A practical security baseline
for European SMEs.
I help European SMEs get security that is organised, defensible, and genuinely used - a practical baseline you can show customers, with ISO 27001 or NIS2 added only when you really need them.
Petr Pospíšil
Cybersecurity Architect & vCISO
The Problem
It's not a security problem.
It's a "where do we start" problem.
- A customer questionnaire arrives, and no one can answer it.
- Little real security in place, and no starting point.
- Tools get bought to suit the vendor, not the business.
That is chaos, not security.
The Solution
One senior owner for the whole picture
One retained partner to assess, prioritise, implement, and prove - every month. Senior ownership on call, not a full-time hire.
Vendor-agnostic and open-source-first. The fix is simpler than vendors admit: basic policies, basic processes, steady improvement - new tools only when they earn their place.
How We Work Together
Retained Security Partnership
Security is not bought once. It is owned, reviewed, and improved over time. The core engagement is a retained partnership - always a continuous collaboration, never a one-off project.
Advisor, architect, and engineer on demand
Senior security ownership without hiring a full-time CISO. I set priorities, review architecture, guide implementation, and keep ISO 27001 or NIS2 work grounded in practical security. The programme moves forward every month - final business accountability stays with management.
Explore the Retained PartnershipWhat the retainer covers
- Security ownership
- Risk management
- ISO 27001 / NIS2
- Architecture reviews
- Control roadmap
- Supplier assurance
- Vendor decisions
- Board reporting
Where to Start
Start in three steps
The clearest first step is the same for almost everyone: spend about four minutes on the Security Path Discovery, send me the result, and book a short call - or email it with your questions. Once I can see your actual situation, the advice is specific rather than generic.
- Step 1
Run the discovery
Four minutes, no signup. It maps your situation to a framework path and flags the regulations that apply.
Open the discovery - Step 2
Send the result
Share the output and your questions by email. The more context I have, the more useful the first reply.
Email your result - Step 3
Book a call
We walk through it together and agree the next step - usually the retained partnership.
Book a call
Fixed-Scope Projects
Came for one specific thing?
These are one-time projects with a fixed scope and a fixed price. You can order any of them without a retainer. The retainer is different by design: always a continuous collaboration, not a project with an end date.
A scoped penetration test of your web application or API, with findings you can act on.
View scope & pricingTesting of AI assistants and LLM features for prompt injection, data leakage, and abuse.
View scope & pricingA configuration and privilege review of Active Directory and Microsoft 365.
View scope & pricingA realistic phishing campaign that measures how your people actually respond.
View scope & pricingInteractive sessions for executives, boards, and technical teams that build real-world judgement.
Explore workshopsA guided incident scenario that tests your decisions before a real crisis does.
Explore exercisesAny project can lead into the retainer later. Need a one-off opinion instead? Ad-hoc consulting is available by the hour, but it is not how I prefer to work - in two or three hours I can barely understand your environment before the engagement ends. ISO 27001 and NIS2 work always runs through the retainer.
Leadership
Who leads the work
Led by Petr Pospíšil - cybersecurity architect and vCISO, CISSP-certified, 10+ years across offensive testing, threat hunting, security management, and architecture. Vetted for international work with UNDP and OSCE.
Get In Touch
Book a call
If customer questionnaires, ISO 27001 readiness, enterprise sales, or NIS2 scope questions are creating pressure, let's turn them into a practical assessment, roadmap, and implementation rhythm.
