Cyber Security Strategic Consultancy

For C-Level Executives

Strategic Consultancy

Plan and develop long term cybersecurity strategies and middle term tactical plans

These consulting services are based on maturity level determination and the principle of necessity and proportionality.

  • Realistic view about the existing cybersecurity exposure of the organization
  • Sparing unnecessary expenditure
  • Preparing for the worst possible scenario
  • Creating sustainable cybersecurity systems
Strategic Consultancy


Strategic Consultancy

Sport events

Strategic Consultancy


Strategic Consultancy

Smart city

Strategic Consultancy

Law enforcement

Strategic Consultancy

Cloud strategies

Strategic Consultancy


Strategic Consultancy



Security Operation Centers

Securing industry 4.0 projects

Mitigate ICS/OT cyber exposure

Moving to the cloud

Incident response

Develop frameworks for international events

Planning a Smart City concept

Secure by design

„The assessment result that is systems procedures is under the baseline. Now our bank has a 3 years plan on how to figure it out. That was a pleasure to work with Black Cell.”


Finance sector

Key Steps


Analyse internal environment


Analyse external environment


Determining issues / Identifying gaps


Formulate objectives / Set up goalds based on assessment


Strategy Plan

Internal Assessment






Data processing

Internal process descriptions
Training materials
Internal and external audit reports
Internal and external cybersecurity risk assessment

Crown Jewel Analysis



Validating the collected data via interviews and international standards

Mission Objectives

Mission objectives and priorities come from the senior leader inputs



Vulnerability assessment
Penetration testing
Red teaming
Social engineering


Operational tasks

Tasks and mission dependencies come from manager inputs


Measuring Capability Maturity


Information assets/System function

Information and task dependencies come from operator inputs



War game


Cyber Assets

Cyber and information dependencies come from tech inputs

External Assessment

Cyber Threat Intelligence

Real time threat feeds
Lightning fast search


Defensive services
Offensive services
Managed security services

International Information Sharing And Analysis Centers (ISAC)

Sector/industry specific feed from companies
Subject matter experts
Scientific institutions

Strategic Consultancy

Determining the actual maturity level of the organisation and identifying the “gaps” between current and future/desired maturity levels in order to set up the goals to be achieved.

Strategic Consultancy

Defining goals based on the results of assessments carried out by Black Cell

Short term
Long term
Process goals
Outcome goals

Strategy Plan

Enterprise Level

Assessing the existing strategy from a cybersecurity point of view [based on the results of assessment procedure]

Enriching the strategy with cybersecurity elements [high-level]

Breaking down high-level vision/strategy into actionable activities for division

Division Level

Assessing the existing strategy from a cybersecurity point of view [based on the results of assessment procedure]

Enriching the strategy with cybersecurity elements [high-level]

Translating activities into specific tasks

RACI Matrix
Budget Plan

Cyber Security Strategic Consultancy

For Technical Operators


Before we start planning we should have a clear view of the organizations current status and the visions. There could be happening based on the existing audits, policies, documented processes, interviews or Black Cell Cyber Security Strategic Consulting team own methodology. Latter includes mostly quantitative analyses like the Crown Jewels Analysis or another objective assaying.

Our target to estimate the maturity level of:

  • Competencies
  • Technical capabilities
  • Policies
  • Processes
Strategic Consultancy

Set Up Realistic Goals

After we have proper data about the cyber ecosystem we could set a goal, goals, and create necessary frameworks, like SOC codex, inhouse knowledge base, wiki, CMDB, etc.

These goals have to be reachable and objective. To achieve objectivity we need to lean on numbers and pure math. Our team maturity frameworks born for these tasks.

We plan strategically for 3 years in general.

Strategic Consultancy

Tactical planning

When we see clearly the long term vision we may set up a roadmap with strict KPI’s and we could start working on these cross-department projects.

Strategic Consultancy

First year

  • Have a proper map and knowledge about the cyber ecosystems
  • Develop detection capabilities via proper use case. | This is generally done by matrixes and depends on the cardinality of the use cases.
  • Develop an incident response plan
  • Set up the roadmap for the employee skill development |
  • Develops in-house e-learning or outsource it

Second year

  • Implement a SIEM system | The previously defined use case should be implemented for and have to be synchronized
  • Start using the SOAR system | To cut the budget on employ Level 2-3 analyst on work a Level 1
  • Test the stack via synchronized RED team TTX (Tabletop Exercise) called War Game
  • Start using industry-specific cyber threat intel and join communities (ISACs)

Thrid year

  • Set up your Threat Hunting team and the roadmap to develop its maturity
  • Set up local malware lab
  • Start using ML-based anomaly detection | Develop in-house training model, for example, HTTP anomalies
  • Set up deception-based detections

Operative planning

Even we have tactical goals like moving to the cloud or set up a local DFIR ( Digital Forensics and Incident Response) team the operative plan should be as granular as possible because, for example, set up SLA with ticket-based penalties is a serious commitment and could cost money. Logical and administrative tasks should be synchronized. These also require the most accurate planning with mathematical modeling.

Strategic Consultancy

Exemplary excerpt about our technical mindset:

Network Intrusion and anomaly detection: three-level IDPS system development

  • First-quarter:
    • Proper network segmentation
    • NAC designing
  • Second-quarter:
    • IPS deployment
      • vendor testing matrix
      • cost: 70 point features and function 30 points (based on the clients wish)
      • test with malicious pcap’s, Ddos, usability, etc
Strategic Consultancy
  • Third-quarter:
    • IDS with each network segment
    • TAP or SPAN Port, Packet Broker
    • Suricata based IDPS engine
    • Custom and CTI based YARA rules
    • Support threat hunting team
  • Fourth-quarter:
    • Anomaly detections
      • Detect DGAs | Ngrams, and entropy-based DNS entry checker runs on an Apache Spark
      • HTTP/HTTPS anomalies | Harvest user agent strings via Zeek IDS and run a Bayesian or CRM114 ML against with a locally developed training model


Our service includes the support and maintenance regarding the strategical yearly review, the tools what we hand over and 24-hour email response 3 hours call back and 5 working days onsite – based on an agreement level.

Pin It on Pinterest