ESENRODEFRIT
Contact

OCIRIA · ociria.com

Attackers already use AI. Your defense should too.

We support European SMBs and mid-market organisations with vCISO, ISO/IEC 42001 certification and OSINT audits. No franchise, no junior bench, no fear talk.

Request an initial assessment See services 
$ defensive-ai scan --scope=surface
signals: osint · nis2 · exposure · phishing
latency: 240ms
status: senior review required
next: executive diagnosis

Services

Three closed services, no cross-selling. Each one with a concrete deliverable, a defined scope and a senior engineer assigned from the first meeting.

Security leadership as a service

A senior CISO on a part-time basis for organisations that don't yet need a full-time hire. We set policy, prioritise risks and direct technical execution with your team or vendors.

See vCISO scope →

Responsible AI management certification

We prepare your organisation for the international standard on AI management systems. Gap analysis, documented management system and support during the external certification audit.

See ISO 42001 roadmap →

Public exposure assessment

Open-source intelligence to discover what information about your company, domains and leadership is publicly exposed. Executive report plus a prioritised mitigation plan.

Request an OSINT audit →

Why OCIRIA

There are large consultancies and small boutiques. We are a boutique by choice: short teams, fast decisions, direct contact with the engineer in charge of your project. We do not subcontract the critical core.

Methodology

We work in four ordered phases. No scope surprises, no creative billing. Each phase has its own deliverable and is only invoiced if it is executed.

  1. Initial assessment

    One week. Meeting with leadership, quick inventory of critical assets, identification of the three or four risks that actually move the needle. Output: an executive document of 8-12 pages.

  2. Technical analysis

    We go deeper on the prioritised risks. Configuration review, external exposure, existing controls and process maturity. Output: a technical report with findings and criticality level per finding.

  3. Report and action plan

    We turn findings into an executable plan, with owners, deadlines and estimated cost. We distinguish urgent, important and optional. Output: a prioritised action plan and a leadership briefing.

  4. Ongoing support

    If you wish, we stay alongside during execution. Periodic meetings, progress review, plan adjustments. No minimum term, no exit penalty.

Free AI tools

Two free tools that reflect how we work. No intrusive sign-up, no commercial reuse of your data, no aggressive upsell.

Email Scanner

Analyses a suspicious email in seconds: headers, links, attachments and phishing patterns. Useful to validate before clicking. Clear verdict in plain language.

Try Email Scanner →

NIS2 Assessment

Self-assessment questionnaire to position your organisation against NIS2. Tells you if the directive applies, which obligations are relevant and where to start. Estimated time: 12 minutes.

Start NIS2 Assessment →

Let's talk without corporate slides

If you are reviewing vendors, the most useful next step is half an hour of conversation. No corporate slide deck.

Write to [email protected]. We respond within one business day, with the full name of the senior engineer who would handle your case.

Request an initial assessment [email protected]