Custom-lensed cyber security awareness training for real teams, real cultures and real risks.

LensCraft by everwished

RockFlip: trust but verify.

RockFlip is independent preparedness analysis for organisations worried they are missing something, that a consultant or supplier is just checking boxes, or that internal evidence looks tidier than reality.

It is delivered with the same zero-blame, max-results mentality as LensCraft, but it is a different thing: assurance shaped around what you need to know.

Start a RockFlip conversation Compare with LensCraft

What it is

Flip the rock. Open the cupboard. Fix what matters.

RockFlip can sit alongside LensCraft because awareness and assurance meet in the messy middle: people, process, suppliers, access, exceptions, evidence, and hidden workarounds.

You suspect boxes are being ticked

RockFlip looks past the completed checklist and asks what would actually happen under pressure, with evidence gathered calmly and independently.

You need to trust but verify

Useful for clients who want confidence in internal claims, supplier claims, consultant work, or inherited controls without starting a blame contest.

You have rights of audit

We can help exercise contractual or supplier audit rights, frame the request, review the evidence, and translate findings into practical next steps.

You want the lens your way

RockFlip can be lensed around resilience, cyber basics, supplier access, governance evidence, incident readiness, privacy risk, or a board concern.

Operating stance

Zero-blame, max-results

The work is deliberately not framed as a formal standard or process unless you want it mapped that way. It can be practical, board-facing, supplier-facing, resilience-led, or focused on one awkward question.

Zero-blame

People, suppliers, and teams are usually navigating awkward systems, old exceptions, and mixed incentives. The work starts there, not with a pile-on.

Max-results

The goal is useful improvement: clearer ownership, safer defaults, better evidence, cleaner access, and fewer places for risk to hide.

Independent enough to be useful

RockFlip can sit outside a formal standard or process unless you want it mapped that way. It is assurance shaped around what you need to know.

RockFlip findings

RockFlip findings that turn into better training

These are examples of the operational truth RockFlip can surface: not to shame people, but to make the next training campaign useful.

supplier-assurance

Supplier evidence looks complete but proves very little

The paperwork smiles. RockFlip checks whether reality is smiling too.

Why it matters: Pretty answers can hide stale controls, unmanaged access or forgotten exceptions.

Next check: Request sampled evidence with dates, owners and scope.

access-governance

Stale supplier or contractor access

Hospitality is lovely. Dormant access is not hospitality.

Why it matters: Unused access is a quiet side door.

Next check: Sample third-party accounts against current contracts and recent activity.

backup-recovery

Backups treated as magic rather than tested recovery

RockFlip checks whether backup confidence survives contact with a bad day.

Why it matters: A backup that cannot restore cleanly is just storage with self-esteem.

Next check: Review restore tests, isolation model, RTO/RPO and incident sequence.

governance

Temporary exceptions become permanent risk

Temporary should mean temporary, not “see you in the post-incident report”.

Why it matters: Attackers love “just this once” because it often lasts forever.

Next check: Sample exception registers and match them to expiry, approval and monitoring evidence.

Rights of audit

Use the rights you already have

If contracts give you rights of audit, RockFlip can help you exercise them without turning the process into a performative paper chase.

That can include framing the request, reviewing supplied evidence, checking whether answers match operating reality, and turning findings into practical next steps.

We can work on your behalf

RockFlip can help validate and improve the position, lensed how you want it to be lensed: supplier access, incident readiness, governance evidence, privacy risk, resilience, or the specific worry keeping the board awake.

  • Evidence review
  • Control sampling
  • Supplier questions
  • Remediation routes

Find the reality. Train the behaviour.

RockFlip can reveal the awkward truth underneath a control, supplier claim, consultant output or incident story. LensCraft turns that truth into training people can act on.

Start RockFlip Open LensCraft