Field Notes
What we are seeing, written down.
Short, anonymised write-ups from real engagements. Each one follows the same shape: the signal we noticed, the context around it, what it meant, and what we would do about it.
What a NIS2 readiness gap actually looks like
We walked into a manufacturer that thought NIS2 meant new paperwork. The real gap was that nobody could say what ‘normal’ looked like on their network.
The first 72 hours: how a small team should structure incident response
Most damage in the cases we see is not the breach itself — it is the unstructured scramble that follows. Here is the order we work in.
ISO 27001 without the theatre: the controls that actually reduce risk
Certification can become a documentation exercise. We sort the controls that change your real exposure from the ones that only fill a binder.