SEO Strategy — Narrative Consulting

1. Executive Summary: What to Do, In What Order

Week 1 — Technical Foundation (Days 1-3)

Add app/sitemap.ts and app/robots.ts using Next.js MetadataRoute API
Add JSON-LD structured data (ProfessionalService, Organization schemas) to the marketing layout
Expand metadata on every marketing page (title, description, Open Graph, canonical URLs)
Submit sitemap to Google Search Console and verify the domain
Set up Google Analytics 4 with conversion events (form submissions, assessment starts)

Week 2-3 — Content Infrastructure

Build a blog route (app/(marketing)/blog/) with MDX or a lightweight CMS
Publish 3-4 foundational "pillar" articles (see keyword map below)
Create a Google Business Profile for Narrative Consulting
Claim Clutch.co and G2 profiles

Month 1-2 — Content Engine

Publish 2 articles per week (not daily — see rationale below)
Create 1 downloadable lead magnet (SOC 2 Access Control Checklist PDF)
Syndicate every article to LinkedIn with a personal commentary post
Set up Qwoted/Featured.com profiles for journalist source requests

Month 3+ — Compounding

Publish first case study (anonymized if needed)
Launch a "compliance readiness" interactive assessment (you have the engine)
Begin guest posting on 1-2 cybersecurity/compliance publications
Evaluate paid content promotion on LinkedIn for highest-performing articles

2. Keyword Map

Organized by search intent and buyer journey stage. Estimated difficulty and volume are directional — confirm with Ahrefs or Semrush free tier.

Informational (Top of Funnel — Problem Aware)

These are people who know they have a problem but are researching solutions. This is where blog content lives.

Keyword Cluster	Example Terms	Content Type
SOC 2 access controls	"soc 2 access control requirements", "soc 2 logical access controls", "soc 2 user access review requirements"	Definitive guide
Okta implementation	"okta sso implementation guide", "okta lifecycle management setup", "okta governance configuration"	Technical walkthrough
Access reviews	"user access review process", "how to run access certifications", "access review template", "quarterly access review"	Template + guide
RBAC implementation	"role based access control implementation", "rbac best practices", "how to design rbac model"	Framework guide
Identity lifecycle	"employee onboarding access provisioning", "offboarding access revocation checklist", "joiner mover leaver process"	Checklist + guide
Compliance prep	"soc 2 audit preparation checklist", "hipaa access management requirements", "identity governance for compliance"	Downloadable checklist
Mid-market identity	"identity governance for growing companies", "when to hire identity team", "identity management 500 employees"	Thought leadership

Commercial (Middle of Funnel — Solution Aware)

These people know they need help and are comparing options.

Keyword Cluster	Example Terms	Content Type
IGA tool comparison	"okta vs azure ad identity governance", "sailpoint alternatives mid-market", "okta identity governance review", "best iga tools for mid-market"	Comparison articles
Consultant search	"identity governance consultant", "iga implementation partner", "okta implementation consultant", "iam consulting services"	Service pages / About
Build vs buy	"build vs buy identity governance", "identity governance platform vs consultant", "diy vs managed iam"	Thought leadership
Vertical-specific	"fintech identity governance", "healthcare iam requirements", "hipaa identity management"	Vertical landing pages

Transactional (Bottom of Funnel — Ready to Buy)

These people are looking for a provider.

Keyword Cluster	Example Terms	Content Type
Direct service	"identity governance assessment", "iam audit services", "access control audit", "identity infrastructure review"	Service/Package pages
Location + service	"identity governance consultant [city]", "iam consulting near me"	Google Business Profile
Branded	"narrative consulting", "access narrative", "narrative consulting identity"	Homepage / About
Pricing signals	"identity governance consulting cost", "iam implementation pricing", "soc 2 readiness consultant pricing"	FAQ / Pricing transparency

Long-Tail Opportunities (Low Competition, High Intent)

These are specific enough that a single well-written article can rank on page 1:

"how to pass soc 2 access control audit"
"okta access certification campaign setup"
"quarterly user access review template"
"joiner mover leaver automation okta"
"rbac model template for saas company"
"identity governance roadmap for series b startup"
"soc 2 type 2 identity requirements"
"offboarding checklist access revocation"
"okta terraform configuration best practices"
"how to implement least privilege access"

3. Content Calendar: First 3 Months

Publishing Cadence: 2x Per Week (Not Daily)

Why not daily? For a solo consultant in a niche B2B space:

B2B buyers don't read daily. They research deeply during specific buying windows.
One exceptional, technically accurate 2,000-word article outperforms five 500-word posts. Google's Helpful Content system rewards depth and expertise.
Daily publishing at high quality is unsustainable for a solo operator and leads to thin content that hurts rankings.
The data supports 2-4 posts/week as the sweet spot for B2B. Companies publishing 2-4x/week see optimal traffic-to-lead conversion.
Your time is better spent on 2 deep articles + LinkedIn distribution than 5 shallow ones.

Target: Tuesday and Thursday publishing. ~1,500-2,500 words per article. Each article should have a clear CTA (assessment booking, checklist download, or newsletter signup).

Month 1: Foundation Pillars

Week	Tuesday	Thursday
1	The Complete Guide to SOC 2 Access Control Requirements (pillar — 3,000 words, covers CC6.1-CC6.3, practical implementation)	What Is Identity Governance? A Plain-English Guide for Growing Companies (pillar — defines IGA for non-technical decision-makers)
2	User Access Review Process: The Step-by-Step Guide (includes downloadable template)	Okta vs Azure AD for Identity Governance: Mid-Market Comparison (comparison, high search volume)
3	The Joiner-Mover-Leaver Problem: Why Your Employee Lifecycle Is a Security Hole (problem-aware content)	RBAC Implementation Guide: How to Design Roles That Actually Work (technical depth, template included)
4	Identity Governance Roadmap for Series B Startups (niche audience, low competition)	5 Identity Red Flags Every SOC 2 Auditor Looks For (audit prep angle, builds urgency)

Month 2: Vertical Deep Dives + Comparisons

Week	Tuesday	Thursday
5	Identity Governance for Fintech: What Your Compliance Team Needs to Know (vertical page)	SailPoint vs Okta: Which IGA Platform Fits Mid-Market? (high-traffic comparison)
6	Healthcare Identity Management: HIPAA Access Control Requirements (vertical page)	How to Run Your First Access Certification Campaign in Okta (tactical tutorial)
7	The Real Cost of Identity Governance: Build vs Buy vs Consultant (addresses pricing objections)	Quarterly Access Review Template (Free Download) (lead magnet)
8	Okta Terraform Modules: Infrastructure as Code for Identity (technical audience, links to your open-source modules)	What to Expect from an Identity Governance Assessment (pre-sale education)

Month 3: Case Studies + Advanced Topics

Week	Tuesday	Thursday
9	Case Study: How a 400-Person Fintech Went from Zero to SOC 2 Compliant in 8 Weeks (anonymized)	Non-Human Identity Governance: Service Accounts, API Keys, and Secrets (emerging topic)
10	Least Privilege Access: Implementation Guide for Real-World Orgs (technical depth)	The Offboarding Access Revocation Checklist (downloadable, practical)
11	Why Identity Governance Fails: 7 Mistakes Mid-Market Companies Make (thought leadership)	Okta Identity Governance (OIG) Review: Strengths, Gaps, and Workarounds (honest product review)
12	Building an Identity Governance Program from Scratch: A 90-Day Plan (comprehensive guide, links to assessment)	SOC 2 Type 2 vs Type 1: What Identity Controls You Actually Need (audit prep)

4. Technical SEO Checklist (Next.js on Vercel)

Critical — Do This Week

Create app/sitemap.ts — Use Next.js MetadataRoute.Sitemap to auto-generate. Include all marketing pages, future blog posts. Vercel serves this at /sitemap.xml automatically.

// app/sitemap.ts
import type { MetadataRoute } from 'next'

export default function sitemap(): MetadataRoute.Sitemap {
  const baseUrl = 'https://accessnarrative.com'
  return [
    { url: baseUrl, lastModified: new Date(), changeFrequency: 'weekly', priority: 1 },
    { url: `${baseUrl}/trust`, lastModified: new Date(), changeFrequency: 'monthly', priority: 0.8 },
    // Add blog posts dynamically when blog is built
  ]
}

Create app/robots.ts — Allow crawling of marketing pages, block admin/CRM/portal routes.

// app/robots.ts
import type { MetadataRoute } from 'next'

export default function robots(): MetadataRoute.Robots {
  return {
    rules: {
      userAgent: '*',
      allow: '/',
      disallow: ['/admin/', '/crm/', '/portal/', '/expenses/', '/api/'],
    },
    sitemap: 'https://accessnarrative.com/sitemap.xml',
  }
}

Add JSON-LD structured data to the marketing layout (ProfessionalService, Organization schemas).

// In app/(marketing)/layout.tsx
const jsonLd = {
  '@context': 'https://schema.org',
  '@type': 'ProfessionalService',
  name: 'Narrative Consulting',
  url: 'https://accessnarrative.com',
  description: 'Identity governance consulting for mid-market companies...',
  serviceType: ['Identity Governance Consulting', 'SOC 2 Compliance', 'IAM Implementation'],
  areaServed: 'US',
  priceRange: '$$$',
  knowsAbout: ['Identity Governance', 'Access Management', 'SOC 2', 'RBAC', 'Okta', 'HIPAA'],
}

// Render in layout:
<script
  type="application/ld+json"
  dangerouslySetInnerHTML={{ __html: JSON.stringify(jsonLd) }}
/>

Expand metadata on every page — Each page needs unique title, description, Open Graph image, metadataBase URL, canonical URLs, Twitter card metadata, OG image.
Register and verify in Google Search Console — Submit sitemap, check for indexing issues.
Set up Google Analytics 4 — Track page views, form submissions, assessment starts, outbound link clicks.

Important — Do Within 2 Weeks

Create OG images — Either a static branded image or use Next.js opengraph-image.tsx route for dynamic OG images per page/blog post.
Ensure all images have alt text — Check existing marketing components.
Add canonical URLs — Prevent duplicate content issues. Use the alternates.canonical field in metadata exports.
Check Core Web Vitals — Run Lighthouse on every marketing page. Target LCP < 2.5s, INP < 200ms, CLS < 0.1.
Ensure proper heading hierarchy — H1 on each page (one only), H2s for sections, H3s for subsections. Audit existing components.

Ongoing

Internal linking — Every blog post should link to 2-3 other relevant posts and at least one service page. This is critical for SEO and often overlooked.
URL structure — Blog posts at /blog/[slug]. Keep URLs short, descriptive, lowercase, hyphenated. Example: /blog/soc-2-access-control-requirements.
Page speed monitoring — Vercel Speed Insights (free) or Web Vitals reporting in GA4.

5. Content Types Ranked by Expected ROI

Ranked from highest to lowest ROI for a solo identity governance consultant:

Tier 1: Highest ROI (Do First) Tier 1

1. Interactive Assessment Tool (You already built this!)

Why: Interactive content converts 2x better than passive content. A free "Identity Governance Readiness Assessment" that scores a prospect's maturity level is the single best lead magnet for this business. It surfaces gaps only a consultant can close.

Action: Make the assessment publicly accessible, gate the detailed report behind an email.

Expected conversion: 15-25% of visitors who start it will provide their email.

2. Pillar Blog Posts / Definitive Guides

Why: Long-form (2,000-3,000 word) guides targeting specific keyword clusters rank well and establish authority. They become the pages that rank and drive traffic for months/years.

Action: Write the 8 pillar articles in Month 1-2 of the content calendar.

Expected timeline to rank: 3-6 months for medium-competition terms.

3. Downloadable Templates and Checklists

Why: Practical, immediately useful content earns backlinks and email signups. Examples: "SOC 2 Access Control Checklist," "Quarterly Access Review Template," "Offboarding Revocation Checklist."

Action: Create 1 per month, gate behind email.

Expected conversion: White paper/template downloads convert to sales opportunities at ~7% (vs 4% for blog subscribers).

Tier 2: Strong ROI (Do in Month 2-3) Tier 2

4. Comparison Articles

Why: "Okta vs Azure AD" and "SailPoint alternatives" searches have real volume and commercial intent. People comparing tools are actively in a buying cycle and may need implementation help.

Action: Write 2-3 honest, technically detailed comparison articles.

5. Case Studies

Why: 73% of marketers consider case studies highly effective for lead generation. They provide proof of competence.

Action: Write 1 per quarter. Anonymize if needed ("a 400-person fintech" is fine). Focus on the problem, approach, and measurable outcome.

6. Vertical Landing Pages

Why: "Fintech identity governance" and "healthcare IAM requirements" are low-competition, high-intent terms. Dedicated pages for each vertical rank separately from generic pages.

Action: Create pages at /fintech, /healthcare, /soc-2-compliance.

Tier 3: Good ROI When Resources Allow (Month 3+) Tier 3

7. LinkedIn Thought Leadership Posts

Why: LinkedIn drives 80% of B2B social leads. Personal profiles get 8x more engagement than company pages. 95% of decision-makers say thought leadership makes them more receptive to outreach.

Action: Repurpose every blog post into a LinkedIn post with personal commentary. Post 3-5x/week on LinkedIn (separate from the blog).

8. Open-Source Contributions / Technical Content

Why: Your Okta Terraform modules (narrative-terraform-modules) are a unique asset. Technical content about them builds credibility with engineering decision-makers and earns organic backlinks.

Action: Write blog posts about the modules, reference them in relevant articles.

Tier 4: Lower Priority for Solo Operator Tier 4

9. Webinars

High conversion (55% average) but high effort. Defer until you have an audience to invite. Consider co-hosting with a compliance platform.

10. Whitepapers

Effective (61% of B2B buyers find them valuable early-stage) but time-intensive. Convert a pillar blog post into a designed PDF as a quicker alternative.

11. Video Content

Growing in importance but requires production effort. Start with short LinkedIn video clips (2-3 minutes) before investing in long-form.

6. Distribution Channels

Where to syndicate and promote content, ordered by expected impact:

Primary (Every Article)

1. LinkedIn Personal Profile — Post a condensed version of every article with a personal take. Tag relevant hashtags (#IdentityGovernance, #SOC2, #IAM, #Cybersecurity, #Compliance). Do NOT just drop a link — write a standalone post that provides value, then add the link in a comment or at the end.

2. Google Search (Organic) — This is the long game. Properly optimized articles will rank within 3-6 months and drive traffic indefinitely.

3. Email Newsletter — Even with 50 subscribers, email is the highest-converting channel. Start collecting emails from day 1 via the assessment tool, template downloads, and a simple "Identity governance insights — no spam" signup.

Secondary (Weekly)

4. Reddit — Subreddits like r/cybersecurity, r/sysadmin, r/netsec, r/ITManagers, r/compliance. Don't spam links — participate in discussions, answer questions, and reference your content when genuinely relevant. One high-quality Reddit comment can drive more qualified traffic than a month of social posting.

5. Hacker News — For highly technical articles (Terraform modules, infrastructure-as-code for identity). Low probability of front page but high-quality audience.

6. X/Twitter — Short insights, threads breaking down complex topics. Tag vendor accounts (Okta, SailPoint) when discussing their products.

Tertiary (Monthly)

7. Guest Posts — Target publications like CSO Online, Dark Reading, SecurityWeek, Help Net Security, The Hacker News. Pitch 1 guest post per month. These earn high-authority backlinks.

8. Qwoted / Featured.com / Source of Sources — Sign up as an expert source. Respond to journalist queries about identity, compliance, IAM topics. 5-15% success rate per pitch, but each placement earns a high-authority backlink. Source of Sources was created by HARO's original founder.

9. #JournoRequest on X — Monitor this hashtag for journalist source requests related to cybersecurity/compliance. Free, zero overhead.

10. Industry Podcasts — Pitch yourself as a guest on cybersecurity and compliance podcasts. Prepare 2-3 topic pitches. Podcasts earn backlinks from show notes and build name recognition.

7. Quick Wins (This Week)

These require minimal effort and have immediate impact:

Day 1 (30 minutes)

Create app/robots.ts blocking /admin/, /crm/, /portal/, /expenses/, /api/
Create app/sitemap.ts with all current marketing pages

Day 1 (1 hour)

Sign up for Google Search Console and verify accessnarrative.com
Submit sitemap URL
Set up Google Analytics 4 with basic events

Day 2 (1 hour)

Add JSON-LD structured data (ProfessionalService schema) to marketing layout
Add metadataBase to the root layout metadata
Expand Open Graph tags on the marketing layout (add image, site_name, locale)
Add Twitter card metadata

Day 2 (30 minutes)

Create a Google Business Profile for Narrative Consulting
Create a Clutch.co company profile
Sign up for Qwoted as an expert source
Sign up for Featured.com (formerly HARO)

Day 3 (2 hours)

Write and publish your first blog post: "The Complete Guide to SOC 2 Access Control Requirements"
Share a condensed version on LinkedIn

Day 4-5 (3 hours)

Make the assessment tool publicly accessible at a clean URL like /assessment/identity-governance
Gate the detailed results behind email capture
Add the assessment as a CTA on every marketing page

8. Measurement Plan

Tools (All Free)

Tool	Purpose
Google Search Console	Impressions, clicks, average position, indexing status, crawl errors
Google Analytics 4	Traffic, engagement, conversions, user flow
Vercel Analytics	Core Web Vitals, page performance (included with Vercel)
Search Analytics for Sheets	Pull GSC data into Google Sheets for custom reporting
Ahrefs Webmaster Tools (free)	Backlink monitoring, basic keyword tracking

KPIs to Track Monthly

Traffic Metrics

Organic search sessions (target: 500/month by month 6, 2,000/month by month 12)
Pages indexed in Google (check in GSC)
Average position for target keywords
Impressions for target keyword clusters

Engagement Metrics

Average engagement time per page (target: >2 minutes for blog posts)
Scroll depth on pillar articles
Internal link click-through rates

Conversion Metrics (What Actually Matters)

Assessment starts per month
Assessment completions (email captures)
Contact form submissions
Newsletter signups
Total leads from organic search

Authority Metrics

Referring domains (backlinks) — track in Ahrefs free tier
Domain authority/rating (directional, not a Google signal but useful benchmark)
Brand name searches in GSC

Monthly Review Process (1 Hour)

Check GSC for new keyword rankings and impressions trends
Check GA4 for organic traffic growth and conversion events
Review which content pieces drove the most leads
Identify keywords where you rank 5-15 (striking distance — optimize these)
Plan next month's content based on what's working

Realistic Timeline for Results

Organic Growth Trajectory

Month 1-2: Minimal organic traffic. Google is indexing your content. Focus on publishing and technical foundation.
Month 3-4: First rankings for long-tail keywords. Expect 100-300 organic sessions/month.
Month 6: Pillar content starts ranking for medium-competition terms. 500-1,000 sessions/month.
Month 9-12: Compounding effect. 1,500-3,000 sessions/month if publishing consistently. First organic leads.
Month 12+: Authority kicks in. New content ranks faster. 3,000-5,000+ sessions/month is realistic for this niche.

9. Competitive Landscape Notes

Who You're Competing Against for Rankings

Okta, SailPoint, Microsoft

They own branded and product-level terms. Don't compete head-on for "okta identity governance" — instead target "okta identity governance implementation guide" or "okta iga review" (long-tail, consultant-perspective content).

IGA SaaS Vendors (Zluri, ConductorOne, Lumos, Securends)

They publish comparison and educational content aggressively. Their weakness: vendor bias. Your advantage: vendor-neutral, practitioner perspective.

Large Consulting Firms (Idenhaus, iC Consult, Intragen)

They rank for "identity governance consultant" but their content is often generic and sales-focused. Your advantage: technical depth, specific frameworks, and downloadable tools.

Compliance Platforms (Secureframe, Vanta, Drata)

They own SOC 2 educational content. Their weakness: they focus on their platform. You focus on identity-specific controls.

Your Unique Angles

Vendor-neutral practitioner — You've actually implemented this stuff. Write from experience, not from a product pitch.
Open-source Terraform modules — Unique technical credibility. No competitor has this.
Mid-market focus — Most IGA content targets enterprise. "Identity governance for 300-500 employees" is underserved.
Assessment tool — Interactive, free, and directly addresses prospect's #1 question: "Where do we stand?"
Specific pricing — Publishing your service pricing builds trust and pre-qualifies leads. Most competitors hide pricing.

10. Honest Assessment: What's Realistic

What Will Work

Technical, depth-first blog content targeting long-tail keywords (3-6 month payoff)
The assessment tool as a lead magnet (immediate payoff once promoted)
LinkedIn thought leadership tied to blog content (1-3 month payoff)
Downloadable templates/checklists gated behind email (immediate payoff)
Google Business Profile for local/branded searches (2-week payoff)

What Won't Work (For a Solo Consultant)

Competing for head terms like "identity governance" or "SOC 2 compliance" — the SaaS vendors and big firms own these
Publishing daily — unsustainable and counterproductive at this scale
Building a massive backlink profile quickly — focus on 2-3 high-quality links per month
Video/podcast production at scale — start text-first, add multimedia later
Paid ads as a primary channel — CAC will be too high for these deal sizes

The Math

Revenue Projection from SEO (6-Month Horizon)

If you publish 2x/week for 6 months (48 articles):

Expect 20-30 articles to rank for at least one long-tail keyword
Expect 5-10 articles to rank on page 1 for their target keyword
At 2,000 organic sessions/month and 2% conversion rate = 40 leads/month
At 10% lead-to-call rate = 4 discovery calls/month from organic
At 25% close rate with an average deal of $5,000 = $5,000/month from SEO alone

That's conservative and takes 6+ months to materialize, but it compounds. By month 12, organic should be your primary lead channel.

SEO Strategy / Narrative Consulting