We identify the operational risks, GTM gaps, leadership blind spots, and growth constraints that decide whether an acquisition creates value or destroys it.
Most advisors answer one. The deals that create enterprise value, and the ones that destroy it, turn on all three at once.
“Is this company healthy?”
Financials, legal, and compliance. Essential, but it tells you where a company has been, not where it can go.
“Can this company scale?”
Product maturity, go-to-market, leadership, and integration. The questions you can only answer if you have run the playbook yourself.
“Will this create enterprise value?”
Thesis, value-creation levers, and the path to exit, tying the operating reality to the return.
SME sits exactly at that intersection: operator judgment most diligence teams do not have, applied to the investor question of whether the deal actually makes money.
None of these show up cleanly in a data room. Each one can reset the model. These are investment risks, not consulting services, and we find them while you can still act on them.
Re-platforming costs that stay invisible until the roadmap stalls.
Relationships, knowledge, and momentum that walk out with one person.
A pipeline that looks diversified but rests on a few fragile partners.
A motion that works at this size and quietly breaks at the next.
Revenue that reads recurring until the top logo renegotiates.
Forecasts built on heroics instead of a repeatable engine.
A category shifting underneath a product that used to win.
A team that got the company here but cannot get it there.
A story that does not survive contact with a sophisticated buyer.
The cheapest time to find these is before the LOI. The most expensive is after close. Bring us in while the findings can still change the price, the terms, or the decision.
Most cyber diligence is run by analysts who have never carried a number, shipped a product, or integrated an acquisition. We have.
Every principal has founded or led a cybersecurity or identity business, owned a P&L, and lived through the transactions that follow. We have sold a company to a global private-equity leader, headed up Global M&A at iC Consult, a Carlyle Group company, and built and scaled professional services organizations at Okta, Tealium, and beyond.
That means we read a target the way an operator does: where the product really sits, whether the go-to-market actually scales, what integration will cost, and where the value is hiding. Pattern recognition you can only get from having done it.
A specialist operating platform with decades building, running, and exiting cybersecurity and identity businesses, including a founder-led exit to The Carlyle Group, and deep delivery inside the identity platforms your targets are built on.

Built and sold ICSynergy to The Carlyle Group, then headed Global M&A at iC Consult, a Carlyle company. 30+ years across cyber, identity, and telecom.

Ph.D. in cybersecurity. Led enterprise security architecture and FFIEC compliance at Silicon Valley Bank and ran managed security with full P&L at AT&T.

Scaled professional services and customer success at Okta and Tealium, with delivery leadership behind 500+ IAM projects across IGA, AM, PAM, and Managed Services.
Scoped engagements with a clear deliverable, built for the speed of a live process.
An operator's read on a cyber or identity target: product maturity and defensibility, go-to-market scalability, competitive position, customer concentration, and technical debt. We pressure-test the thesis while the findings can still change the price or the decision.
Sector-specific value creation for cybersecurity and identity portfolio companies: positioning, product roadmap, packaging, and competitive differentiation, tied to the investment thesis and the value-creation plan.
Thesis-driven target identification, market mapping, and bolt-on sourcing, then post-merger integration that protects enterprise value through the first 180 days and captures the synergy across technology, leadership, and operations.
Fractional CISO, CTO, and COO firepower for portfolio companies that need senior cyber and operating muscle without a full-time hire, including board-ready reporting that keeps the thesis on track.
Built ICSynergy into a top-tier identity and access management advisory firm, then led the process that ended in its acquisition by The Carlyle Group in 2021. Operator-led growth, positioned and sold to one of the world's leading private-equity investors.
Platform and bolt-on diligence, value-creation planning, and integration for control investors building in cybersecurity and identity.
A technical and commercial read on earlier-stage cyber companies, plus GTM and scaling support for portfolio founders.
Sector expertise and operator perspective to support sell-side positioning and buy-side target assessment.
Where a mandate needs commercial execution beyond cyber-sector diligence, we bring in strategic partners like GSCE, our joint practice with Fortis Innovators. One relationship, the right specialists behind it.
The earlier we look, before LOI, before signing, the more the findings can still change the price, the terms, or the decision. We work with a select group of sponsors. If the situation fits, a short conversation tells us both.