Our Services

Every organisation is unique.

That is why we provide experienced consultants, proven processes, and practical tools that can be adapted to your specific needs.

Book a Consultation

David Arveklint Borin, Founder & CISO

Thomas Cuénant, Founder & CISO

We tailor our services to your needs.

We offer more than just an individual consultant, we combine expertise, templates, processes, and tools into a comprehensive solution.

This approach ensures that we deliver tangible value to your organisation, rather than simply providing access to individual expertise.

What’s Always Included?

Access to a full team of experts
A dedicated point of contact who coordinates the work and manages responsibilities internally
Fast onboarding – we are ready to deliver from day one
Proven experience and industry best practices
Efficient delivery – no costly experiments or overly complex solutions
Fixed pricing for predictability and cost control
A straightforward setup with no vendor lock-in

CISO as a Service

We provide a CISO who acts as a full-time or part-time security leader — ideal for organisations that do not have the resources for an internal role but still require executive-level security expertise.

The service can include the full CISO function or be tailored to your organisation’s specific needs. We can take overall responsibility for your security programme or provide targeted support in specific areas.

How We Support You

Acting as your CISO, on-site or remotely
Participating in management meetings and engaging with boards and auditors
Establishing policies, governance, and structure for security management
Ensuring compliance with regulatory requirements and industry standards

The Result: Strategic security expertise without the need to hire internally — flexible, cost-effective, and highly competent.

Become ISO 27001 Certified

ISO 27001 is the leading international standard for how organisations should work systematically with information security.

The standard helps organisations to:

identify and manage risks
establish clear roles and responsibilities
implement policies and procedures
work continuously with improvement

This makes security predictable, traceable, and a natural part of organisational governance not a side activity.

How We Support You

Assessing your current state and how information is handled
Establishing an Information Security Management System (ISMS)
Training staff in secure processes and practices
Supporting internal audits and guiding you through the entire ISO 27001 certification process

The Result: A more secure organisation, reduced risk of incidents, and increased credibility with customers and partners.

Regulatory Compliance

We help ensure that your organisation complies with applicable laws and regulations, such as NIS2, GDPR, DORA, and other industry-specific requirements.

How We Support You

Conducting assessments against standards and regulatory requirements
Identifying gaps and areas for improvement
Developing action plans and supporting implementation
Assisting during regulatory inspections and external audits

The Result: Confident compliance, reduced risk of regulatory penalties, and stronger internal governance.

Projektledning

Delivering security initiatives requires more than technical expertise — it also involves creating understanding, engagement, and lasting results across the organisation.

We provide experienced project and change management across multiple industries. Using proven methods, we help you achieve your objectives, manage risks, and bring the entire organisation along on the journey — from strategy and implementation to embedding the changes in daily operations.

The Result: Security measures that work in practice — not just on paper.

Förändringsledning

Implementing new security requirements or ways of working often involves more than introducing new processes, it requires changes in behaviours, responsibilities, and organisational culture.

We help you lead this change in a structured way through clear communication, strong leadership alignment, and active involvement of the relevant parts of the organisation. Our focus is to build understanding of why the change is necessary and how it contributes to the organisation’s long-term stability and competitiveness.

By combining security expertise with change management, we ensure that new ways of working are not only implemented but actually adopted and continuously improved over time.

The Result: Sustainable change where security becomes a natural part of everyday operations.

Management Systems

When we help a client establish a management system, the work goes beyond simply producing documents and procedures. We create a structured, business-aligned governance framework that enables the organisation to operate systematically, efficiently, and in line with its objectives.

The process begins with an assessment of the current state — including processes, responsibilities, risks, and requirements arising from legislation or standards. Based on this, we design and implement a management system that is integrated into daily operations rather than existing as a separate administrative layer. We clarify roles, establish processes, define follow-up mechanisms, and ensure that continuous improvement becomes a natural part of the organisation’s culture.

The Result: A practical and value-creating management system that provides better control, reduced risk, clearer governance, and a solid foundation for growth, quality, and regulatory compliance.

NIS2 & Cybersäkerhetslagen

We can act as your strategic partner in meeting the requirements of the EU’s new cybersecurity directive while at the same time strengthening your organisation’s real operational resilience.

We help you interpret the regulation, translate legal requirements into practical security measures, and integrate them into your existing processes, governance structures, and IT environments. Through structured gap analyses, risk assessments, and action plans, we create a clear path from your current state to full compliance.

Our support includes, among other things:

Determining applicability and organisational classification
Risk and vulnerability assessments
Governance documentation and policy development
Incident management and reporting procedures
Supplier and third-party risk management
Management support and staff training

However, NIS2 is not only about compliance. It is also about business continuity, trust, and competitiveness. We ensure that your security programme becomes a strategic asset rather than an administrative burden that strengthening your brand while reducing operational risk.

With the right expertise, structure, and momentum, we help you move from requirements to control and from control to confidence.

DORA

We have extensive experience acting as a strategic partner to financial institutions in meeting the requirements of the Digital Operational Resilience Act (DORA) while building genuine operational resilience against IT-related disruptions and cyber threats.

We help you interpret the regulation and translate its requirements into concrete, business-aligned measures. Through structured current-state assessments, risk analyses, and clearly defined action plans, we ensure that you achieve regulatory compliance without losing focus on your core business.

Our work typically includes:

ICT risk management and governance structures
Incident management and reporting processes
Testing of digital operational resilience (including threat-led testing)
Management of third-party and cloud service provider risks
Contractual requirements and supplier oversight
Management support, training, and alignment with board and executive leadership

DORA is ultimately about ensuring the continuity of critical services, protecting customer trust, and minimising operational and financial risk. We ensure that your work on digital resilience becomes an integrated part of organisational governance not a parallel compliance initiative.

With the right methodology, regulatory understanding, and expertise, we help you move from regulatory requirements to robust operational resilience.

AI Act

We support organisations in understanding and managing the requirements of the EU AI Act in a structured and practical way. The work typically begins with an initial assessment where we map how AI is used within the organisation and identify which systems fall within the scope of the regulation.

Based on this, we identify any gaps in relation to the AI Act and support the establishment of governance, policies, and processes for the responsible development and use of AI. We also assist with risk management, documentation, and transparency requirements.

Through advisory support, workshops, and practical ways of working, we help organisations achieve compliance while continuing to develop and use AI in a safe and value-creating manner.

CISO as a Service

“What truly distinguished the collaboration was their ability to anchor the work within the organization. It was not just about creating policies and processes on paper, but about building a genuine security culture.”

— Anders Hernodh, IT Manager, BDO Sweden