Consulereit

Services

Seven engagements. One consultant.

Every engagement below is defined by a decision you are trying to make, not by a methodology or a toolset. Start with the problem; we'll talk about the approach on the call.

01

Penetration testing

You have a web application, an internal network, a cloud tenancy, or a mobile app, and you need an honest, actionable view of what an attacker could do to it. Not a compliance tick; a technical report you can hand to the team who will fix it.

A typical engagement
Scope is defined in writing against the specific asset. Most pentests run for one to three weeks of active testing plus a week of reporting. Findings are surfaced daily on a shared channel so critical issues can be fixed in flight; the final report groups findings by root cause rather than by page number.
Deliverables
  • Executive summary (one page)
  • Technical findings report with reproducer steps
  • Remediation guidance prioritised by exploitability, not CVSS alone
  • Retest of fixed issues within 60 days, included
Typical duration
Two to five weeks end to end, depending on scope.
When to choose this
You know which asset matters and you need an independent technical view of its security posture, fast and without ceremony.
02

Red team & adversary emulation

You have mature defences and want to know how they hold up against an adversary already inside your perimeter. Assumed breach, objective-driven, measured against both your preventive and detective controls.

A typical engagement
Starts with an intent-setting session: who are we emulating, what does 'success' look like, and what do we do if the blue team spots us. Usually a four-to-eight-week operation from initial foothold to documented impact, with deliberate pause points so your SOC can learn alongside the activity rather than only from the after-action report.
Deliverables
  • Pre-engagement scoping document and rules of engagement
  • Weekly written status during active phases
  • Full kill-chain narrative with timestamped artefacts
  • Sigma / KQL / Splunk detection rules for each technique used
  • Joint debrief with the blue team
Typical duration
Four to eight weeks.
When to choose this
Your security programme is past the basics and you want to know how it performs against a real adversary profile, not a checklist.
03

Security architecture review

You are about to make a large design decision (a new cloud region, an identity consolidation, a zero-trust rollout) and you want a second pair of eyes before the money is committed. Or you inherited an environment and need an honest view of where the weak joints are.

A typical engagement
Document review plus two to four working sessions with the engineers responsible. I write against what you actually have, not against a reference architecture. The deliverable is a short, opinionated report, what is solid, what is brittle, what would I change, and in what order.
Deliverables
  • Written architecture review (20–40 pages)
  • Prioritised remediation backlog
  • Target-state diagram (if useful; not by default)
  • One board-level summary
Typical duration
Two to four weeks.
When to choose this
You value an opinion more than a framework, and you want someone to commit to a view in writing.
04

vCISO / interim ISO

You need security leadership, someone who will own the risk register, talk to the board, run the supplier assurance process, and make sensible decisions with incomplete information, but your organisation isn't yet ready for a full-time hire.

A typical engagement
Typically one to two days a week on retainer, with clearly defined responsibilities written into the contract. Monthly board reporting, quarterly risk reviews, supplier due-diligence, and incident-response coordination. I work with whatever tooling and process you have; I will not sell you anything.
Deliverables
  • Monthly written report to the board
  • Maintained risk register
  • Incident response on-call during engagement
  • Security programme roadmap, reviewed quarterly
Typical duration
Six to twelve months, occasionally longer, with notice either way.
When to choose this
You need continuity and judgement more than you need a specialist deliverable. Good fit for series-B/C companies, family businesses, and organisations between CISOs.
05

NIS2 / Cyberbeveiligingswet readiness

The Dutch Cyberbeveiligingswet applies to you. You need to know, honestly, where you stand, and what a realistic twelve-month path to adequacy looks like, sequenced by risk rather than by checklist.

A typical engagement
Three weeks. Two days on site talking to the people who actually run things; a gap map against article 21 and 23; a prioritised twelve-month roadmap tied to budget. Deliverables are written in plain Dutch and English, for boards and IT managers, not for lawyers.
Deliverables
  • Scope confirmation memo
  • Gap assessment across the ten NIS2 measures
  • Twelve-month roadmap, quarter-by-quarter, tied to budget
  • Board-level summary (Dutch and English)
Typical duration
Three weeks.
When to choose this
You know or suspect you are in scope, and you want a credible starting position before a supervisor calls or your insurer asks.
06

SOC design & build consultancy

You are standing up an in-house security operations capability, or rethinking one that has grown unruly. You want help designing it with a view on the next three years, not the next quarter's tool renewal.

A typical engagement
Advisory, not build-out. I work with your team on detection coverage, tool rationalisation, staffing model, on-call, shift structure, and the handful of decisions that quietly determine whether a SOC is useful or expensive theatre. I don't resell products and I take no kickbacks.
Deliverables
  • Target operating model document
  • Detection coverage map against MITRE ATT&CK
  • Tool rationalisation recommendation with vendor-neutral reasoning
  • Staffing and on-call proposal
Typical duration
Four to eight weeks.
When to choose this
You are making or re-making a multi-year investment and want an independent view before committing.
07

Incident response retainer

You want a named responder on call, familiar with your environment, who will pick up at 2am on a Sunday and be useful within the first thirty minutes, not spend the first three days getting access.

A typical engagement
A modest monthly retainer that covers onboarding (environment access, runbook review, tabletop once a year), guaranteed response-time SLAs, and a pre-agreed hourly rate for the incident work itself. Retainer fees are credited against any incident work billed in the same year.
Deliverables
  • Retainer agreement with named SLAs
  • Access and tooling validated during onboarding
  • Annual tabletop exercise
  • During an incident: coordination, containment guidance, and written findings
Typical duration
Twelve-month minimum term, renewable.
When to choose this
You cannot justify a dedicated IR team, but an incident is not a hypothetical.

Not sure which fits?

A 30-minute call costs nothing and usually saves an expensive wrong turn. If I am not the right consultant for your situation, I will tell you that too, and if I can, I'll point you at someone who is.

Book a 30-min call Read case studies