Direct service
Cyber Security Advisory
Digital exposure reviews, device hardening, and incident response for principals and family offices.
The challenge
The threat to a high-profile principal is rarely a sophisticated attack. It is far more often a leaked password from an old breach, a poorly configured device, a family member's social media account exposing travel patterns, or a domestic staff member with administrative access they should not have. These risks compound silently and are usually invisible until they materialise.
Our approach
We work to a structured exposure review — what is public about the principal and their immediate circle, where credentials have appeared in known breach corpora, how devices and accounts are configured, and what the practical attack surface looks like. The output is a plain-English report with prioritised remediation and — where the client wants — hands-on hardening delivered directly.
What's included
What's included
- Open-source intelligence review of the principal and immediate household
- Credential exposure check against known breach corpora
- Device and account configuration review (laptop, phone, cloud accounts)
- Practical hardening recommendations, prioritised by risk and effort
- Optional: hands-on remediation, ongoing monitoring, incident response retainer
Engagement
A first engagement is typically delivered in two to three weeks. Many clients then move to a quarterly review cadence or a standing incident response retainer.
Coverage
Delivered remotely; on-site engagements arranged in Europe and the GCC when warranted.
FAQ
Common questions.
- Do I need to give you my passwords?
- No, and we will not ask. The review is performed without privileged access to your accounts — we look at what an external party can see, then advise on what to change. Hands-on remediation, if requested, is performed under your supervision using your own credentials.
- How is sensitive data handled?
- Findings are delivered through an encrypted channel and held only for the duration of the engagement, then deleted on request or by default after 90 days. We can work entirely under NDA before any information is exchanged.
- Will this cover my family?
- Yes — for many principals, the highest-risk exposure is through family members. With consent, we extend the review to spouse, children, and household staff. Children's accounts are handled with particular care and parental sign-off on every step.
- Do you provide incident response if something happens?
- Yes. Existing clients have priority access to incident response under retainer. We will also take on new-client incidents on a best-effort basis, but established relationships are served first.
- Is this a substitute for our corporate IT security team?
- No. We work at the layer of the individual principal and household — the layer that corporate IT typically cannot cover. We coordinate with corporate IT where the principal's work and personal infrastructure overlap.
Ready to discuss Cyber Security Advisory?
Send a confidential brief. We reply within one business day with a named coordinator.