Incident Response
Priority support for containment, investigation, coordination, and recovery.
Use when You need a clear activation path during a security incident.
Key outcomes- Activation model
- Triage and containment
- Recovery plan
RETAINERS
Cybersecurity retainers for response, advisory, and readiness.
Keep incident response, security advisory, training, and NIS2 readiness available through a clear monthly engagement model.
SUPPORT OPTIONS
Choose the right support model.
For active incidents, choose technical response support and coordination. For long-term readiness, choose advisory, assessments, training, and NIS2 preparation.
RESPONSE
Support for Active Incidents
For teams that need fast support during active security incidents.
Remote IR Hands-on
Remote technical help for evidence review, isolation decisions, and RCA.
Use when Your team can provide access and needs specialist responders involved in the work.
Key outcomes- Remote investigation
- Evidence timeline
- Corrective actions
Incident Companion
Specialist guidance for internal teams without direct system access.
Use when You execute internally but need help with decisions and coordination.
Key outcomes- War-room guidance
- Response decisions
- Management updates
ADVISORY
Advisory and readiness
For teams that want recurring advisory, assessments, training, and NIS2 readiness.
Security Advisory
Recurring input for risk decisions, priorities, and security planning.
Use when Leadership needs security input without hiring a full-time CISO.
Key outcomes- Advisory sessions
- Security roadmap
- Decision support
Assessments & RCA
Recurring reviews and root cause analysis you walk away from with concrete measures, not just findings.
Use when You need regular validation of controls, procedures, and lessons learned.
Key outcomes- Readiness reviews
- Root cause analysis
- Prioritised actions
Training & Procedures
Exercises, playbooks, procedures, and coaching for consistent response.
Use when IT, SOC, legal, management, and communications need shared habits.
Key outcomes- Tabletop exercises
- Playbook updates
- Team coaching
NIS2 Readiness
Focused support for applicability, gaps, evidence, and remediation priorities.
Use when You may fall under NIS2 or need evidence for audit and board discussions.
Key outcomes- Gap review
- Evidence map
- 30/60/90-day plan
HOW IT WORKS
How we scope the right retainer.
Discovery call
We clarify your team structure, incident exposure, compliance context, and current response model.
Scope and cadence
We agree what support is included, how often we meet, and how activation works.
Activation model
Your team receives clear contact paths, response expectations, and a practical first-month plan.
INCLUDED IN EVERY RETAINER
What every retainer gives you.
Experienced practitioners
Access to practitioners who work across incident response, assessments, advisory, and security operations.
Clear activation path
Defined contact routes, response expectations, and escalation points for urgent situations.
Recurring improvement
Regular sessions where findings, exercises, and incidents become practical actions.
Management-ready reporting
Clear summaries, priorities, and next steps that can be used with leadership.
NIS2 READINESS
Need NIS2 clarity before choosing a retainer?
We can start with a focused NIS2 readiness review, then define the right mix of advisory, training, evidence planning, and response support.