Basilisk Security Advisory
Basilisk Security Advisory
  • Home
  • Framework
  • More
    • Home
    • Framework
Get in Touch
  • Home
  • Framework
Get in Touch

The Saga Framework

 A narrative methodology for turning security findings into decisions executives act on.  Debuted as the closing keynote at RVAsec 15, June 2026. 

What is the Framework

 Security teams are trained to find risk. We are rarely trained for the part that comes after: walking into a boardroom and turning the finding into a decision a CFO can act on by Friday.


The Saga Framework is a methodology for closing that gap. It gives security practitioners a library of story patterns drawn from mythology — patterns that already match the work we do — and a five-step method for applying them to any finding in your queue, including the ones you have been avoiding.


It is not storytelling for storytelling's sake. It is a decision-engineering tool that uses narrative as the structural scaffold for executive communication.

Target Audience

  •  CISOs and security leaders presenting to boards, audit committees, and executive teams


  • Security managers and directors building communication capability in their teams


  • GRC, risk, and assurance professionals translating technical findings for non-technical stakeholders


  • Consultants and advisors who help client security programs mature their reporting


If you have ever delivered a finding you knew would not get actioned, the framework is built for you. 

QuickStart Card

Download PDF

 Ready to use it Monday? The complete methodology is yours by request 

Read the Framework

The Five-Step Method

  The talk-friendly version of the framework. Five steps you can run on any finding, starting Monday:

  1. Identify the decision you need.
  2. Pick the story pattern that fits your situation. 
  3. Map your environment, your people, and your initiative into a simple narrative frame. 
  4. Calibrate how much story versus data your audience can handle. 
  5. Anchor every metaphor in a real number and make the ask.

The Seven Archetypes

The framework's pattern library. Each archetype matches a recurring shape that security work actually takes:


  • The Siege — sustained external pressure, active attack, the SOC's daily reality
  • Prophet's Warning — a warning that was issued and ignored, now materializing
  • Dragon's Awakening — a dormant risk the assessment just surfaced
  • Quest for the Sacred Artifact — acquiring a new capability, platform migration, technology adoption
  • Merchant's Journey — vendor risk, third-party assessment, supply chain
  • Alliance Formation — cross-functional partnership, M&A integration, joint operations
  • Succession Crisis — continuity planning, key-person risk, leadership transition


The full manual develops each archetype with structural patterns, language templates, worked examples, and guidance on when to use which.

Welcome to Basilisk Security Advisory Consulting

The Full Framework Manual -The complete methodology: archetype patterns, the Three Pillars, the Mythology Dial, plus field-ready worksheets and a 15-minute quick path. Available by request. 

Get the Framework

Take It With You

Whitepaper

  The research, the three pillars, and the case for narrative in security communication. 

Download the Whitepaper

Quickstart Card

 One page: pick your archetype, set the dial, build a board-ready ask in minutes. 

Download the Quickstart Card

Built by Basilisk

 First presented as the closing keynote at RVAsec 15 (June 2026), in a talk titled "Use It Monday: A 5-Step Method for Turning Security Findings Into Stories Executives Act On." The Saga Framework is the flagship methodology of Basilisk Security Advisory, founded by Victoria Mosby. She has spent her career on the receiving end of security findings: reviewing the reports after they land, sitting in the rooms where they get handed to executives, watching what happens in the ninety seconds after someone hits the last slide. The framework is the synthesis of what she has seen succeed and what she has seen die. 

Copyright © 2026 Basilisk Security Advisory - All Rights Reserved.

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept