A practical security baseline
for European SMEs.
I help European SMEs get security that is organised, defensible, and genuinely used - a practical baseline you can show customers, with ISO 27001 or NIS2 added only when you really need them.
Petr Pospíšil
Cybersecurity Architect & vCISO
The Problem
It's not a security problem.
It's a "where do we start" problem.
- A customer questionnaire arrives, and no one can answer it.
- Little real security in place, and no starting point.
- Tools get bought to suit the vendor, not the business.
That is chaos, not security.
The Solution
One senior owner for the whole picture
One retained partner to assess, prioritise, implement, and prove - every month. Senior ownership on call, not a full-time hire.
Vendor-agnostic and open-source-first. The fix is simpler than vendors admit: basic policies, basic processes, steady improvement - new tools only when they earn their place.
How We Work Together
Engagement model
Security is not bought once. It is owned, reviewed, and improved over time. The core engagement is a retained security partnership - senior ownership of your security programme, month after month. One-off projects exist, but as a way in.
Primary engagement
Retained Security Partner - advisor, architect and engineer on demand
Senior security ownership without hiring a full-time CISO. I set priorities, review architecture, guide implementation, and keep ISO 27001 or NIS2 work grounded in practical security. The programme moves forward every month - final business accountability stays with management.
Explore the Retained PartnershipWhat the retainer covers
- Security ownership
- Risk management
- ISO 27001 / NIS2
- Architecture reviews
- Control roadmap
- Supplier assurance
- Vendor decisions
- Board reporting
Ways to Start
Not ready for a retainer? A focused project is a clean first step - and a natural way into the ongoing partnership.
Web, API, AI, and Active Directory testing, plus human-layer phishing simulation. Clear findings, scoped to your stack.
Start with a pentestInteractive sessions for executives, boards, and government entities - building real-world judgement, not checkbox compliance.
Explore workshopsISO 27001 and NIS2 work runs through the retainer; technical reviews start with a Web & API pentest or a phishing simulation.
Leadership
Who leads the work
Led by Petr Pospíšil - cybersecurity architect and vCISO, CISSP-certified, 10+ years across offensive testing, threat hunting, security management, and architecture. Vetted for international work with UNDP and OSCE.
Get In Touch
Book a call
If customer questionnaires, ISO 27001 readiness, enterprise sales, or NIS2 scope questions are creating pressure, let's turn them into a practical assessment, roadmap, and implementation rhythm.
