We help SMEs and regulated organisations defend their business against cyber attacks, and prove their resilience. Practical GRC and vCISO services that turn real risk, and NIS2, DORA and ISO 27001 obligations, into controls, evidence and governance that work in real operations, not just on paper.
A fast look at how we turn NIS2, DORA and ISO 27001 obligations into controls, evidence and governance that holds up under audits, regulators and customers.
Ransomware, fraud and supply-chain breaches can halt operations, drain cash and destroy customer trust overnight, and most SMEs and regulated organisations have no in-house CISO standing in the way. Frameworks like NIS2, DORA and ISO 27001 raise the bar, but the real goal is protecting your business from attack. We build the controls and governance that genuinely reduce your risk, and that satisfy regulators, auditors and customers as a result.
One backbone that satisfies regulators, auditors and your customers' due-diligence questionnaires.
A focused set of advisory services, scoped to your obligations, your sector and your risk appetite.
Strategy, board reporting, programme ownership and continuous assurance, with senior experience from day one.
A trusted sounding board, structure and practical know-how for a newly appointed or less-experienced CISO.
Gap, roadmap and implementation: governance, risk, measures and incident reporting aligned to your duty of care.
ICT risk management, operational-resilience testing and third-party / supplier assurance for financial entities.
Scoping, controls and certification support: one backbone that satisfies many frameworks at once.
A framework aligned to ISO 27005, Cyprus ΚΔΠ 389 and NIST CSF, with a register and treatment plan management can act on.
Maturity assessment and testing that show where your controls stand and where to improve.
Incident-response planning and tabletop exercises to detect, respond to and recover from the real thing.
Role-based training for executives and staff, plus phishing simulations that build everyday security habits.
Keynotes, panels and engagement with fora and regulators on your behalf.
Independent audits for critical entities: objective assessment of compliance, controls and resilience, reported against your requirements.
Treating NIS2, DORA and ISO 27001 in silos multiplies audits, documentation and cost. We build a single compliance backbone, so you assess risk once, produce one set of evidence, and satisfy every framework and customer at the same time.
We work with SMEs and the essential and important entities in scope of NIS2, across the sectors the directive designates as critical.
You engage an experienced principal, not a rotating team, with the judgement that comes from building security functions inside government and banking.
You engage a former CISO of Cyprus' two largest banks and the Government directly, senior judgement and continuity, hands-on from day one.
No products to sell and no platform to push. Our only goal is the right controls and evidence for your organisation.
Built inside government, banking and ENISA working groups, we understand how regulators and auditors think, because we've sat at their table.
We take on a focused set of clients, so each receives the time, attention and continuity that real governance demands.
Done right, cybersecurity governance and implementation is not a cost centre, it strengthens your security posture, protects you from penalties, wins you business and builds lasting trust.
Scope, services and the obligations that apply to you.
Gaps, priorities and the real risk drivers.
An actionable plan with clear owners and timelines.
Governance, policies, controls, training and toolkits.
Testing, metrics, reporting and continuous improvement.
A gap assessment, a prioritised roadmap and a practical checklist, so you can begin execution immediately, with no long lead time and no guesswork.
Book a 20-minute discovery callLed by founder and CEO Panos Panayiotou, circl3.tech brings CISO leadership built inside government, banking and European policy, applied directly to your obligations.
CISO leadership across government & banking
Largest Cyprus banks' security functions built from the ground up
Contributor to EUCS & EU Cybersecurity Skills Framework working groups
Reporting to Board Risk Committees & senior stakeholders
Built the Cybersecurity Directorate from the ground up and led a multimillion-euro programme protecting public-administration infrastructure.
Established and matured the Information Security Offices of the two leading banks in Cyprus.
ENISA EUCS & ECSF working groups; engagement with the European Banking Federation and ACB.
Banking exposure across Cyprus, Greece, Serbia, Romania and the UK, plus foreign embassies and leading private groups.
ISMS implementations and control programmes aligned to ISO 27002, NIS2, GDPR, EBA Guidelines, PCI DSS and PSD2.
Security strategies agreed with boards and regulators, with metrics and reporting that executives can act on.
Panos Panayiotou on building and running a cybersecurity function from the ground up, a practical CISO guide.
Panos Panayiotou on how the CISO's role evolves as NIS2 and DORA take effect.
Why cybersecurity must move beyond compliance to become a continuous, business-critical capability.
Every organisation's needs are unique. Tell us where you are with NIS2, DORA or ISO 27001, or book a short discovery call, and we'll map the fastest practical path forward.