Compliance & strategy · Plan

Advice without delivery

Strategy, governance, identity and application security. Advice that delivers because our consultants themselves do what they recommend. No detached strategy team that disappears after the workshop.

Get a free, 90-minute strategy workshop

Practical instead of PowerPoint · 3-year roadmaps · Focus on medium-sized businesses

At a glance

3 years
Roadmaps with clear phases
70%
Quick win share in the first year
+10 Years
Medium-sized business experience in the consulting team
vCISO
if desired, beyond the roadmap

100.000+ mitigated cyber incidents

  • SecuriTy Made in Germany
  • Microsoft Solutions Partner Security
  • Microsoft Solutions Partner Infrastructure Azure
  • Microsoft Solutions Partner Infrastructure Data & AI
  • Kununu Top Company 2025
  • Alliance for Cyber Security

Traditional advice is often disappointing.

How Pently does it differently

Consultants who run operations themselves.

Operation mode instead of lecture mode.

Our consultants sit in parallel in the SOC and in audits. We also do what we recommend: this automatically filters out marketing slides.

Medium-sized companies instead of corporations.

We know your reality: tight teams, Microsoft-centric, supply chain pressures. Frameworks are shortened, not bloated.

Zero Trust pragmatically.

Identity, Device, Network, Application: with a clear phase plan and without tool religion. What you have will be exploited; what is missing is added specifically.

vCISO option.

Do you need a voice on the board without a full-time CISO position? We take care of this with a clear hourly quota and SLA.

At a glance

  • Cyber ​​Security Maturity Assessment according to NIST CSF 2.0
  • 3-year strategy roadmap with clear quarterly goals
  • Identity & Access Management Strategy (Entra ID, MFA, PAM)
  • Application Security: SDLC, SAST/DAST, pentest concept
  • Cloud security strategy (Azure, AWS, GCP)
  • Zero trust migration with phased plan and quick wins
  • vCISO service with defined hourly quota
  • Handover ritual: We will not leave you without transferring knowledge
Start the free NIS-2 check

How we work.

  1. 1

    Assessment

    Maturity check, stakeholder interviews, tool inventory: in 2 weeks.

  2. 2

    Roadmap

    3-year plan with quarterly goals, costs and responsibilities.

  3. 3

    Quick wins

    Immediately visible actions that deliver confidence and budget for the next phase.

  4. 4

    Accompaniment

    Quarterly reviews, vCISO hours or handover to your team: you set the pace.

Frequently asked questions.

What exactly is “CISO-as-a-Service”?+

An experienced person with a clearly defined hourly quota (typically 8-16 hours/month) who is responsible for board meetings, audit escalations and risk approvals - without a permanent position.

Do you also provide industry-specific advice?+

Focus: Automotive, Manufacturing, Healthcare, Finance. We bring appropriate frameworks (TISAX, BAIT, KRITIS) with us - without applying them across the board.

Are you tool-neutral?+

Yes. We recommend what fits the strategy. Proximity to Microsoft is often pragmatic because it is already licensed - but not dogma.

Can you accompany international rollout?+

Yes, with German and English speaking consultants. Experience in EU, UK and US rollouts (especially identity, data protection, supply chains).

Advice that delivers. From experts from Germany.

In 90 minutes, together and free of charge, we will outline what a 3-year roadmap for your company could look like and define immediately implementable “quick wins” for your individual situation.

Get a free, 90-minute strategy workshop