Eito Is Live

I spent the last few months building something I wish existed when I first started trying to understand the Essential Eight.

Not a framework explainer. Not a checklist. Something you could actually sit down with, answer honestly, and walk away knowing where you stand. Today, that thing is live.

The Problem That Wouldn't Go Away

If you run a small business in Australia and you've ever tried to figure out your cybersecurity posture, you already know how this goes. You Google "Essential Eight", land on some government documentation, read three paragraphs of acronyms, and close the tab. Or you know you should engage with a cybersecurity professional but aren't sure what questions to ask or where you stand.

Neither of those outcomes is good. The ASD Annual Cyber Threat Report 2024-2025 puts it plainly: over 84,000 cybercrime reports last year, one every six minutes, and small businesses cop the worst of it. The gap between "I should do something about this" and "I actually did something" is where the real damage happens.

Eito exists to close that gap.

What It Actually Does

There are two ways to use it. The Quick Check takes about 5 minutes. You answer 10 questions about your security practices and get a traffic-light result. Green, amber, or red. It's a pulse check, not a diagnosis, but it's enough to tell you whether you need to dig deeper.

The full assessment takes closer to 15 minutes. It walks you through all 46 Level 1 controls across the eight strategies. At the end, you get a breakdown of where you're strong, where the gaps are, and what to do about each one. The guidance is specific. Not "improve your patch management", but actual steps you can take or questions you can ask your IT provider.

You can also download a PDF report. That part matters more than you'd think. It's the thing you hand to your IT provider and say "here, these are the gaps, let's work through them." Or the thing you bring to a board meeting, or attach to an insurance application. It turns a vague worry into a concrete conversation.

The Privacy Bit

This part I feel strongly about. Assessment data is sensitive. It's essentially a map of your vulnerabilities. I couldn't sleep at night building a tool that collected that data on a server somewhere.

So we didn't. Everything runs in your browser. Your answers are stored locally on your device. There's no signup, no login, no account, no server receiving your data, no analytics, no tracking. Nothing leaves your machine unless you explicitly export it yourself.

You can verify this yourself. Open your browser's dev tools, watch the network tab. There's nothing going out. That was a deliberate architectural decision from day one, not an afterthought.

Who I Built This For

I keep coming back to the same question: could a small business owner, someone with client data on their laptop and invoices in the cloud, someone who knows they should probably care more about cybersecurity but has no idea where to start and no budget to hire someone to figure it out, could that person actually use this?

If they can open Eito, understand the questions, answer honestly, and walk away knowing what to fix next, then we've done our job. That's the bar. Everything else, the PDF reports, the technical expert mode, the ISM control mappings, those are there for the people who need them. But the core experience has to work for someone with zero IT background.

That said, it's just as useful for MSPs who want to baseline their clients, IT coordinators who need to report upwards, or anyone getting ready for a cyber insurance renewal. The assessment is the same. The starting point is what's different.

What This Isn't

I want to be honest about the limits, because I think that matters.

Eito is a self-assessment. It tells you what you told it. If you answer "yes" to everything, you'll get a perfect score, but that doesn't mean you're actually secure. It's not a certification and it's not evidence for an insurer. It's a starting point and a conversation starter.

It also doesn't fix anything. It shows you where the gaps are. The remediation guidance tells you what to do, but you still have to go and do it. For complex environments, you'll still want a professional assessor. Eito helps you know what questions to ask before you make that call.

What Comes Next

This is the first version. It works, I'm proud of it, and I think it's genuinely useful. But there's a lot more to do. Assessment comparisons so you can track progress over time. Deeper guidance for each strategy. More educational content. Better support for teams who want to work through assessments together.

If you use it and something feels off, or you have an idea for something that would make it better, I'd genuinely love to hear from you. hello@eito.com.au. This isn't a faceless product. It's me, building something I care about, and your feedback directly shapes what happens next.