PTG Proprietary Framework

FACHT: Free Assessment of Current Hacking Threats

Petronella Technology Group's proprietary cybersecurity assessment framework gives businesses across Raleigh, Durham, Chapel Hill, and the Research Triangle a comprehensive, expert-driven evaluation of every active threat targeting their organization. The FACHT uncovers what you cannot see -- compromised credentials, exploitable vulnerabilities, and compliance gaps -- so you can act before attackers do.

Request Your FACHT Assessment Call 919-348-4912

22+

Years of Security Expertise

2,500+

Businesses Served

BBB

Accredited Since 2003

The Framework

What Is the FACHT Assessment?

FACHT stands for Free Assessment of Current Hacking Threats. It is a proprietary cybersecurity evaluation framework developed by Petronella Technology Group and refined over more than two decades of protecting businesses throughout the Research Triangle region of North Carolina. Unlike generic vulnerability scans that produce automated reports full of noise, the FACHT is an expert-led, multi-domain assessment that examines your organization's actual exposure to the threats that matter most in today's rapidly evolving cyber landscape.

The FACHT framework was built on a simple but powerful premise: most organizations have no accurate understanding of their true cybersecurity risk. They may have antivirus software installed, a firewall configured, and a vague sense that their IT provider is handling security. But these surface-level measures create a dangerous false sense of security. The average time between an initial network compromise and discovery exceeds 200 days, meaning attackers can operate inside your environment for months before anyone notices. The FACHT eliminates these blind spots by providing a thorough, honest evaluation conducted by certified security professionals who use the same advanced tools and intelligence sources employed by enterprise security operations centers.

Every FACHT assessment covers six critical security domains and concludes with a one-on-one consultation where a PTG cybersecurity analyst walks you through every finding, explains the real-world business implications, and delivers a prioritized action plan. Whether you operate a healthcare practice in Raleigh, a federal contracting firm near Research Triangle Park, a law office in Durham, or a financial services company in Chapel Hill, the FACHT gives you the intelligence you need to make informed decisions about protecting your business, your clients, and your reputation.

Why It Matters

The Cybersecurity Threat Landscape Is Worse Than Most Businesses Realize

The threats facing businesses in the Triangle region are not hypothetical. They are active, sophisticated, and growing more dangerous every quarter.

Your Credentials May Already Be Compromised

Stolen employee passwords, email addresses, and login credentials circulate on dark web marketplaces and criminal forums every day. When a third-party service your employees use suffers a data breach, those credentials become available to anyone willing to pay for them. Attackers use automated tools to test stolen credentials against your corporate email, VPN, cloud applications, and remote access systems. If even one employee reuses a password across personal and work accounts, your entire network could be one login away from a devastating breach. The FACHT's dark web exposure scan searches thousands of underground sources to determine whether your organization's credentials have been leaked, giving you the opportunity to invalidate compromised accounts before attackers exploit them.

Basic Security Tools Are Not Enough

Many businesses in Raleigh, Durham, and the Research Triangle believe their existing security measures are adequate because they have antivirus software, a firewall, and perhaps an email spam filter. These tools address only a fraction of the modern threat landscape. Today's attackers use fileless malware that evades traditional antivirus detection, phishing campaigns that bypass standard email filters, and living-off-the-land techniques that exploit legitimate system tools to avoid triggering alerts. Without a comprehensive assessment that evaluates your security posture across multiple domains simultaneously, critical gaps remain invisible until an attacker finds and exploits them. The FACHT was designed specifically to reveal these hidden vulnerabilities.

Compliance Failures Carry Severe Consequences

Regulatory compliance is not optional for healthcare organizations subject to HIPAA, federal contractors bound by CMMC and NIST 800-171, financial services firms regulated under PCI DSS and GLBA, or technology companies pursuing SOC 2 certification. Non-compliance can result in fines ranging from hundreds of dollars to millions of dollars per violation category, loss of federal contracts, increased liability in litigation, and reputational damage that takes years to repair. The FACHT includes a compliance gap check that evaluates your current posture against the frameworks most relevant to your industry, identifying the most critical deficiencies before they become audit findings or enforcement actions.

The Cost of a Breach Far Exceeds Prevention

The financial impact of a cybersecurity breach extends far beyond the immediate incident response costs. Businesses face regulatory fines, legal fees, client notification expenses, forensic investigation costs, operational downtime, lost revenue during recovery, increased insurance premiums, and long-term reputational harm that drives clients to competitors. For small and mid-sized businesses in the Triangle, a single breach can threaten the viability of the entire organization. The FACHT assessment provides the visibility needed to identify and address your most critical vulnerabilities before they become catastrophic incidents. An ounce of prevention, delivered through a thorough expert evaluation, is worth far more than the enormous cost of incident response and recovery.

Six Assessment Domains

What the FACHT Assessment Covers

Every FACHT evaluation examines six critical security domains to deliver a complete picture of your organization's cybersecurity posture and risk exposure.

🌐

Dark Web Exposure Scan

PTG's analysts search across thousands of underground forums, criminal marketplaces, paste sites, and breach databases to identify any trace of your organization's compromised credentials, email addresses, financial data, or proprietary information. We use specialized threat intelligence feeds and tools to locate stolen accounts that could be used to breach your systems. Each discovery is documented with source information, exposure date, and specific remediation steps to neutralize the threat before an attacker can leverage it. Many businesses that complete this scan are startled to find that executive-level credentials are already circulating on criminal platforms.

🖥

Network Vulnerability Analysis

Your network perimeter is the primary attack surface that cybercriminals probe for weaknesses. The FACHT evaluates your external-facing infrastructure to identify open ports, misconfigured services, outdated firmware, weak encryption protocols, and exploitable software vulnerabilities. We assess firewall rule configurations, VPN implementations, DNS settings, SSL certificate validity, and publicly accessible services to determine whether your network presents an easy target or a hardened defense. Every vulnerability is rated by severity and paired with specific, actionable remediation guidance your IT team can implement immediately.

📧

Email Security Assessment

Email accounts for over ninety percent of successful cyberattacks. The FACHT includes a detailed evaluation of your email security posture, examining SPF, DKIM, and DMARC configurations to determine whether attackers can spoof your domain to impersonate your organization. We assess email filtering capabilities, attachment sandboxing, link protection, and phishing detection mechanisms. Our analysts evaluate your exposure to business email compromise attacks, the fastest-growing category of cybercrime targeting businesses across the Raleigh-Durham market. We also review email archival and retention policies for regulatory compliance.

💻

Endpoint Protection Review

Every laptop, desktop, mobile device, and server connected to your environment represents a potential entry point. The FACHT evaluates your endpoint protection strategy to determine whether your devices are defended against malware, ransomware, fileless attacks, and advanced persistent threats. We examine whether you have deployed modern endpoint detection and response solutions or are relying on legacy antivirus that cannot detect current threats. Our review covers patch management practices, mobile device management policies, BYOD security controls, and administrative privilege management across your endpoint fleet.

📋

Compliance Gap Check

The FACHT includes a preliminary compliance evaluation against the regulatory frameworks most relevant to your industry sector. For healthcare organizations in the Triangle, we assess HIPAA readiness. For federal contractors near RTP, we evaluate alignment with CMMC and NIST 800-171 requirements. For businesses handling payment card data, we check PCI DSS controls. For technology service providers, we review SOC 2 preparedness. Our analysts identify the most critical gaps between your current security practices and regulatory mandates, giving you a clear baseline of where you stand and what needs to be prioritized.

📊

Executive Risk Report

The FACHT culminates in a professionally prepared Executive Risk Report that translates every technical finding into clear business language your leadership team can understand and act upon. This is not a raw data dump from an automated scanner. It is a curated security briefing that summarizes your overall risk posture, highlights the most critical threats and vulnerabilities, quantifies potential business impact, and delivers a prioritized remediation roadmap with timelines and resource estimates. The report includes a visual risk dashboard suitable for board presentations and serves as a baseline for tracking security improvements over time.

How It Works

The FACHT Assessment Process

From initial contact to final deliverable, the FACHT follows a structured, proven methodology designed to be thorough without disrupting your operations.

Initial Consultation and Intake

The FACHT process begins with a brief intake meeting where PTG gathers essential information about your organization, including the number of employees, primary email domains, key systems and applications in use, and any specific security concerns you want addressed. This meeting typically takes thirty minutes and can be conducted by phone or video conference. You do not need to provide network credentials, install any software, or make any changes to your infrastructure. Our goal during intake is to understand your business context so that we can tailor the assessment to the threats most relevant to your industry and environment.

Multi-Domain Technical Assessment

Once intake is complete, PTG's certified security analysts begin the technical evaluation across all six FACHT domains. Using the same advanced reconnaissance tools, threat intelligence platforms, and assessment methodologies employed in our paid security engagements, our team conducts a thorough examination of your dark web exposure, network vulnerabilities, email security configuration, endpoint protection coverage, and compliance posture. The technical assessment is performed externally and requires no downtime or disruption to your business operations. This phase typically takes five to seven business days, depending on the complexity of your environment.

Analysis, Correlation, and Report Preparation

Raw scan results are not particularly useful without expert interpretation. During this phase, PTG's senior analysts review every finding, correlate data across the six assessment domains, assess the real-world exploitability and business impact of each vulnerability, and prepare your Executive Risk Report. Findings are categorized by severity and mapped to specific remediation actions. The report is written in clear business language that both technical staff and executive leadership can understand. Every report undergoes a quality assurance review by a senior PTG security analyst before delivery to ensure accuracy, completeness, and actionability.

One-on-One Expert Consultation

Every FACHT assessment concludes with a dedicated consultation session where a PTG cybersecurity expert walks you through every finding in your Executive Risk Report. This is a genuine security briefing, not a sales presentation. Your analyst explains what each vulnerability means in practical terms, how an attacker would exploit it, what the consequences would look like for your specific organization, and exactly what steps to take to remediate it. You have the opportunity to ask questions, discuss priorities, and receive guidance on implementation. Whether you choose to address the findings independently, work with your existing IT team, or engage PTG for remediation services, you leave with a clear, actionable roadmap.

Prioritized Remediation Roadmap

The final deliverable of every FACHT assessment is a prioritized remediation roadmap that ranks every action item by urgency and business impact. The roadmap identifies quick wins you can implement within days, critical vulnerabilities that require attention within thirty days, and strategic improvements to plan for the coming quarter. Each remediation step includes an estimated level of effort, the specific risk it addresses, and its impact on your overall security posture. This roadmap transforms cybersecurity from an overwhelming, undefined challenge into a structured, manageable initiative with clear milestones and measurable progress.

Industry Focus

FACHT Assessments Tailored to Your Industry

The FACHT framework adapts its focus based on the specific threats, attack patterns, and regulatory requirements unique to your industry sector across the Triangle region.

Healthcare and Medical Practices

Healthcare organizations are among the most targeted industries because of the high value of protected health information on criminal marketplaces. The FACHT for healthcare includes specific evaluation of HIPAA-related vulnerabilities, electronic health record system security, medical device network exposure, and patient data protection controls. Many medical practices, clinics, and healthcare organizations across Raleigh, Durham, and Chapel Hill have used the FACHT to identify critical HIPAA compliance gaps before regulators discovered them during an audit. If your practice handles PHI, the FACHT provides the visibility you need to protect your patients and your license.

Federal Contractors and Defense

With Research Triangle Park's significant federal contracting community, the FACHT pays special attention to the security requirements mandated by CMMC 2.0, NIST 800-171, and DFARS for organizations handling Controlled Unclassified Information. Our assessment evaluates whether your CUI handling practices, System Security Plan documentation, and technical controls meet the 110 security requirements necessary for contract eligibility. We identify vulnerabilities that would constitute findings during a CMMC Level 2 certification assessment. Federal contractors who complete the FACHT gain a significant head start on their compliance journey and protect their eligibility for government contracts.

Financial Services and Banking

Banks, credit unions, investment firms, insurance agencies, and financial advisors face relentless attacks from sophisticated threat actors seeking access to financial systems and client funds. The FACHT for financial services includes targeted evaluation of payment processing security, wire transfer fraud prevention, client data encryption, and regulatory compliance readiness across PCI DSS, SOX, GLBA, and FTC Safeguards Rule frameworks. We examine whether your organization's financial credentials or client account information have been compromised and whether your transaction monitoring systems can detect the subtle anomalies that signal fraudulent activity in progress.

Legal Firms and Professional Services

Law firms are custodians of extraordinarily sensitive client information, making them high-value targets for sophisticated threat actors including corporate espionage operations. The FACHT for legal practices evaluates attorney-client privilege protections, document management security, encrypted communication channels, e-discovery readiness, and compliance with state bar cybersecurity requirements. Accounting firms, consulting practices, and other professional services organizations face similar risks when handling confidential client data. Legal and professional services firms across Durham, Raleigh, and the Triangle have used the FACHT to identify security gaps that, if exploited, could have resulted in malpractice liability and loss of client trust.

Why Petronella Technology Group

The Team Behind the FACHT Framework

Petronella Technology Group has been a trusted IT and cybersecurity partner for businesses across Raleigh, Durham, Chapel Hill, Cary, Apex, and the Research Triangle since the company was founded in 2002. Over more than two decades, PTG has served over 2,500 businesses and maintained BBB accreditation since 2003. The FACHT framework was developed from this deep well of experience -- thousands of security assessments, incident investigations, and compliance engagements distilled into a repeatable, comprehensive methodology that delivers genuine insight rather than generic scan output.

Led by CEO Craig Petronella, an NC Licensed Digital Forensics Examiner (License# 604180-DFE), CMMC Certified Registered Practitioner, Cybersecurity Expert Witness, Hyperledger Certified, and MIT-certified professional in cybersecurity, AI, blockchain, and compliance, PTG brings credentials and real-world experience that most regional IT firms cannot match. Craig is an Amazon number-one best-selling author of books including "How HIPAA Can Crush Your Medical Practice," "How Hackers Can Crush Your Law Firm," and "The Ultimate Guide To CMMC." He has been featured on ABC, CBS, NBC, FOX, and WRAL, and serves as an expert witness for law firms handling cybercrime and compliance litigation.

PTG holds certifications including CCNA, MCNS, and Microsoft Cloud Essentials, and specializes in compliance frameworks spanning CMMC 2.0, NIST 800-171/172/173, HIPAA, FTC Safeguards, SOC 2 Type II, PCI DSS, GDPR, CCPA, and ISO 27001. Our forensic capabilities include endpoint and networking cybercrime investigation, data breach forensics, ransomware analysis, data exfiltration investigation, cryptocurrency and blockchain analysis, and SIM swap fraud investigation. When you complete a FACHT assessment, you are receiving the benefit of this entire body of expertise applied to your organization's unique threat profile.

Frequently Asked Questions

Common Questions About the FACHT Assessment

What does FACHT stand for and what is it?

FACHT stands for Free Assessment of Current Hacking Threats. It is a proprietary cybersecurity assessment framework developed by Petronella Technology Group in Raleigh, North Carolina. The FACHT provides a comprehensive, expert-led evaluation of your organization's exposure to active cyber threats across six critical domains: dark web credential exposure, network vulnerabilities, email security posture, endpoint protection gaps, compliance readiness, and overall executive risk. The assessment is conducted by PTG's certified security analysts using professional-grade tools and methodologies, and culminates in an Executive Risk Report with a prioritized remediation roadmap.

Is the FACHT assessment really free with no hidden costs?

Yes. The FACHT assessment is provided at absolutely no cost to qualifying businesses. There are no hidden fees, no credit card requirements, no subscription commitments, and no obligation to purchase any services from PTG. We offer the FACHT because we believe every business deserves to understand the threats targeting their organization, and because our track record of over 22 years and more than 2,500 businesses served demonstrates the caliber of expertise we bring to every engagement. If you decide to work with PTG for remediation or ongoing security services after reviewing your results, that is a completely separate conversation that happens on your terms.

What specific areas does the FACHT assessment evaluate?

The FACHT evaluates six critical security domains. The Dark Web Exposure Scan searches for compromised credentials and leaked data across criminal marketplaces and breach databases. The Network Vulnerability Analysis assesses your external-facing infrastructure for exploitable weaknesses. The Email Security Assessment examines your SPF, DKIM, and DMARC configurations along with phishing defenses. The Endpoint Protection Review evaluates device security and patch management. The Compliance Gap Check assesses readiness against relevant regulatory frameworks such as HIPAA, CMMC, PCI DSS, or SOC 2. The Executive Risk Report synthesizes all findings into a clear, actionable briefing for your leadership team.

How long does the entire FACHT process take from start to finish?

The FACHT assessment process typically takes between five and ten business days from the initial intake meeting to the delivery of your Executive Risk Report. The intake meeting takes approximately thirty minutes. The technical assessment phase requires five to seven business days and is performed externally with no disruption to your operations. The analysis and report preparation phase takes one to two additional business days. Finally, the one-on-one consultation to present your findings is scheduled at your convenience. The entire process is designed to be thorough without being time-consuming for your team.

Do I need to give PTG access to my internal systems or network?

No. The majority of the FACHT assessment is conducted using external analysis techniques that do not require access to your internal systems. During the intake meeting, we gather basic organizational information including the number of employees, primary email domains, and key systems in use. You do not need to provide network credentials, install any software, or make any changes to your infrastructure. Having your IT administrator or managed service provider available for a brief conversation can improve the accuracy of certain findings, but it is not required. Our methodology was specifically designed to deliver comprehensive results with minimal intrusion.

What happens after the FACHT assessment is complete?

After the technical analysis is complete, a PTG cybersecurity analyst schedules a one-on-one consultation to present your Executive Risk Report. During this session, the analyst walks through every finding, explains the business implications in plain language, answers all of your questions, and delivers your prioritized remediation roadmap. You leave the consultation with a clear understanding of your security strengths, your critical vulnerabilities, and the specific steps needed to reduce your risk exposure. From there, you can choose to implement the recommendations independently, work with your existing IT team, or engage PTG for professional remediation services. There is absolutely no pressure to purchase anything.

Who qualifies for the FACHT assessment?

The FACHT assessment is available to businesses and organizations operating in the Raleigh, Durham, Chapel Hill, Research Triangle Park, Cary, Morrisville, and greater Triangle, NC region. The framework is designed for small and mid-sized businesses, professional services firms, healthcare practices, federal contractors, financial services companies, legal firms, nonprofits, and other organizations that want to understand their current cybersecurity risk. Both existing PTG clients and organizations that have never worked with us before are eligible. If you are unsure whether your organization qualifies, call us at 919-348-4912 and we will discuss your situation.

Is my data kept confidential and secure during the FACHT process?

Absolutely. PTG treats all FACHT assessment data with the same rigorous security controls we apply to our managed clients' environments. All information gathered during the assessment is encrypted in transit and at rest, stored in SOC 2 compliant infrastructure, and accessible only to the specific PTG analysts assigned to your engagement. We do not share, sell, license, or repurpose your assessment data under any circumstances. Upon request, we will execute a mutual non-disclosure agreement before beginning the assessment, and you can request deletion of all assessment data at any time following the engagement.

How is the FACHT different from an automated vulnerability scan?

The difference is significant. Automated vulnerability scanners produce raw technical output that requires expert interpretation to be meaningful. They generate false positives, miss contextual risks, and cannot assess the real-world exploitability of findings. The FACHT is an analyst-driven assessment where certified security professionals review, correlate, and interpret data across six domains to deliver findings that are accurate, contextualized, and immediately actionable. Your Executive Risk Report is written in business language, not scanner output. Every finding includes a severity rating based on actual exploitability, not just theoretical risk, and every remediation recommendation is tailored to your specific environment and resources.

Can PTG help with remediation after the FACHT identifies vulnerabilities?

Yes. While the FACHT assessment itself is free and comes with no obligation, PTG offers a full spectrum of cybersecurity and IT services for organizations that want professional assistance addressing identified vulnerabilities. Our services include comprehensive security risk assessments, managed IT and security services, compliance consulting and implementation for HIPAA, CMMC, SOC 2, PCI DSS, and other frameworks, penetration testing, security awareness training, incident response planning, and ongoing security monitoring. Every engagement is tailored to your specific needs, budget, and timeline. Many organizations use the FACHT as the starting point for a long-term security partnership with PTG.

Get Started Today

Discover What Hackers Already Know About Your Organization

The FACHT assessment gives your business complete visibility into the threats, vulnerabilities, and compliance gaps that put your organization at risk. Serving Raleigh, Durham, Chapel Hill, Research Triangle Park, and the greater Triangle region since 2002. BBB accredited since 2003. Over 2,500 businesses served.

919-348-4912

Request Your FACHT Assessment View Current FACHT Offer

5540 Centerview Dr., Suite 200, Raleigh, NC 27606

Cybersecurity Services Security & Compliance Security Risk Assessment CMMC Compliance IT Security Risk Assessment All Solutions