Services
Three disciplines. One team.
We keep a narrow scope because a small certified team that goes deep produces more reliable results than a large firm that distributes work across contractors. Here's what that looks like in practice.
01 — Offensive Security
Penetration Testing
External and internal infrastructure, web applications, APIs, and network segmentation. Manual testing with automated support — not the other way around.
Details →02 — Regulatory Readiness
Compliance & Audit
Gap analysis for NIS2, ISO 27001, and GDPR security requirements. Remediation planning your operations team can actually follow.
Details →03 — Human Layer
Security Training
Phishing simulations, incident response workshops, and security awareness programmes for both technical and non-technical staff.
Details →What we don't offer
Being clear about scope keeps engagements honest. We don't offer:
- Managed detection and response (MDR) — we're not an ongoing SOC provider.
- Vulnerability scanning subscriptions — automated scanners without expert analysis aren't useful to you.
- "Compliance certification" — we do gap analysis and remediation support; certification bodies are separate entities.
- Software development or CISO-as-a-service — outside our current scope.
Start a conversation
Not sure which service fits?
Describe your situation. We'll tell you what makes sense given your size, sector, and current exposure — and what's probably not worth your budget right now.