Security advice tailored to resilience, risk, and regulation.

Heretek’s Advisory Services help you navigate the technical, organisational, and regulatory complexity of modern cyber security.

What We Offer

Virtual CISO (vCISO)

Strategic security leadership for organisations without a full-time CISO. We guide board-level risk discussions, policy development, and programme planning.

Security Architecture Review

Ensure your tooling, infrastructure, and controls are aligned with your threat model and resilience goals — and compliant with frameworks like NIST, ISO, PCI, and DORA.

Risk & Threat Modelling

Understand your true threat exposure through tailored risk assessments and attack surface mapping — essential for DORA’s ICT risk management requirements.

Security Gap Analysis

We benchmark your current posture against standards like ISO 27001, NCSC CAF, or DORA, and provide a roadmap for achieving compliance and resilience.

Remediation & Implementation Support

We don’t just highlight issues — we help fix them. From control deployment to process improvements, we work alongside your teams to reduce risk and meet regulatory expectations.

Capability Development

Our experts are here to help you design, build and deploy your next security capability. Everything from your organisations first dedicated cyber security function to a bespoke capabilities.

DORA Compliance Support

The Digital Operational Resilience Act (DORA) is now in effect — with enforcement starting January 2025. It mandates that financial entities across the EU and UK (via PRA/FCA alignment) must

  • Demonstrate effective ICT risk management frameworks

  • Implement and test incident response and business continuity plans
  • Conduct advanced threat-led testing (e.g. red teaming, TLPT)
  • Ensure third-party ICT service providers are contractually governed and monitored

How we Help

  • Performing ICT risk assessments and mapping existing controls
  • Supporting policy creation and incident playbook development
  • Aligning testing and purple team exercises to DORA threat-led testing expectations
  • Assisting with vendor risk management and due diligence

Why Work With Us

Practitioner-Led Advice
Our consultants bring frontline experience from red teams, threat hunting, and architecture reviews — not just frameworks and policy.

Strategic + Tactical
We help you understand and meet regulatory obligations — while also making meaningful improvements to your real-world resilience.

Clear, Actionable Outputs
From board reports to SOC workflows, our deliverables are written for clarity and impact.

Are you a regulated financial institution in scope for DORA?

  • Preparing for a third-party or investor-led cyber audit?

  • Growing your internal cyber maturity but need expert direction?
  • Facing pressure to formalise your risk and resilience strategy?

Partner With Confidence

Choose the right advisory model for your compliance and security needs.

Fixed-Term Advisory

We are here to help and guide you through any DORA, PCI or ISO audit

Ongoing Retainer

Continuous support and board-level engagement

Project-Based

Reviews, incident planning, testing readiness, third-party risk assessments

are you ready to discover your hidden vulnerabilities?

Get in touch and let Heretek assess your systems before it’s too late.

You can’t fix what you don’t check so get in touch today.

  • Industry leading tools and methodologies

  • Comprehensive and detailed results

  • Cost effective and scalable

are you ready to discover your hidden vulnerabilities?

Get in touch and let Heretek assess your systems before it’s too late.

You can’t fix what you don’t check so get in touch today.

  • Industry leading tools and methodologies

  • Comprehensive and detailed results

  • Cost effective and scalable