Anonymous
During my tenure at X firm I have used quantitative analysis of the existing NIST CSF controls for the customer to conduct gap analysis and provide an actionable recommendations plan and build out a roadmap. I would use CMMI for that would rate the maturity of each of the controls from 1-5. That not only reduced a risk profile of the customer but also helped their cybersecurity maturity program by 20% improvement in their resilience against cyber threats. I would provide recs for each of the controls, sya centralized patch management system to automate patch deployment or enhance their employee security awareness training.