About

About Straverra

Turning information-security compliance into a strategic advantage—one audit at a time.

Who We Are

Straverra is a boutique consultancy devoted exclusively to ISO 27001 implementation, internal auditing, and continual-improvement coaching for small and mid-market technology companies. We combine Big-Four methodology with start-up agility, delivering senior-level expertise without the layers of a global firm.

Our Story

In 2017, our founder Aaron Manthe started his journey as an ISO 27001 lead auditor at a multinational registrar. After certifying more than 200 organizations, he noticed the same pattern: most teams “passed” the audit but still lacked a living security culture. Determined to close that gap, he launched Straverra—named for strategia + veritas (“strategy built on truth”)—to give growing companies hands-on guidance that survives long after the certificate is framed.

What We Stand For

​

Integrity First: We refuse shortcuts and disclose every risk—even the awkward ones—because trust is our currency.

​

Clarity Over Jargon: Policies, reports, and training materials are written in plain English your board and engineers will both understand.

​

Partnership, Not Preaching: We embed with your team, transfer knowledge, and make ourselves obsolete on purpose.

​

Evidence-Driven Results: Every recommendation is mapped to audit clauses, risk scores, and measurable business impact.

​

Credentials & Affiliations

• ISO 27001:2022 Lead Auditor & Lead Implementer certificates

• Staff-held CISSP, CISA, CISM credentials

• Registered member, Cloud Security Alliance & (ISC)²

• Contributor to the ISO/IEC 27001:2022 migration working group

​

Leadership Team

• Aaron Manthe – Founder & Principal Consultant
  Former registrar auditor; specializes in SaaS and data-center controls.

• Dr. Kendra Holt, CISSP, CRISC – Director of Risk & Analytics
  Ex-FinTech CISO; built risk engines that process 40 M events/day.

• Marcus Yang, MBA, CISA – Practice Lead, Internal Audit
  Previous Deloitte GRC manager; 150+ gap assessments delivered.

​

Impact by the Numbers

• 96 % of clients pass Stage 2 on the first attempt

• 4.1 months average time from gap analysis to certificate (37 % faster than industry mean)

• $2.3 M median cyber-insurance premium savings documented across our 2023 portfolio

• Engagements in 11 countries, spanning SaaS, Med-Tech, and critical infrastructure

​

How We Work — The Straverra Method™

1. Diagnose – Rapid, evidence-based gap analysis & risk register (10 days)

2. Architect – Pragmatic control design, policy drafting, tooling alignment

3. Internal Audit – Independent audit rehearsal + corrective-action coaching

4. Certification Escort – We sit beside you (or on Zoom) during the registrar audit, answering every clause-level question

5. Sustain – Quarterly metrics review, control tuning, and auditor-style spot checks

​

Community & Thought Leadership

We publish the Straverra Field Guide (monthly ISO 27001 insights), host a quarterly webinar series on “Audit-Ready in 90 Days,” and maintain a free Slack community where 500+ security leads exchange SoA templates and audit prep tips.

​

Ready to Turn Compliance Into Competitive Edge?

Schedule a 20-minute discovery call with a Lead Auditor today.

☎ +1 (612) 555-2700 | ✉ info@straverra.com | Book Now →

Straverra — Strategy, truth, and security you can certify.