Most organizations are not prepared to restore critical services after a severe cyber outage — one where primary systems, backups, and conventional recovery tools fail simultaneously.
to complete the free Cyber Recovery Readiness Assessment
your recovery readiness score, across five dimensions
dimensions that determine whether you actually survive
registration required to take the self-assessment
The Problem
Traditional Business Continuity Plans are built around applications and assets, not business outcomes. When a severe outage hits every system at once, application-centric plans have no answer for immediate survival.
The result: systems are restored in priority order while customers wait, regulators ask questions no one can answer, and boards discover that the plan they approved does not work for the attack that actually happened.
Most boards do not know their organization's true recovery exposure. Most CISOs are measured on security investment, not recovery readiness. The gap between perceived and actual resilience is where the greatest risk hides.
Our Approach
We start with one question: what is the minimum your organization must deliver to remain viable? Dependency mapping, restoration protocols, tested recovery velocity, and Board-level accountability all follow from that answer.
AI-assisted tools make this faster and more accurate than ever — and keep your plan current as your environment changes.
Resilience by Design builds on the framework the U.S. financial sector chose for severe-outage recovery — Sheltered Harbor, now managed by FS-ISAC. Our founder created it.
Our Origin
In 2015, the U.S. financial sector realized that they didn't have a plan for how to maintain customer confidence if a financial institution was operationally knocked out by a cyber attack. The sector created Sheltered Harbor, committed over 300 subject matter experts to find a solution for the problem and three months later hired Carlos Recalde to define the approach and make it real. His team is now available as Resilience by Design and it's turbo charging the solution for critical sector organizations of all sizes.
Founded by the creator of Sheltered Harbor — the framework selected by the U.S. financial sector to address severe-outage recovery readiness, now owned and managed by FS-ISAC. Our work is grounded in direct experience building the sector's primary recovery resilience mechanism, and in the recognition that AI makes genuine resilience achievable at a fraction of the previous cost and time.
What We Do
A free, 10-question self-assessment that reveals where your organization stands across five dimensions of recovery readiness. Takes 8 minutes. No registration required.
A facilitated leadership workshop for your board and C-suite that validates your actual recovery readiness and produces a prioritized roadmap. Delivered by our founder.
Strategic resilience advisory helping boards understand their exposure, mandate the right investments, and hold leadership accountable for genuine recovery readiness.
AI tools that translate your minimum viable operation into a continuously maintained system for managing risk, dependencies, and recovery readiness as your environment evolves.
Start Here
The Cyber Recovery Readiness Assessment is free, takes 8 minutes, and requires no registration. It reveals where your organization stands — and where your floor is.
Take the Free Cyber Recovery Readiness Assessment →Takes 8 minutes · No registration · Immediate results