Tessera Cyber

// ABOUT

A cybersecurity compliance studio for firms supervised by CySEC, MFSA, and HCMC.

Tessera Cyber is a compliance studio founded in Cyprus, serving regulated financial entities across the European Union. We specialise in DORA and NIS2 compliance for CIFs, payment institutions, EMIs, and CASPs supervised by CySEC, MFSA, and HCMC.

// WHAT WE DO

We sit between your IT provider and your regulator.

Your IT provider keeps systems running. Your regulator wants evidence that those systems are governed. Someone has to translate between them — build the Register of Information, draft the ICT risk framework, write the incident procedures, prepare the submission, and brief the directors on personal liability.

Our team blends senior cybersecurity engineers with regulatory specialists who hold direct experience in financial services compliance. Engagements are delivered by named professionals — not account managers — who have built ICT risk frameworks and Registers of Information for regulated firms before.

// HOW WE'RE BUILT

One accountable lead. A vetted specialist bench.

Tessera engagements are delivered through a deliberately lean model. A single accountable lead owns the client relationship, scopes the work, and signs the deliverables. Specialist contributors — identity engineers, ISO 27001 lead auditors, GRC analysts, offensive-security testers, DORA/NIS2 specialists.

For a Cyprus CIF, an accounting firm, or a fintech, this means two things:

One number to call.

One person who signs the attestation, answers the questionnaire, and sits in the regulator conversation.

The right specialist for the work.

The person reviewing your access controls holds the identity credential. The person running your gap analysis holds the ISO 27001 credential. We don't pretend one generalist covers everything.

// OUR DELIVERY BENCH

Roles and credentials, not headcount.

M365 / Azure Security Engineer

MS-500 certified · 5+ years hands-on

GRC Analyst

ISO 27001 Lead Auditor · CQI/IRCA-trained

Penetration Tester

OSCP-certified · Cyprus and EU engagements

DORA / NIS2 Specialist

Regulated-sector engagements · Big 4 alumni pattern

Tessera remains accountable for scope, quality control, confidentiality, and final delivery on every engagement. Specialist contributors are engaged only where technical depth is required and operate under written confidentiality obligations and project controls.

// THE A.I.D. FRAMEWORK

Identity governance, made auditable.

Modern security starts with identity. Every auditor, insurer, and enterprise client asks the same question: who has access to your systems, and can you prove it?

A.I.D. is the practical framework Tessera uses to give them an answer. It maps to every modern compliance regime — DORA, NIS2, ISO 27001, SOC 2, and the controls your insurer is already scoring you against.

A

Authority

Who can grant, change, or revoke access? Tessera documents the chain of authority — who decides, who approves, who reviews. Without this, every other control is theatre.

I

Inventory

What systems, accounts, integrations, and non-human identities (service accounts, API keys, AI agents) exist in your estate? Most firms can't produce this list. Tessera builds it.

D

Delegation

How are access decisions delegated, and how is that delegation reviewed? The governance loop that turns a list of permissions into a defensible security program.

Originally developed for identity-governance engagements across UK, EU, US, and Australian clients. Published in the Cyprus Mail.

// WHO TESSERA WORKS WITH

Primary focus — Cyprus regulated sector.

CySEC-licensed Investment Firms (CIFs)

DORA · C700 reporting · ICT risk frameworks

Law firms

NIS2 important-entity obligations · client data protection

Accounting & corporate services

NIS2 important entities · GDPR · insurer requirements

Fintechs & CASPs

MiCA authorisation · DORA · audit-ready ICT governance

// ALSO ENGAGING

Other regulated entities across the EU.

Remote DORA and NIS2 engagements — same fixed-scope model, delivered remotely

Ready to confirm your scope?

Founded in Cyprus. Delivering across Cyprus, Malta, and Greece. All documentation available in Greek and English.

A 20-minute call confirms your DORA position. No obligation.

Book a DORA/NIS2 Readiness Call