Independent · cleared · offensive

Scans and tests that pass the audit.

I find the vulnerabilities in your infrastructure, applications and cloud - validated by hand and delivered in a report mapped to NIS2 requirements. No automated scan dressed up as a penetration test.

Free · no obligation · reply within one business day

CISSP · OSCP · eWPTX AI / LLM red teaming ISO 27001 Clearances RP / NATO / EU
The clock is ticking

The KSC/NIS2 Act has been in force since 3 Apr 2026

No one will send you a letter telling you you're in scope. Self-assessment and the deadlines already apply - and a vulnerability scan directly addresses the obligation to identify vulnerabilities.

// 01 - registration
3.10.2026
Entry in the register of key and important entities.
// 02 - implementation
3.04.2027
Risk-management measures (Art. 21) - including vulnerability management.
// 03 - audit
3.04.2028
First mandatory audit. Fines up to €10M from then on.
Does this apply to you?

Sectors in scope of NIS2

If you operate in one of these sectors with at least 50 employees or €10M+ in turnover, NIS2 most likely applies to you - and with it, the obligation to manage vulnerabilities.

Energy Transport Banking Financial markets Healthcare Water & wastewater Digital infrastructure ICT service management Public administration Space Postal & courier services Waste management Chemicals Food Manufacturing (incl. medical devices, electronics, machinery) Digital service providers Research Critical infrastructure

// Not sure? Drop me a line - I'll tell you where to start.

Scope

Services

From a quick perimeter scan to a full penetration test - with a clear line on exactly what you're paying for.

Perimeter vulnerability scan

External IPs and services - detection and validation of critical exposures.

Web application testing (DAST)

OWASP, authentication, business logic and APIs.

Attack surface / OSINT

What's visible from the outside: subdomains, leaks, shadow IT.

Cloud configuration review

AWS / Azure / GCP - misconfigurations and permissions.

Vulnerability management

Recurring scans and remediation tracking on retainer.

AI / LLM red teaming

Model robustness testing, including MCP servers.

Pricing

Packages

Fixed prices instead of "it depends." A net starting point - the binding quote follows scoping.

Basic - perimeter
from €450
net · one-off
  • + External scan up to 8 IP addresses
  • + Validation of critical vulnerabilities
  • + Technical PDF report
  • + 1 retest after remediation
Most popular
Standard - perimeter + web
from €1,050
net · one-off
  • + Everything in Basic
  • + Web app scan (DAST)
  • + Attack surface map
  • + Management summary
Compliance - NIS2 package
Individual quote
Depending on test scope
  • + Full pentest web/API/thick client or infrastructure
  • + Advanced security research for non-standard scopes
  • + Retest included + retainer option
// vulnerability monitoring on retainer - from €210 net / month
How it works

How we work

01

Call & scope

We agree the objective and boundaries of the test.

02

Authorisation

Signed testing authorisation.

03

Scan & validation

Testing plus manual verification.

04

Report & recommendations

Priorities and remediation steps.

Why Securember

An offensive practitioner, not a scanner reseller

I pair hands-on offensive depth with a working grasp of the compliance regime.

CISSP OSCP · OSWP ISO 27001 eWPTX HTB - AI red teaming Multi-cloud red teaming Doctorate in progress - adversarial ML Clearances RP / NATO / EU 8 years in cybersecurity
FAQ

Before you write

What is the difference between a scan and a penetration test?

A scan detects known vulnerabilities automatically; I add the manual validation that filters out false positives and confirms real risk. A full pentest goes further - chaining vulnerabilities into attack paths. I'll always tell you exactly what you're getting, and I never sell a scan as a pentest.

Is the testing legal?

Yes - provided it's authorised. Before we start, we sign a written testing authorisation (scope, addresses, time window) that protects both sides. I won't start without it.

Is my data confidential?

Yes. I work under NDA, limit access to the necessary minimum, and store results and reports encrypted, deleting them after an agreed retention period.

How long does it take and when do I get the report?

A perimeter scan typically takes a few business days. You'll get a report with CVSS-based prioritisation, a management summary and a mapping to NIS2 requirements. I confirm the timeline during scoping.

Do I get a retest after fixing?

Yes - a post-remediation retest is included, so you have proof the vulnerabilities are actually gone.

Do you issue VAT invoices?

Yes. I operate as a registered sole proprietorship (Securember) and issue VAT invoices.

Check whether your perimeter is audit-ready

A free 20-minute consultation: I'll tell you whether NIS2 applies to you and where to start - no strings attached.

Book a consultation

Reply within one business day

Contact

Let's see where you stand with NIS2

A short, free consultation - I'll tell you where to start. I usually reply within one business day.

Contact directly
Encrypted contact (PGP)

Encrypt your message with my public key.

Download PGP key
Key fingerprint: BEEC FF3C 70DC 9314 7D15  24A3 0F12 DFE5 D484 1786