Skip to main content

Information Security Advisory Services

e-CISO | Security Advisor | B2B

Discuss your project

Confidentiality guaranteed

🛡️
15+15+ Years Experience
Frameworks & MethodologiesCISSP · CISM · SABSA · OWASP · NIST CSF · BSIMM
GlobalInternational Projects

Sound familiar?

Your business has grown.

  • Security complexity came with it
  • Your product is gaining traction
  • You attract more attention from attackers
  • Regulators, partners, and customers are asking harder security questions

I help businesses navigate this stage without panic, overspending, or security theatre.

External CISO / Security Advisor

I work as an external CISO / Security Advisor for growing companies that need clarity, structure, and risk-based decisions — not fear-driven security.

I help you:

  • understand what modern information security actually is (and what it is not)
  • avoid unnecessary tools, audits, and consultants
  • focus security efforts on what matters for your business goals
  • make clear, defensible decisions for management, partners, and regulators

Security is not one-size-fits-all

Together, we:

  • assess your real business and technical risks
  • define security priorities aligned with growth, revenue, and compliance needs
  • choose from several viable security strategies — not a single "best practice" myth
  • build or adjust security governance, processes, and architecture at the right depth

The result:

Practical, scalable security that supports your business instead of slowing it down.

My Role

I don't:

  • use polished words without numbers, facts, and accountability
  • sell tools
  • push certifications for their own sake
  • create fear

I bring:

  • structure and prioritization (risk-based roadmap)
  • executive-level security thinking aligned with business goals
  • measurable reporting: KPIs, dashboards, regular updates, decision artifacts
  • experience with large-scale systems and regulated environments

My Services

B2B Security

Comprehensive information security solutions for businesses, including risk assessment, strategy development, and implementation of protective measures.

e-CISO

Virtual Chief Information Security Officer for your company. Strategic information security leadership without the need for a full-time CISO.

Security Advisor

Expert cybersecurity consultations, security system audits, Security Architecture Review, assistance in selecting solutions and technologies.

Secure SDLC (Shift-Left Security)

Embed security into your SDLC and build Secure SDLC from scratch: security requirements, threat modeling, CI/CD gates, secure code review, SAST/DAST, SCA, metrics. AppSec and security architecture design.

Vulnerability Management

End-to-end vulnerability management program: strategy, risk-based prioritization, scanning (Tenable, Qualys, etc.), KPIs and reporting, alignment with ISO 27001 / PCI DSS / SOC 2. Also: Bug Bounty setup and operations (policy, scope, triage, SLA, metrics). Delivered remotely.

Incident Response

Incident response plans, runbooks, tabletop exercises, and team preparedness. So when an incident hits, you know what to do.

Certification & Audit Readiness

Preparation for SOC 2, ISO 27001, PCI DSS: gap analysis, policies, internal audit, readiness for certification. Without overspending on consulting factories.

Security Policies & Procedures

Design and implementation of information security policies and procedures tailored to your business and regulatory context. Not off-the-shelf templates — working documents.

Security Awareness & Training

Employee security awareness programs: training (including mandatory for compliance), phishing simulations, metrics and reporting. Building a security culture without box-ticking.

My Principles

🔒

Security by Design

Security is built into the design phase, not added as an afterthought. This allows us to create reliable systems from the start.

💰

Cost-Effectiveness

Cost-effectiveness — every dollar invested should bring maximum value to your business security.

No "Department of No"

I don't create security that only says "no" and blocks everything. Instead, I help find secure ways to implement your business initiatives — without losing convenience or process flexibility.

📊

Proof over buzzwords

I rely on measurable outcomes and artifacts: metrics, numbers, written recommendations, decision details, and lessons learned. Direct communication is key to success and meeting expectations — no empty rhetoric.

NDA & Confidentiality

Before discussing sensitive business details we sign an NDA — this formalises our mutual confidentiality commitments.

Sample NDA · Mutual NDA

For extra confidentiality you can encrypt messages to contact@eciso.eu with PGP. Public key: Download key (.asc) · keys.openpgp.org.

Ready to discuss your project?

Get in Touch

FAQ

How does engagement work?

We start with a short call or meeting to understand your context and goals. Then I propose a format: one-off advisory, a monthly retainer, project-based work, or an external CISO role with a fixed scope. We sign an NDA before discussing sensitive details when needed.

Do we need certifications (ISO 27001, SOC 2)?

It depends on your industry, customers, and regulators. I help you figure out what you actually need now versus what can wait or be replaced with simpler measures.

Do you work with companies in the EU or other jurisdictions?

Yes. I have experience with regulated environments and multiple jurisdictions. We can align on requirements for your situation.

What’s the best way to start?

Email contact@eciso.eu with a short note: what your company does, which jurisdictions you operate in, company size, what worries you about security, and what outcome you want. I’ll suggest the next step.

Ready to get started?

Contact me to discuss how I can help protect your business and address your information security needs.

Get in Touch

Optional: encrypted email

Regular email to contact@eciso.eu is fine. If you already use PGP and want to encrypt our correspondence, you can download my key here.

Download key (.asc) · keys.openpgp.org