What We Offer

Services

Each engagement is scoped around your situation. The four categories below cover the most common starting points. If your question does not fit neatly into one of them, that is a good reason to have a conversation.

"I want to know where we actually stand."

Security Assessment and Clarity

Organizations are often told they are secure. The question is whether to believe it. An independent assessment looks at your controls, your people, and your governance from the outside, and tells you honestly what it finds. The output is a clear picture of your current security posture with prioritized recommendations, in a format your board and management can read and act on.

What we deliver

  • Technical and organizational gap analysis across all four dimensions
  • NIS2 and CyFun readiness assessment
  • Security posture review with executive summary
  • Prioritized findings: what to address first and why
  • Roadmap for the next 6 to 12 months

Who this is for: Organizations that want an independent view of their security posture, or that are preparing for a regulatory review, an audit, or a board conversation about security investment.

"NIS2 is coming and I am not confident we are ready."

NIS2 Compliance and Preparation

NIS2 brings real obligations for Belgian organizations in scope: governance requirements, incident reporting deadlines, supply chain accountability, and personal management liability. Many organizations have started the conversation internally but are not sure whether they are on the right track. We help you understand what applies to your organization, assess where you stand, and build a roadmap toward compliance that is realistic and does not require a full-time compliance team.

What we deliver

  • Scope determination: are you in scope, and for which obligations
  • Gap assessment against NIS2 key requirements
  • CyFun key measures guidance and implementation support
  • ISO 27001 implementation support for CCB submission pathways
  • Executive briefings on management liability and board obligations
  • Compliance roadmap with realistic timelines

Who this is for: Organizations in sectors covered by NIS2, or organizations that supply to essential and important entities and need to address supply chain security obligations.

"My board needs to understand security risk without getting lost in technical detail."

Board-Level Governance and Assurance

Boards and supervisory committees are responsible for oversight of security risk. That responsibility is increasingly codified in law, and the days of delegating security entirely to IT and walking away are over. We work with boards and management to put in place the governance structures and reporting mechanisms that make that oversight real. We also provide independent assurance: findings that go directly to the board, from a team with no stake in the internal answer.

What we deliver

  • Independent security assurance reporting for boards and supervisory committees
  • Governance structure design: roles, accountability, and escalation paths
  • RACI framework for security decision-making
  • GRC framework implementation and tooling guidance
  • Interim CISO and vCISO advisory services
  • Internal audit preparation and second-opinion reviews

Who this is for: Organizations where the board wants genuine visibility on security risk, organizations preparing for external audits, and organizations that need strategic security leadership without a full-time CISO.

"Our people are not following the rules. Or I do not know whether they are."

Security Culture and Behavior

Security programs fail when people do not understand, believe in, or follow the policies they are supposed to. Generic awareness training rarely changes that. The problem is usually in the culture, the communication, or the way the rules are designed. We assess the behavioral side of your security program and design interventions that change what people actually do, not just what they say they know.

What we deliver

  • Cultural and behavioral assessment of your current security posture
  • Psychology-based awareness program design
  • Phishing simulations and social engineering assessments
  • Role-based training tailored to specific functions and risk profiles
  • Crisis communication planning and simulation
  • Internal communication strategy for security initiatives

Who this is for: Organizations that have invested in technical controls but still experience human-factor incidents, and organizations preparing for incidents by building genuine crisis communication capability.

Not sure which service fits your situation?

Most of our engagements start with a conversation, not a service selection. Tell us what you are dealing with and we will tell you what makes sense.

Request a conversation