Tessera Cyber

// ABOUT

A cybersecurity practice built for Cyprus's regulated SMEs.

Tessera Cyber is a Cyprus-based cybersecurity practice serving CIFs, law firms, accounting practices, fintechs, and other regulated SMEs. We do one thing: give you a named security lead for a fraction of the cost of a full-time hire, backed by a vetted bench of specialists.

// WHAT WE DO

We sit between your IT provider and your regulator.

Your IT provider keeps systems running. Your regulator, your insurer, and your board want evidence that those systems are secure. Someone has to translate between them — write the policy, audit the access, sign the scorecard, answer the questionnaire, brief the directors.

That's us. Tessera Cyber is the named security function for Cyprus SMEs that need someone accountable for the security layer without hiring a full-time CISO at €100,000+ a year.

// HOW WE'RE BUILT

One accountable lead. A vetted specialist bench.

Tessera engagements are delivered through a deliberately lean model. A single accountable lead owns the client relationship, scopes the work, and signs the deliverables. Specialist contributors — identity engineers, ISO 27001 lead auditors, GRC analysts, offensive-security testers, DORA/NIS2 specialists.

For a Cyprus CIF, an accounting firm, or a fintech, this means two things:

One number to call.

One person who signs the attestation, answers the questionnaire, and sits in the regulator conversation.

The right specialist for the work.

The person reviewing your access controls holds the identity credential. The person running your gap analysis holds the ISO 27001 credential. We don't pretend one generalist covers everything.

// OUR DELIVERY BENCH

Roles and credentials, not headcount.

M365 / Azure Security Engineer

MS-500 certified · 5+ years hands-on

GRC Analyst

ISO 27001 Lead Auditor · CQI/IRCA-trained

Penetration Tester

OSCP-certified · Cyprus and EU engagements

DORA / NIS2 Specialist

Regulated-sector engagements · Big 4 alumni pattern

// THE A.I.D. FRAMEWORK

Identity governance, made auditable.

Modern security starts with identity. Every auditor, insurer, and enterprise client asks the same question: who has access to your systems, and can you prove it?

A.I.D. is the practical framework Tessera uses to give them an answer. It maps to every modern compliance regime — DORA, NIS2, ISO 27001, SOC 2, and the controls your insurer is already scoring you against.

A

Authority

Who can grant, change, or revoke access? Tessera documents the chain of authority — who decides, who approves, who reviews. Without this, every other control is theatre.

I

Inventory

What systems, accounts, integrations, and non-human identities (service accounts, API keys, AI agents) exist in your estate? Most firms can't produce this list. Tessera builds it.

D

Delegation

How are access decisions delegated, and how is that delegation reviewed? The governance loop that turns a list of permissions into a defensible security program.

Originally developed for identity-governance engagements across UK, EU, US, and Australian clients. Published in the Cyprus Mail.

// WHO TESSERA WORKS WITH

Primary focus — Cyprus regulated sector.

CySEC-licensed Investment Firms (CIFs)

DORA · C700 reporting · ICT risk frameworks

Law firms

NIS2 important-entity obligations · client data protection

Accounting & corporate services

NIS2 important entities · GDPR · insurer requirements

Fintechs & CASPs

MiCA authorisation · DORA · audit-ready ICT governance

// ALSO ENGAGING

EU SMEs needing fractional CISO support

Remote vCISO retainers across the EU

Ready to see where you actually stand?

Book a Free 30-min Quick Look. Honest verdict, no obligation.

Book a Free 30-min Quick Look