What we deliver
Compliance audits, offensive testing, secure engineering and strategic advisory — combined into a single accountable engagement.
Compliance & governance
- ISO 27001 readiness and certification support
- NIS2 directive (EU operators)
- DORA — financial digital operational resilience
- GDPR programme: data inventory, DPIA, breach SOP, SAR, vendor DPA
- SOX IT general controls (ITGC) audit
- PCI-DSS scoping and gap assessment
Offensive security & testing
- External and internal pentest (black/grey/white box, lateral movement)
- Web (OWASP Top 10 + business logic) and mobile (iOS, Android)
- Social engineering — phishing, vishing, physical (optional)
- Red / Purple Teaming — 8–16 weeks, board-level buy-in
- Perimeter VA — fast format, 2–4 weeks, Pareto quick wins
- Leak detection & OSINT — credentials, keys, internal docs
- Source code audit, supply-chain risk review
- Web3 / DeFi smart-contract audit (Solidity, Vyper, Rust)
Engineering & architecture
- Secure Development Lifecycle (SDLC) — threat modelling, SAST/SCA/DAST, secure code review
- Security Architecture Review — segmentation, cryptography, IAM
- Anti-insider programme — PAM design, UEBA, privacy-aware monitoring
Strategic advisory
- Executive Security Consulting (vCISO) — strategy, roadmap, board reporting
- Vendor selection and supply-chain risk advisory
- Independent security opinion on existing programmes
Engagement formats
- Perimeter VA: 2–4 weeks (quick start)
- Full pentest: 4–8 weeks (typical)
- Red/Purple Teaming: 8–16 weeks
- vCISO: ongoing retainer
Scope your audit
Share the target — perimeter, app, ISO 27001 readiness, full programme — and we'll come back with a scoped proposal in 48 hours.
Talk to an architect