Get us Secure is built and run by Colin Walsh — an active Chief Information Security Officer with current regulatory exposure across the EU. Not a training company, not a law firm, not a consultancy that has packaged a single regulation.
Most NIS2 advisory is delivered by people who have read the directive carefully. Get Us Secure is delivered by Colin Walsh — someone who manages real NIS2 obligations every day, navigating live incidents, active regulatory environments, and board conversations at a large European enterprise under the same legislation your organisation is now subject to.
That means the readiness assessment identifies gaps a checklist tool won't find. The board training handles questions a trainer can't answer. The governance programme reflects how regulators actually think — not how the directive reads on paper. And the fractional CISO retainer is supported by someone who is doing this job at scale, in real time. The same depth applies across GDPR, EU AI Act, CRA, and DORA — current live experience, not research.
AI compresses delivery timelines and improves output quality across every engagement. Get Us Secure uses Claude and automation to analyse, structure, and deliver faster than traditional consultancies — without replacing the regulatory judgement, board-level credibility, and ongoing accountability that define the work.
The EU law that holds board members personally responsible for cybersecurity failures. Covers board governance, security measures, incident reporting, and regulatory registration. Primary focus across all 11 markets.
The international standard for information security management. Increasingly required by enterprise customers and insurers. Achieving ISO 27001 also satisfies the core NIS2 security programme requirements.
Data protection and privacy obligations for all EU personal data. Runs concurrently with NIS2 in most incidents — the 72-hour breach notification under GDPR Art. 33 and NIS2 Art. 23 must be coordinated. DPC liaison and GDPR programme design included in all compliance engagements.
Mandatory cybersecurity requirements for manufacturers and distributors of products with digital components. Vulnerability reporting obligations from September 2026. Full compliance required from December 2027. Significant overlap with NIS2 supply chain security requirements under Art. 21(2)(d).
Governance framework for organisations deploying AI in critical operations. High-risk AI failures can constitute NIS2 significant incidents.
Digital Operational Resilience Act — applicable to financial entities (banks, insurers, investment firms, payment institutions) and their ICT service providers. Fully in force since January 2025. ICT risk management, incident reporting, and third-party provider oversight. Central Bank of Ireland is the primary enforcement authority in Ireland.