Home Services Self-Assessment About Book a call
Services

Engagements built around your organisation's full regulatory and security needs

Some businesses need to understand which EU laws apply to them and what their board is exposed to. Others need their board trained or a compliance programme built from scratch. Others need ongoing security leadership without a full-time hire. Get us Secure covers all of this — scoped to your situation, delivered personally by an active Chief Security Officer.

Entry point

Regulatory Readiness Assessment

A structured two-week engagement that maps every EU regulation applicable to your organisation — NIS2, GDPR, EU AI Act, CRA, and DORA where relevant — and tells your board exactly where it stands against each. Starts with a passive review of your public digital presence, followed by a structured internal assessment. Delivers a prioritised gap analysis, regulatory roadmap, and board-ready findings presentation.

  • Regulatory scope determination across all applicable EU regulations
  • Gap analysis mapped to NIS2, GDPR, EU AI Act, CRA, and DORA where applicable
  • Prioritised remediation roadmap with effort and cost estimates
  • Board-ready findings presentation (90-minute session)
  • Passive review of public digital presence included
Outcome commitment

"Your board will know exactly which laws apply, what's missing, and what to fix first."

Fixed fee
€4,500
EI Access Advice eligible · delivered in 2 weeks · Ireland & EU
Regulatory scope determination
Gap analysis: NIS2, GDPR, EU AI Act, CRA, DORA
Prioritised remediation roadmap
Board-ready findings presentation
Passive review of public digital presence
Start with a Regulatory Readiness Assessment →

What follows — once you know where you stand

Flagship

Board & Leadership Training

NIS2 Article 20 creates a direct legal obligation on every member of your management body — not your IT team, not your CISO. A board that cannot demonstrate it has received training, approved cybersecurity measures, and exercised oversight is personally exposed to regulatory sanctions including fines and temporary prohibition from management functions. This engagement satisfies that obligation and produces the audit-ready evidence to prove it.

A half-day facilitated session covering the full scope of NIS2 Articles 20 and 21. Combines teaching, the Operation Ironlock live cyber attack simulation, and a Board Cyber Risk Scorecard readout. Satisfies Article 20(2) training obligations and produces audit-ready evidence across all 11 markets.

The session covers NIS2 Articles 20 and 21 in depth, with an overview of other applicable EU regulations — GDPR personal liability, EU AI Act board obligations, and CRA where sector-relevant — tailored to your sector.

  • Sector-specific threat briefing drawn from current ENISA data and live CISO experience
  • Plain-language walkthrough of all 10 required security measures as a board governance checklist
  • Operation Ironlock: live AI-powered ransomware simulation with personalised consequences
  • Board Cyber Risk Scorecard — five domains scored against NIS2 and NIST CSF 2.0
  • Signed attendance log and Art. 20(2) compliance certificate

Legally satisfies NIS2 board training obligations across Ireland, Germany, Belgium, and all 11 markets. Annual renewal available — NIS2 requires recurring, documented training.

Foundation
€3,500
Teaching only · up to 12 participants · EI Access Advice eligible
Intake call + full customisation
60-min facilitated teaching
Attendance log + compliance certificate
Book Foundation →
Standard · most popular
€6,500
Teaching + simulation + scorecard · EI Access Advice eligible
Everything in Foundation
90-min Operation Ironlock simulation
Board Cyber Risk Scorecard
Book Standard →
Premium
€9,500
Full programme + written report · EI Strategic Consultancy eligible
Everything in Standard
Written Board Cyber Risk Report
90-day roadmap + follow-up call
Book Premium →
Operation Ironlock

A live ransomware attack. Your board responds.

The centrepiece of every Standard and Premium board training engagement. No slides, no scripts. Your board makes genuine governance decisions as an incident unfolds in real time.

  • Four decisions requiring genuine board authority — ransom authorisation, NIS2 notification, communications strategy, post-incident resolution
  • NIS2 24-hour early warning clock running live throughout the session
  • AI-generated consequences personalised to your company, sector, and pre-session budget choices
⚠ Operation Ironlock · S1/A1 — Live
PHANTOM_09 Ransomware · Crisis: 62 · NIS2 clock: 19h 22m
10:42 · CISO Briefing
RANSOMWARE CONFIRMED — 43 servers encrypted. ERP offline. PHANTOM_09 demands €2.4M.
11:30 · Decision required
NIS2 24h early warning expires 07:12 tomorrow. Board must decide now.
Board decision 1
A — Decline payment, rebuild from backup, file NIS2 early warning now
B — Engage negotiator, hold notification pending legal review
Governance & Compliance

Compliance Programme Build

For organisations that need more than a readiness assessment — this engagement builds the compliance programme your board needs to meet its legal obligations. Covers NIS2, GDPR, and applicable EU regulations. Delivers the policies, governance structure, and evidence pack a regulator will look for. Tailored to your sector, size, and regulatory jurisdiction.

  • Full written policy suite covering all required NIS2 security measures
  • GDPR compliance programme design and documentation
  • Security governance structure — roles, responsibilities, and board reporting framework
  • Regulatory registration with your national authority (NCSC in Ireland)
  • Supplier security requirements and third-party risk programme
  • Cyber insurance readiness review — mapping your programme to insurer requirements
  • ISO 27001 alignment support where required by your customers or sector

Covers NIS2, GDPR, EU AI Act, and ISO 27001 where applicable. Belgium CyFun pathway and UK dual-compliance available.

Outcome commitment

"Your organisation will be in a demonstrable compliance position — with the governance evidence to prove it when a regulator asks."

Starting from
€8,000–€25,000
Scoped per engagement · EI Strategic Consultancy eligible (up to €35,000 at 50% funding) · Belgium SECURE cascade grant available
Full policy suite and governance structure
NIS2 and GDPR compliance programme
Regulatory registration with NCSC Ireland
Board-ready evidence pack and reporting framework
Cyber insurance readiness review
Book a discovery call →

Ongoing leadership — maintaining your compliance position

Retainer

Fractional CISO & Compliance Advisory

Ongoing senior compliance leadership structured around ownership of your NIS2 and GDPR programme — not time. Advisory coverage of EU AI Act, CRA, and DORA where applicable. Suited to organisations that need CISO-level accountability without a full-time hire.

  • Monthly briefing to board or senior leadership — written summary included
  • NIS2 and GDPR compliance programme ownership, with advisory on EU AI Act and DORA where applicable
  • Quarterly Programme Review Report — formal board-ready assessment of your compliance position
  • On-call incident support — 4-hour response SLA for critical incidents
  • Security vendor and supplier oversight

NIS2 and GDPR programme ownership. Advisory coverage of EU AI Act, CRA, and DORA where applicable. Quarterly Programme Review Report delivered to board.

Outcome commitment

"Your company will be NIS2 compliant and I will maintain and defend that position."

Monthly retainer
€4,500–€7,500
Scoped by organisation size and regulatory complexity · minimum 12-month engagement · EU-wide remote delivery
5–8 hours advisory per month
Monthly board briefing with written summary
NIS2 and GDPR programme ownership
Quarterly Programme Review Report
On-call incident support (4-hour SLA)
Discuss a retainer →
Advisory board roles

CISO advisory positions for VC-backed European tech companies where security posture is a board or due-diligence requirement.

Enquire about advisory roles →
AI Services

AI Readiness & Implementation

Most organisations already have staff using AI tools — often without IT knowing. Get Us Secure starts by finding out what is already in use, assessing the risk, and putting the right policies in place. From there, the engagement identifies genuine automation opportunities and builds compliant workflows that save your team time while operating safely under EU law.

  • AI opportunity audit — identify and prioritise automation use cases by ROI and regulatory risk
  • Workflow automation build using n8n and Claude API with full data flow documentation
  • EU AI Act risk classification for each deployed system (minimal, limited, high, unacceptable)
  • GDPR data residency and processing verification before any system goes live
  • AI security review — prompt injection, data leakage, and model abuse risk assessment

EU AI Act compliance, GDPR data residency, and NIS2 security requirements covered. Shadow AI discovery and AI Acceptable Use Policy included as standard.

Outcome commitment

"AI systems your organisation can operate, audit, and defend to a regulator — built correctly from day one."

Starting from
€3,500
Begin with an AI Readiness Audit · EI Digital Discovery grant eligible · delivered in 2–3 weeks
AI opportunity review — what can be automated and what it's worth
Shadow AI discovery — what tools your staff are already using
EU AI Act risk classification for each system
GDPR data residency and processing review
AI Acceptable Use Policy for your organisation
Implementation and ongoing management available as follow-on
Start with an AI audit →

Enterprise Ireland grants cover up to 50-80% of advisory costs for eligible Irish SMEs.

Check grant eligibility →