Skip to main content

Cyentrix Services

Cybersecurity, delivered.

The same areas Cyentrix assesses for free, available as senior-led consulting engagements when you’re ready to close the gaps. Audit-grade work from a small team, no overheads, no junior consultants.

  • πŸ“‹ IT & cyber audits SOC, ISO, NIS2
  • πŸ” Security reviews maturity + roadmap
  • 🎯 Fixed-scope sprints no rolling retainers
  • πŸ‘€ Senior-led no juniors on your job
Book a free consultation β†’ Take an assessment first

IT Audit (ITGC)

IT general controls audit for SOC 1 / SOC 2 (formerly SAS 70) readiness.

Independent review of the IT general controls auditors test in a SOC 1, SOC 2 or SSAE 18 engagement. We map your control environment, sample evidence, identify findings, and give you a clear remediation plan before the formal audit.

What you’ll get

  • Control walkthroughs for access management, change, ops and IS
  • Sample-based evidence testing across 12 months
  • Findings register with severity, root cause and recommendation
  • Pre-audit readiness opinion + remediation roadmap
  • Mapping to SOC trust service criteria + sub-service org review
4–8 weeks Take the assessment first β†’

Cybersecurity Audit

A formal, framework-aligned audit of your security control environment.

A structured cybersecurity audit against ISO 27001, NIST CSF, CIS Controls or NIS2 β€” your choice of framework. Walkthroughs, evidence testing, control maturity scoring and a board-ready report.

What you’ll get

  • Framework-aligned scope (ISO 27001 / NIST CSF / CIS / NIS2)
  • Control-by-control walkthroughs + evidence sampling
  • Maturity scoring with peer benchmarking
  • Findings register prioritised by risk
  • Board-ready executive summary + technical appendix
6–10 weeks Take the assessment first β†’

Cybersecurity Review

A pragmatic, time-boxed review when a full audit is overkill.

A focused review of your highest-risk areas β€” typically 2–4 weeks. We pick the right scope with you (cloud, identity, data, third-party, etc.), assess against good practice, and report with a 90-day action plan.

What you’ll get

  • Scoping workshop to focus on highest-impact areas
  • Lightweight control review + interviews
  • Top-10 findings with severity + effort estimates
  • 90-day action plan
  • Executive briefing on key risks
2–4 weeks Take the assessment first β†’

Ransomware Readiness Review

Close the gap between attack and contained incident.

A structured review covering the four stages: prevention, detection, response and recovery. Hands-on review of your controls, validated through a backup restore drill and a tabletop exercise.

What you’ll get

  • Control review across MFA, EDR, patching, segmentation and backups
  • Validated backup restore against your top-5 critical systems
  • Ransomware-specific incident response playbook
  • Executive tabletop exercise
  • Roadmap with prioritised investments
4–8 weeks Take the assessment first β†’

Phishing Defence & BEC Prevention

Stop phishing-led incidents at the email gateway and the human layer.

A focused engagement that fixes the technical and human gaps phishing operators exploit β€” DMARC enforcement, MFA hygiene, simulated phishing, and incident response runbooks for credential compromise.

What you’ll get

  • DMARC at p=reject + SPF/DKIM alignment audit
  • Email security stack hardening (M365 / Google Workspace)
  • 12-month simulated phishing programme with tracked metrics
  • Runbooks for credential compromise + mailbox-rule abuse + OAuth grants
  • Reporting culture build (Phish Report button + triage SOP)
4–8 weeks Take the assessment first β†’

Cloud Security Audit

Close the cloud-specific gaps that show up in every breach post-mortem.

An audit of your AWS / Azure / GCP estate. We review IAM, configuration, data, monitoring and DevSecOps practices and report with a prioritised, vendor-agnostic remediation plan.

What you’ll get

  • IAM review + federated identity recommendations
  • Configuration review against CIS / provider security baselines
  • Control-plane logging + detection coverage assessment
  • Container + IaC pipeline review
  • Findings register with severity + effort estimates
4–8 weeks Take the assessment first β†’

Crisis Resilience Programme

Turn cyber crisis from a panic into a process.

A short, intense engagement that gets your organisation crisis-ready: written playbooks, named roles, tested out-of-band comms, and an executive tabletop with realistic scenarios.

What you’ll get

  • Written incident playbooks for ransomware, BEC, data exfil and DDoS
  • Defined Incident Commander + deputy + decision authorities
  • Out-of-band communications channel + responder roster
  • 90-minute executive tabletop exercise
  • Post-engagement gap report with prioritised actions
4–6 weeks Take the assessment first β†’

SMB Cyber Programme

Right-sized cybersecurity for businesses without a security team.

A practical, no-jargon engagement that gets the eight controls SMBs need into place β€” MFA, password hygiene, backups, training, BEC defence, and a one-page incident plan.

What you’ll get

  • MFA rollout across email + key business apps
  • Password manager rolled out for the team
  • Cloud backup setup + restore test
  • Wire-transfer / payment-change verification process
  • One-page incident plan + IR contact agreed
2–4 weeks Take the assessment first β†’

Book a free 30-min consultation

Tell us where you’re stuck. We’ll come back within 24 hours with a clear scope, a realistic timeline, and an honest answer on whether we’re the right fit.

  • Senior practitioners β€” no juniors on first contact
  • Vendor-agnostic β€” we don’t resell tools
  • Plain language, fixed scope, no surprises

No credit card. No follow-up spam. We reply within 24 hours.