Cybersecurity Lab — Saint-Pierre-des-Corps, France
Find the gap
before someone
else does.
We test your infrastructure the way attackers would. Then we help you close what we find — and stay compliant with NIS2 and GDPR while doing it. The specialists who sign your contract are the ones who do the work.
What We Do
Three areas. One team.
We keep the scope narrow because depth matters more than breadth when your infrastructure is under real scrutiny.
01 — Offensive Security
Penetration Testing
External perimeter, web applications, internal network, and API endpoints — tested with the same methodology attackers use, not just automated scanners.
Learn more →02 — Regulatory Readiness
Compliance & Audit
Gap analysis and remediation planning for NIS2, ISO 27001, and GDPR security requirements. Reports your legal team can actually read.
Learn more →03 — Human Layer
Security Training
Phishing simulations, incident response tabletops, and hands-on workshops. Content built for your industry, not a generic slide deck from 2019.
Learn more →Why Us
What it looks like in practice
There are things we do differently — not as selling points, but because we think they produce better results.
No subcontracting
The people named in your contract run the engagement. No handoffs to freelancers or partner firms you've never met.
Findings your team can act on
Reports written for developers and IT managers, not just compliance officers. Each finding includes a remediation path, not just a severity score.
NIS2 and GDPR aligned
We scope every engagement with the regulatory context in mind, so pentest evidence also supports your compliance documentation.
Certifications, not claims
OSCP, CEH, ISO 27001 Lead Auditor, CompTIA Security+. Credentials that mean something in court and in front of a client's audit committee.
The Process
From first call to final report
Scope definition
We discuss your environment, regulatory obligations, and risk tolerance. No upselling — if something is outside what you actually need, we'll say so.
Authorised engagement
Testing begins only after written authorisation is signed. We follow OWASP, PTES, and OSSTMM methodologies depending on scope.
Actionable deliverables
You receive a findings report, executive summary, and a prioritised remediation checklist. We're available for a debrief call with your team.
Regulatory Coverage
Standards we work against
Every engagement produces documentation that contributes to your compliance posture — not just a technical report filed away in a drawer.
Threat Notes
Technical writing from the team
How to run a NIS2 gap analysis without hiring a Big Four firm
A structured walkthrough of Article 21 requirements and the questions your IT team should be asking before your first external audit.
Read note →What to include in a web application pentest scope — and what to leave out
Scoping mistakes that waste budget, delay delivery, and produce reports that don't reflect actual risk. What to get right before day one.
Read note →Why phishing simulations fail and what to do instead
Click rates are a poor proxy for security awareness. What the data actually shows and how to design training that changes behaviour.
Read note →Ready to start
Talk to the team that does the work
Free initial assessment. We'll look at your current setup, identify what actually needs attention, and tell you what we'd do — and what we'd skip.