top of page

CISO on Demand

Build with us, a dynamic and coherent system through which you can intelligently minimize the risks of your business.

An experienced team will help you implement and maintain in your organization a living system of policies, procedures and mechanisms for continuous security optimization.

In a flexible and effective work regime. 

We ensure the protection of confidential data and the reduction of risks for your business, ensuring compliance with current regulations. This customized service is ideal for organizations of any size and adapts to the specific needs of each entity.

The role of a Chief Information Security Officer (CISO) is crucial in managing information security, protecting resources against threats and ensuring compliance with relevant standards. Our service supports companies that do not have the necessary resources for a permanent CISO, providing expert and affordable support for managing cyber security.


We provide risk assessments, develop policies and procedures, build and manage internal security teams, conduct operational security assessments and provide crisis counseling. Our experts deeply analyze your organization's security posture, identify vulnerabilities, and develop a strategic plan for long-term security optimization. Benefit from our technical, organizational and coordination expertise to ensure a secure environment for your business.


CISO on Demand brings multiple benefits to your organization, including:


Our service is designed to adapt and evolve with your organization's current goals and needs, allowing you to adjust your workload as needed.


We are not influenced by the internal politics of the client's organization, as well as by the interests of a technology implementer or producer.

Risk Management

We specialize in identifying and managing risks, ensuring robust protection against security threats.

Knowledge transfer

Our specialists share their knowledge and experience, ensuring your employees' increased awareness of security best practices at no additional training cost.

Through our services, we guarantee not only the protection of your data and infrastructure, but also a reliable partnership with transparent recommendations adapted to the specifics of your business.

Digitization options

Our security management consulting service can include the use of advanced software to digitize the activities of a modern CISO.

Management of Security Indicators

We define and track key performance indicators (KPIs) and risk indicators (KRIs), giving you a clear view of your organization's security trends.


We monitor compliance with regulatory standards, best practices and security policies to maintain the integrity of your organization.

Security Risk Analysis and Management

We manage threats, non-conformances and exceptions to reduce risk.

Vulnerability Management

We provide you with a clear picture of your security, highlighting vulnerabilities, remediation recommendations and security score evolution based on identified vulnerabilities.

Management of Security Events and Incidents

We are ready to respond quickly and efficiently to any security incidents.

Reporting and Tracking

Through intuitive dashboards, we can provide an overview of your organization's security levels.


Madalin Bratu, CISA, CISM, CRISC, is a professional with applied experience in providing outsourced CISO services in various business environments, from banking to various companies that provide essential services to human life.

Also, Madalin has applied experience in coordinating very complex programs of outsourced services at various companies of various sizes: from 10 years of experience at IBM Global Technology Services and the provision of integrated outsourcing and IT support services, to Atos / Eviden, the leader global cyber security services.

The service model

We bring top expertise to your fingertips through an innovative business model – that of microservices.

Microservices means that our team will assist you "on demand", integrated into Sectio Aurea, only for "high finesse" aspects. We will guide your team with advice tailored to your needs. Instead of burdening your budgets with expensive employees, we offer you flexible and integrated access to otherwise unaffordable elite specialists at a fraction of the cost.

The delivery method is a successful one, and we have many references from customers in Romania and abroad.

What are we doing?

Our services adopt a structured methodology to help you achieve your business goals with efficiency. This includes supporting IT services, ensuring that all compliance requirements are met and that risks are kept to an acceptable level. Through our approach, we ensure that security strategies are perfectly aligned with the goals and needs of your business, thus guaranteeing optimal protection and maximum efficiency.

We define the security strategy
We define security policies
We ensure continuous commitment from management
We establish, monitor, report security indicators
We integrate security governance into corporate governance
We define, communicate and monitor security responsibilities
We educate employees

Security Program

We establish and maintain information security processes and resources, standards, guidelines, procedures
We align the information security program with operational objectives
We promote and maintain an awareness and training program
We establish and maintain metrics, reports to management on activities, trends and overall effectiveness

Incident Management

We establish the hierarchy of security incidents
​We establish an incident response plan to ensure an effective and timely response to security incidents
We set up processes to ensure timely identification of incidents
Incident investigation and documentation processes
Incident notification and escalation processes
We organize, train incident response teams

Reporting information security risks and non-conformities to top management.

Consulting for top management in risk management and information security.

Development of the information security strategy, aligned with the organization's business objectives.

Implementation and periodic review of information security policies, standards and procedures.

Carrying out risk analyzes and proposing risk management measures in the context of the emergence of new threats or non-conformities.

Managing the catalog of risks in information security.

Development and implementation of the information security awareness program in the organization.

Presentation and explanation of security policies, standards and procedures to responsible persons (IT, Business Owner).

Specialized consultancy in external audits.

Review of security policies, standards and procedures after audit activities.

Monitoring the implementation of measures from audit reports and legal requirements (e.g. Law 362/2018).

Tracking and reporting of security indicators (KRIs and KPIs) defined in the security program.

Monthly reporting of security activities and performance indicators.

Elaboration of information security requirements for IT projects, based on business assessments and systems architecture.

Validation of information security responsibilities with designated individuals.

Information Security Incident Management.

Periodic assessment of organizational maturity in information security.

Review of security policies, standards and procedures after audit activities.

Scope of work of the service

CISO on Demand has several priority axes, as follows:

Reporting and feedback channels
Review and update channels for effective and prompt communication of cybersecurity information between stakeholders.
Evaluation indicators
Establishing relevant and measurable indicators for assessing compliance with the Network and Information Systems Security Policy. Security performance reporting will be defined and key indicators for management will be established.
Evaluation method
Defining a method for assessing compliance indicators.
Assessment and audit procedure
Establishing a rigorous procedure for assessing NIS compliance and performing security auditing, ensuring ongoing compliance and prompt identification of security issues.

Risk Analysis

IT and ICS Inventory. Building IT and ICS Scada inventory lists and integrating them into the CMDB.

Information system architecture. Assistance in building the physical and logical model of the information system architecture for essential services, including the inventory of information system configurations (components, versions, interactions).

Information flows. Analysis of information flow in systems, identification of weak points and potential vulnerabilities.

Technical configuration and security. Assessing the security of existing IT systems, ensuring compliance with security best practices.

Vulnerability analysis. Consolidate information from security testing, IT configuration analysis, and non-conformances to best practices, resulting in a comprehensive vulnerability inventory.

Threat modeling and risk assessment. Assessing potential threats, calculating probability and impact, and building the risk register for all departments.

Risk management. Implementation of the risk management procedure and existing process requirements in the company.

Analysis of Third Party Vendor Contracts (Vendor Risk Assessment)

Analysis of contracts with third party suppliers. Reviewing contracts to clarify services offered, service levels, cybersecurity obligations and penalties for non-compliance.

Evaluation of technical responsibilities of suppliers. Reviewing the technical obligations, verifying the competences and evaluating the security mechanisms of the suppliers to ensure their contribution to the security of the organization.

Risk report associated with external suppliers. Creating a detailed report that identifies and assesses the risks associated with each supplier, including a list of potential risks and assessment of their impact and likelihood.

Stakeholder relationship analysis. Assessing risks from relationships with partners, customers, regulators and other entities in the organization's ecosystem.

List of service agreements and audit mechanisms. Develop a list of all Service Level Agreements (SLAs) and review audit mechanisms for networks and IT systems.

Individual risk analyzes for suppliers. Carrying out individual risk analyzes for each supplier, depending on the complexity of the relationships and the level of risk, to effectively manage specific risks.

Classification of Information

Information inventory. Carrying out a complete inventory of information in the organization, covering all types and formats (digital and analog), and all departments.
Allocation of the level of secrecy. Classification of inventoried information according to the classification procedure, determining the necessary protection measures for each classification level.
Implementation of labeling measures. Application of classification labels through technical and organizational measures, including the use of information management systems for automatic labeling.
Information support protection. Providing guidance on appropriate security measures, such as data encryption and access control, to protect media against unauthorized disclosure.
Collection of information. Interviewing heads of departments and divisions to gather details about the types of information held and its use.
Centralization of information and levels of secrecy. Creating a centralized inventory of the types of information and their levels of classification after data collection is complete.
Recommendations for protective measures. Issuing recommendations for the implementation of technical and organizational protection measures, such as data loss prevention (DLP) systems, access policy improvements and other security technologies.

Identity and access management

Inventory of identities. Complete review of digital identities, including users (employees, partners, customers), systems accessed and rights associated with each identity.
Access rules. Defining and implementing access policies to regulate access to resources, ensuring that users have access to only the resources necessary for their tasks.
Remote access. Analyzing and implementing secure remote work access solutions to critical systems using technologies such as VPN, multi-factor authentication and other security measures.
Privileged accounts. Careful management of privileged access accounts, analyzing and recommending solutions for their management, including activity logging and monitoring, periodic review of access rights and implementation of additional controls (IGA, PAM, SSO, Secrets Management).
Digitized approval flow. Create and implement a formal process for requesting, approving and reviewing access to resources, documenting and approving each access request by an authorized officer and regularly reviewing access rights.
Checking for changes to privileged accounts. Implementing organizational and technical measures to monitor and alert on unauthorized or suspicious changes to privileged accounts, including logging and analysis of logs and automatic alerts for unusual activity.
Digitization of operations. The selection of technologies that help digitize operations resulting from operational procedures.

Systems Management

This essential chapter addresses protecting and streamlining computer systems by defining network architecture, analyzing firewall settings, managing encryption keys, and establishing security standards. Our services include:

Defining the network architecture. Implementing a network architecture for effective segmentation and segregation of critical resources to limit the risk of exposure to threats and minimize the potential impact of security incidents. This involves identifying critical resources, designing the network to separate them, and implementing the necessary controls.

Reassessing network segregation. Evaluation of current network segregation methods, especially for SCADA environment, to ensure effectiveness and identify possible improvements.

Analysis of firewall settings. Reviewing and optimizing current firewall settings to ensure adequate protection of networks and IT systems.

Management of encryption keys. Implementing procedures for generating, using and tracking encryption keys, including lifecycle management and protection against unauthorized disclosure.

Definition of security standards (baselining). Establishing a security baseline for all IT elements that support critical processes, handling exceptions and defining operational flows. Assessing a maturity model according to international standards (ANSI/ISA, ISA-62443, NIST SP 800-53) and creating a roadmap for alignment with these standards, both operationally and technically. We provide consultancy for the selection of technologies, rethinking the architecture and the effective implementation of technical solutions.

Consulting for the digitalization of operations. The selection of technologies to facilitate the digitization of operations resulting from operational procedures, for increased efficiency and security.

Vulnerability management

Security exception management and patching verification. Implementation of security exception management and verification mechanisms for patching activities. Our services include:

Consulting on defining workflows for vulnerability scanning and detection. Assess existing IT and SCADA infrastructure and use advanced scanning tools to identify vulnerabilities. We provide recommendations for setting up and running scans, analyzing results, and identifying weaknesses in security systems.

Vulnerability Prioritization Consulting. Assess and prioritize identified vulnerabilities, taking into account severity, potential business impact and cost of remediation. We help the organization establish an order of priorities in addressing vulnerabilities.

Exception Handling Consulting. Assist in handling exceptions when fixing a vulnerability is not feasible or practical. This involves assessing and accepting the associated risks, applying compensatory measures or reallocating resources to address other vulnerabilities.

Mechanisms for verifying patching activities. Establishing and implementing effective mechanisms for verifying the correct application of security patches, ensuring that all systems are up-to-date and protected against threats.

Detection management

Assessment of present abilities. Using lessons learned from responding to a wide range of threats, Sectio Aurea consultants assess your organization's ability to manage specific threats and provide the guidance you need to make practical and meaningful improvements. We use a combination of activities such as reviewing existing documentation, analyzing logging configurations, deep-dive workshops, table top exercises and simulated testing of existing security measures to rigorously review and validate your organization's cyber defense capability , from the perspective of critical areas of incident response:

Defining SOC operational processes : Creating a SOC involves defining a set of standardized operational processes to ensure an efficient and effective response to security events. These processes include constant network and IT systems monitoring, security event detection and notification, security incident assessment and escalation, incident containment, evidence collection and handling, identifying attacking hosts, threat eradication, security incident recovery and closure, Sessions of Follow up.

Continuity management

Development of Recovery Strategies. This involves identifying and developing strategies and technical solutions for restoring critical business functions and operations following a disaster.

Defining some Implementation Plan. This is a detailed set of instructions and procedures that describe exactly what needs to be done, when and by whom, in the event of an incident. It should be detailed enough that anyone with basic knowledge will be able to implement the plan.

Defining Roles and Responsibilities. This section details who is responsible for what during and after an incident. This should include emergency contacts as well as a list of each person's responsibilities.

Defining test and update plans. It shows when and how the plan will be tested to ensure its effectiveness, and when and how it will be revised and updated.

Definition of Training and Outreach. It details the training and awareness programs designed to ensure that personnel are aware of the plan and are able to carry out their responsibilities in the event of an incident.

Definition of operational Annexes. This will include any other relevant information such as evacuation plans, equipment lists, copies of important contracts, network diagrams, checklists, etc.

Together, these components ensure that the organization is prepared to deal with a disaster and can return to normal operations in the shortest possible time.


Discover the key to success in cyber security with an exclusive one-to-one session with Mădălin Bratu, the innovative mind behind Sectio Aurea.

With a remarkable experience of 20 years in IT and an impressive career path, Mădălin is the elite consultant that any leader in the field wants by his side.

Take advantage of the unique opportunity to enrich your knowledge and secure your business in a personalized and efficient way.

Plan your meeting with Mădălin Bratu now and unlock access to cyber security solutions at the highest level as well as a team of top tier cyber security experts

bottom of page