How is Fortgale Advisory different from a traditional consulting firm?

Traditional consulting firms produce slides and roadmaps. Fortgale produces runbooks and detections. Our advisory is anchored to the same operational capabilities as our SOC and MDR: every recommendation translates into an applicable procedure, with measurable KPIs, and updates when the threat landscape changes — not when the contract expires.

What does 'NIS2/DORA posture' mean concretely?

It means having documented and operational: an updated risk register, tested incident response processes, the ability to notify the national CERT within 24 hours, third-party risk governance, complete audit trail, quarterly board reporting. Policies alone are not enough: NIS2 and DORA require evidence that capabilities work under pressure.

What are tabletop exercises against real adversaries?

Instead of simulating a generic scenario ("you've been hit by ransomware"), we simulate the most probable adversary against your sector and size — LockBit 4.0 against a listed manufacturer, Scattered Spider against an insurance firm, Cl0p against a bank — using their real TTPs. The resulting preparation is specific, not abstract.

Does Advisory include a vCISO?

On request. Fortgale provides a senior reference acting as virtual CISO or as CISO advisor alongside an existing CISO. The difference compared to an independent vCISO is that our advisor is connected to Fortgale's SOC, MDR and CTI: direct visibility on incidents, observed threat actors, and customer operational metrics.

How long is an Advisory engagement?

The default model is continuous, with quarterly reviews and updates on threat landscape and regulation. Spot engagements — initial risk assessment, tabletop, NIS2 compliance gap analysis — are possible but real value emerges in a structured relationship: cyber posture is not built in a project, it is maintained.

Does Advisory work if you don't have your own SOC or MDR?

Yes. Fortgale Advisory is agnostic to the customer's technology stack. We work with companies using other MDR/MSSP, with internal teams, or with hybrid setups. Value comes from our proprietary Cyber Threat Intelligence on European markets and the experience accumulated on real incidents — both useful regardless of the chosen detection vendor.

Tabletop exercise with the Board · simulated compromise

Service · Advisory · Board-ready posture

Cyber strategy that becomes operational.

Consulting firms produce slides. Fortgale produces runbooks and detections. Our advisory is anchored to our SOC, MDR and proprietary CTI: every recommendation translates into an applicable procedure and updates when the threat landscape changes — not when the contract expires.

Speak with our analysts Discover MDR →

NIS2 · DORAApplied compliance

180+Adversaries profiled

4×Quarterly reviews

Compliance · accreditations

ISO/IEC 27001

ISO 9001

ISO 14001

ISO 45001

NIS2 ready

DORA aligned

GDPR · ENISA

Tabletop · simulation

The video we show at tabletop sessions with your Board.

The Fortgale strategic workshop with the Board includes a compromise simulation: you see an attacker move, we discuss together what the defense outpost detects, what the Board decides, when the national CERT notification is triggered. This is a condensed version.

What we mean

Operational advisory, not slideware.

Fortgale Cybersecurity Advisory is the strategic layer of the defense outpost. It defines posture, translates regulatory obligations into a roadmap, prepares for the worst plausible scenario — and then measures results every quarter.

Is not

An annual audit producing a PDF
A PowerPoint roadmap without owner
Tabletop on generic scenarios
Independent vCISO with no data visibility

Quarterly-updated risk register
Roadmap with KPI, owner, budget, deadline
Tabletop on the most probable adversary against you
Advisor connected to Fortgale's SOC, MDR and CTI

What it includes

Six capabilities, one coherent posture.

The standard Advisory engagement combines risk governance, applied compliance and operational readiness. Each capability is modular based on the customer profile.

Continuous Risk Assessment

Not an annual audit, but a quarterly-updated view of risk that reflects the threat landscape observed by our CTI: who is targeting your sector, which techniques, which assets they're hitting.

NIS2 · DORA · ENISA posture

Gap analysis, remediation roadmap, board-ready documentation. We support national CERT notification within 24 hours and the 72-hour documentation required by NIS2, plus all DORA requirements for the financial sector.

Tabletop on real adversaries

Incident simulations built on the TTPs of the most probable adversary against your sector: LockBit 4.0 against manufacturing, Scattered Spider against insurance, Cl0p against finance. Not generic scenarios.

Governance & board reporting

Board reporting in risk language, not technology language. Four reports per year with posture metrics, incidents handled, remediation roadmap, residual exposure. Ready to present in audit committee.

Third-party risk management

Suppliers are the modern primary attack surface. We build a vendor evaluation and monitoring process for critical suppliers, consistent with NIS2 (supply chain) and DORA (third-party ICT risk).

vCISO and senior advisor

A senior reference acting as virtual CISO or advisor alongside an existing CISO. Unlike an independent vCISO, our advisor is connected to Fortgale's SOC, MDR and CTI: direct visibility on customer incidents and metrics.

How we operate

Five phases, one continuous cycle.

Posture is not a state, it's a process. Our model combines assessment, roadmap, execution, and review in a quarterly cycle.

01 · Assessment

Current posture and gaps

Analysis of existing cyber posture: governance, processes, controls, assets, regulatory exposure. Mapping against relevant frameworks (NIS2, DORA, ISO 27001, NIST CSF) and identification of critical gaps.
02 · Threat-profiling

Adversaries of your sector

Profile of the most probable threat actors for your sector and size, based on Fortgale CTI: who has already targeted you, who is targeting your peers, which campaigns are active.
03 · Roadmap

Operational remediation plan

12-24 month roadmap with priorities based on real risk, not regulatory checklists. Each intervention has owner, KPI, deadline, and estimated budget. Ready for the Board.
04 · Implementation

Execution and tabletop

We work alongside the internal team during implementation: runbook review, tabletop on real adversaries to validate readiness, support for NIS2/DORA compliance, vendor governance.
05 · Continuous review

Quarterly update

Quarterly review of posture: what changed in the threat landscape, which remediations are complete, which new risks emerge. Posture is not a state, it's a process.

For whom

Four company types, four angles.

New CISO

First 100 days

A new CISO needs an objective view of the inherited posture, realistic prioritisation, and a partner working alongside them without internal politics. Fortgale Advisory provides the framework, the metrics, and the European context to set up the first 100 days.

NIS2 essential entities

NIS2 essential companies

Essential entities (energy, healthcare, transport, banking, strategic manufacturing) face heavy obligations and tight timelines. Our Advisory translates NIS2 articles into an implementable, audit-demonstrable roadmap.

Financial sector

Banks · insurance · DORA

The Digital Operational Resilience Act requires ICT risk management frameworks, scenario testing, critical vendor governance. Fortgale supports the DORA journey with direct experience on actors targeting European finance (Cl0p, FIN7).

Companies without internal CISO

Mid-market industrial

Mid-to-large manufacturing companies that do not have a full-time internal CISO but are still active targets (LockBit, Akira, BlackCat). The Fortgale vCISO model provides senior coverage at predictable cost.

Contact · first step

A technical conversation with our analysts.

One meeting, one NDA, one initial risk briefing. You'll receive an objective view of your posture and a concrete roadmap proposal within 72 hours of the meeting.