That's not just our tagline - it's how we work. Quality, integrity, and the people who deliver the work.
Safepoint is a boutique cybersecurity consultancy for Belgian financial and regulated institutions. We don't do body shopping, we don't pad engagements, and we don't inflate problems to sell more services. Every deliverable is audit-ready. Every engagement is led by senior practitioners. Every piece of advice is honest.
We don't write reports that sit on shelves. Every gap analysis, compliance roadmap, and penetration test report is structured from day one to serve as evidence for NIS2 conformity assessments, DORA audits, or ISO 27001 certification. Findings are written in plain language with clear business risk context and prioritized remediation guidance.
Every engagement is led by a founder with a decade-plus in Belgian financial institutions. OSCP, OSCE, CRTO, CISSP certified. No juniors learning on your budget. No offshore teams following playbooks. Just senior operators who've done the work.
We don't do body shopping - we won't place consultants on-site just to fill timesheets. We don't pad engagements with unnecessary work. And we tell you what you need to hear, not what's most profitable for us. If you don't need a service, we'll tell you.
We're small, senior-led, and intentionally so. Every engagement gets founder-level attention. You won't be handed off to a delivery team after the sales pitch. The people you meet in the first call are the people who do the work.
We know the Belgian landscape: CCB requirements, CyberFundamentals framework, NBB expectations for DORA, and how ISO 27001 maps to NIS2 conformity. We don't deliver generic international advice - we deliver guidance grounded in Belgian regulatory reality.
We scope engagements honestly. No lowball quotes to win work, then scope creep later. We tell you upfront what's needed, what it will cost, and how long it will take. If scope changes, we discuss it - no surprises on invoices.
Safepoint serves Belgian financial and regulated institutions: banks, insurance companies, telecom providers, critical infrastructure operators, and organizations in scope of NIS2 or DORA.
We also support SMEs in the supply chain of regulated entities - businesses that need to demonstrate security controls to their customers even if they're not directly in scope of NIS2 or DORA.
Every engagement follows a transparent, structured process designed to deliver maximum value with no surprises.
We start with a no-obligation discussion to understand your needs, regulatory requirements, and current security posture. This is a real conversation with a senior practitioner, not a sales pitch.
We provide a transparent scope of work with clear deliverables, timelines, and fixed pricing. If you don't need something, we'll tell you. No lowball quotes, no scope creep later.
Work is led by the same senior practitioners you spoke with initially. We keep you informed throughout, and we're available to answer questions. No handoffs to junior teams.
Deliverables are structured for regulatory evidence from day one. Reports include clear findings, business risk context, and prioritized remediation guidance that your team can actually use.