest credential + a real work-sample report.
Purchase PNPT Exam Voucher
TCM Security Practical Network Penetration Tester. Includes 5 courses (45+ hrs: PEH, Windows PrivEsc, Linux PrivEsc, OSINT Fundamentals, External Pentest Playbook) + one exam attempt + one free retake. Purchase at certifications.tcm-sec.com/pnpt
Begin PNPT Study
Work through all five included courses. Key additions over PJPT: OSINT, external network testing, AV/EDR evasion, advanced lateral movement.
Buy E&O / Cyber Liability Insurance Policy
Use the quotes from Q3 2026. Must purchase before touching any live client system — even pro bono. This is not optional: it's what makes you insurable and hirable.
Phase 4
PNPT & Portfolio
Sit & Pass PNPT Exam
5 days to compromise a simulated corporate network (OSINT → external → internal AD → domain controller) + 2 days for professional report + live 15-min debrief with TCM senior pentesters as "client." Result: professional credential, client-ready report template, live debrief experience.
Add HackTheBox VIP
After PJPT + PNPT, HackTheBox's less-guided, more realistic machines are the right next sharpening step. Start with retired machines that have published walkthroughs.
Complete 2 Pro Bono / Discounted Engagements
Approach 1–2 very small local businesses or nonprofits. Requires: signed SOW, written authorization, active E&O insurance, rules of engagement. Goal: first real case study and reference. No exceptions on authorization.
Update Website from Pre-Launch to Active
Remove pre-launch framing. Add PJPT + PNPT credentials. Add PTES, NIST SP 800-115, and OWASP Testing Guide references. Add final logo. Update services page with clear scope.
Phase 5
Client Acquisition
Define First Target Client Profile
Most realistic first clients: SMBs (50–500 employees) with compliance pressure (HIPAA, CMMC, cyber insurance) who can't afford a large firm. Target verticals: healthcare clinics, small defense contractors, credit unions, regional law firms.
Build Referral Network
Most realistic path to first client is through MSSP contacts, not cold outreach. Former colleagues, IT directors at prior MSSP client companies, and local MSPs who need to refer out pentest work are your warmest leads.
Join Local Professional Communities
Arkansas InfraGard (FBI-affiliated, free), ISACA Little Rock chapter, ISSA chapter if active in AR. These are where IT directors and security managers who buy services go. Show up before you're selling.
Begin Warm Outreach
Email or call the 5–10 most relevant contacts from MSSP history. Frame as reconnecting. Tell them CyberOne Assurance is now doing independent pentesting and vulnerability assessments. Ask if they know anyone who might need it.
Prepare Rate Card & Scope of Work Template
Starting rates: $1,500–4,000 for external vulnerability assessment; $3,000–8,000 for internal network pentest. SOW template must include: targets, testing window, rules of engagement, emergency stop procedure, point of contact.
Phase 6
🎯 First Client
Sign First Engagement — SOW + Rules of Engagement
Signed scope of work and written authorization from someone with authority to grant it. No testing begins without both documents signed. No exceptions, ever.
Deliver First Pentest or Vulnerability Assessment
Execute the engagement within the signed scope. Follow PTES / NIST SP 800-115 methodology. Document everything as you go.
Deliver Professional Report
Executive summary (written for non-technical decision-makers) + technical findings appendix with CVSS-style risk ratings and reproduction steps + prioritized remediation list ranked by real-world impact.
Conduct Client Debrief
Present findings live to the client. You have already practiced this format in the PNPT exam debrief. Explain what was found, how it was found, and why it matters — in plain English for leadership.
Request Testimonial / Case Study Permission
Ask the client if they're willing to be featured as a case study on the website. Anonymized is fine if they prefer. First case study is critical social proof for the next client.
Phase 7
Long-Term Growth
OSCP / PEN-200 — OffSec
Industry gold standard. Most requested pentest cert by name in enterprise and government job postings. 23h45m hands-on exam + 24h report. PJPT + PNPT gets you through the SMB door; OSCP opens the enterprise door. Fund from business revenue.
File Federal Trademark — "CyberOne Assurance"
Search tmsearch.uspto.gov first, then file at uspto.gov/trademarks. Deferred due to budget — file once business has revenue. Protects the brand federally across all 50 states.
Annual Arkansas Franchise Tax
$150/year due May 1 every year. Pay from business bank account. First payment due May 1, 2027.