Cybersecurity for companies that want to reduce risk in a concrete way.
I analyze where you are exposed, measure real risks, and support the securing of infrastructure, applications, and suppliers with a pragmatic and understandable approach.
All activities follow recognized standards such as OWASP, NIST SP 800-115, PTES and IT controls provided by ISO/IEC 27001 and the directive NIS2.
Why security is no longer an optional.
Ransomware, data theft, operational downtime: today they mainly affect SMEs, professional firms, and local businesses because they are more exposed and often have limited defenses.
In addition to the risk of total business blockage, regulatory obligations such as GDPR, Minimum Measures and the new NIS2 Directivealso come into play, requiring much more mature security controls than in the past.
GDPR – Art. 32
Requires adequate technical measures to protect personal data: encryption, access control, ability to ensure availability and integrity.
Minimum Measures & National Guidelines
For regulated sectors: logging, backup, strong authentication, and periodic configuration checks.
NIS2 Directive (2024/2025)
Imposes more stringent security requirements for companies in essential and important sectors: risk management, technical controls, continuous monitoring, supply-chain security, incident response, and reporting obligation.
What I do, concretely.
The goal is to identify real attack surfaces, demonstrate the impact of potential vulnerabilities, and guide their resolution in a practical way.
Vulnerability Assessment
In-depth analysis of infrastructure, applications, and exposed services. Identification of vulnerabilities and remediation roadmap.
Penetration Test
Controlled attack simulations to verify the actual resilience of the environment. Coverage of web, network, and custom applications.
Supplier Security Audit
Evaluation of supplier security: contracts, SLAs, postures, and supply-chain risks. A delicate and central aspect in NIS2.
Cyber Hygiene Program
Periodic program including hardening, patching, access review, and essential controls required by ISO 27001 and NIS2.
Security Awareness Training
Concrete training on phishing, device use, and password hygiene. Includes simulations and reporting.
Incident Response / CSIRT Consulent
Immediate support in case of a suspected incident: analysis, containment, recovery, and guidance in communication with third parties.
How I work: clear method, concrete results.
Every intervention follows a structured process, essential to guarantee transparency, repeatability, and quality — especially in a NIS2 context that requires clear responsibilities in risk management.
Phase 1
Scope & Objectives
What we test, with what limits, which assets are critical.
Phase 2
Test & Analysis
Technical assessment, controlled exploits, verification of real risks.
Phase 3
Report & Priorities
Clear document with evidence, business impact, and remediation.
Phase 4
Follow-up
Support in securing and retesting if necessary.
Why trust me.
Technical, but concrete
I come from the development and infrastructure world: I understand the systems I test, I don't see them as black boxes.
Designed for SMEs
Clear and focused approach: real problems, understandable explanations, and useful operational indications.
Single point of contact
From assessment to remediation, you always and only speak with me.
Who it is for.
I work mainly with entities that have responsibilities for data processing, operational continuity, and software security:
- • SMEs with sensitive data or critical infrastructure
- • Software houses and digital entities
- • Professional firms (accountants, lawyers, consultants)
- • Companies subject to NIS2 or pre-audit ISO 27001
If you are specifically interested in ISO/IEC 27001 and want to understand how I can support your company in this journey, you will find all the details on the dedicated page.
→ Go to the ISO/IEC 27001 pageThe quality of these services is based on verified technical skills and a path of continuous training. Certifications represent an objective standard to evaluate method, approach, and reliability over time.
→ Go to the Certifications pageWant to understand where to start?
We can start with an exploratory call and a preliminary assessment of your security posture, in view of GDPR, NIS2, and technical best practices.
Request a consultation