Services

A single practice,
five pillars.

Our engagements are shaped around outcomes, not tool inventories. Each pillar can stand alone or combine into a retainer sized for your operating reality.

Pillar 01

Fractional CISO & Strategic Governance

Senior CISO capability, retained on your terms.

A named executive advisor who owns the security narrative with your board, sets the annual strategy, and holds the roadmap accountable across quarters.

90-day cyber roadmap and executive briefing
Annual security strategy and board reporting cadence
Operating model review and refresh for regulated firms
Crisis governance and executive workshop facilitation
Pillar 02

Compliance, Privacy & Regulatory Alignment

One framework, many obligations, credible evidence.

ODPC, CBK, SASRA, PCI DSS, and ISO 27001 translated into a single control program — with the artifacts your auditors and regulators expect.

Compliance-in-a-Box for SMEs and micro-SMEs
ISO 27001 gap assessment and readiness program
Kenya Data Protection Act operationalization
PCI DSS support for merchants and processors
Pillar 03

Continuous Vulnerability Management

See exposure the way an attacker does — continuously.

Ongoing internal, external, cloud, and application scanning tied to a remediation cadence and prioritized against your real business impact.

Continuous Exposure Management retainer
Cloud landing zone and identity architecture review
Application and API security assessment
Third-party and vendor exposure review
Pillar 04

Cyber Resilience & Incident Readiness

Prepare so the incident becomes an event, not a crisis.

Playbooks, tabletop exercises, and enterprise-grade simulations that rehearse the human, legal, and technical decisions before you need them.

Incident response playbooks and runbooks
Regulator-ready evidence checklist and quarterly review
Enterprise crisis simulation for banks, telcos and GovTech
Forensic coordination during live incidents
Pillar 05

Capability Building & Executive Training

The strongest control is a competent team.

Role-based programs from board briefings to developer secure-coding, tuned to East African fraud patterns like M-Pesa social engineering and SIM-swap.

Cyber Hygiene Essentials for SMEs
Executive cyber briefings for boards and CEOs
Developer secure-coding and IT administrator hardening
Phishing simulations with behavior scoring
Engagement tiers

Predictable retainers, sized to where you are.

SMEs & startups

SecureStart

Entry retainer with quarterly review, essential controls, and light incident support.

Mid-market

SecureAdvance

Fractional CISO oversight, monthly governance, and an active roadmap with dashboards.

Regulated mid-market

SecureOperate

Full governance cadence, evidence packs, tabletop cycles, and regulator-facing support.

Enterprise & groups

SecureEnterprise

Board advisory, multi-entity oversight, crisis simulation, and program leadership.

Not sure which pillar to start with?

Book a strategic assessment