Scans and tests that pass the audit.
I find the vulnerabilities in your infrastructure, applications and cloud - validated by hand and delivered in a report mapped to NIS2 requirements. No automated scan dressed up as a penetration test.
Free · no obligation · reply within one business day
The KSC/NIS2 Act has been in force since 3 Apr 2026
No one will send you a letter telling you you're in scope. Self-assessment and the deadlines already apply - and a vulnerability scan directly addresses the obligation to identify vulnerabilities.
Sectors in scope of NIS2
If you operate in one of these sectors with at least 50 employees or €10M+ in turnover, NIS2 most likely applies to you - and with it, the obligation to manage vulnerabilities.
// Not sure? Drop me a line - I'll tell you where to start.
Services
From a quick perimeter scan to a full penetration test - with a clear line on exactly what you're paying for.
Perimeter vulnerability scan
External IPs and services - detection and validation of critical exposures.
Web application testing (DAST)
OWASP, authentication, business logic and APIs.
Attack surface / OSINT
What's visible from the outside: subdomains, leaks, shadow IT.
Cloud configuration review
AWS / Azure / GCP - misconfigurations and permissions.
Vulnerability management
Recurring scans and remediation tracking on retainer.
AI / LLM red teaming
Model robustness testing, including MCP servers.
Packages
Fixed prices instead of "it depends." A net starting point - the binding quote follows scoping.
- + External scan up to 8 IP addresses
- + Validation of critical vulnerabilities
- + Technical PDF report
- + 1 retest after remediation
- + Everything in Basic
- + Web app scan (DAST)
- + Attack surface map
- + Management summary
- + Full pentest web/API/thick client or infrastructure
- + Advanced security research for non-standard scopes
- + Retest included + retainer option
Prices are shown in EUR, net. VAT is added according to the applicable regulations (reverse charge may apply to EU business customers). The prices shown are indicative and do not constitute an offer within the meaning of Article 66 § 1 of the Polish Civil Code - a binding quote follows scoping.
How we work
Call & scope
We agree the objective and boundaries of the test.
Authorisation
Signed testing authorisation.
Scan & validation
Testing plus manual verification.
Report & recommendations
Priorities and remediation steps.
An offensive practitioner, not a scanner reseller
I pair hands-on offensive depth with a working grasp of the compliance regime.
Before you write
What is the difference between a scan and a penetration test?
A scan detects known vulnerabilities automatically; I add the manual validation that filters out false positives and confirms real risk. A full pentest goes further - chaining vulnerabilities into attack paths. I'll always tell you exactly what you're getting, and I never sell a scan as a pentest.
Is the testing legal?
Yes - provided it's authorised. Before we start, we sign a written testing authorisation (scope, addresses, time window) that protects both sides. I won't start without it.
Is my data confidential?
Yes. I work under NDA, limit access to the necessary minimum, and store results and reports encrypted, deleting them after an agreed retention period.
How long does it take and when do I get the report?
A perimeter scan typically takes a few business days. You'll get a report with CVSS-based prioritisation, a management summary and a mapping to NIS2 requirements. I confirm the timeline during scoping.
Do I get a retest after fixing?
Yes - a post-remediation retest is included, so you have proof the vulnerabilities are actually gone.
Do you issue VAT invoices?
Yes. I operate as a registered sole proprietorship (Securember) and issue VAT invoices.
Check whether your perimeter is audit-ready
A free 20-minute consultation: I'll tell you whether NIS2 applies to you and where to start - no strings attached.
Book a consultationReply within one business day
Let's see where you stand with NIS2
A short, free consultation - I'll tell you where to start. I usually reply within one business day.
Encrypt your message with my public key.
Download PGP key