Customer journey

From first scan to proof of fix

The vulnerability list is the hook. Monitor + evidence is the product. Convert is the high-value sticky tier.

Stage 1 — Inventory

First scan complete; findings in spreadsheet

Recommended tier: Assess

Stage	Name	Tier	Link
0	Unaware	Content / free mini-assess	Open
1	Inventory	Assess	Open
2	Prioritized	Assess + workshop	Open
3	Monitored	Monitor	Open
4	Converting	Convert	Open
5	Agile	Enterprise	Open
6	Optimizing	Optimize (expansion)	Open

Core insight

Never sell Stage 6 to a Stage 0 buyer

Always propose the next maturity stage plus one. Optimization is expansion — only after PQC defense is proven.

Personas

CISO / VP Security

Trigger: Board asks: how much RSA/ECDSA before 2030?

Entry: /assess → Assessment → Monitor

Compliance / GRC lead

Trigger: CMMC, PCI-DSS 4.0, or HIPAA audit

Entry: Scenario packs → signed compliance pack

VP Engineering

Trigger: Assigned to execute PQC migration

Entry: CBOM → remediation board → re-scan verification

Touchpoints by channel

Channel	Assess	Monitor	Convert
Website	/assess	/monitor	/convert
Self-serve	/assess	/access	/access
Dashboard	Scan history	Drift + schedules	Remediation board