Frequently Asked Questions

Cybernoq LTD is a UK-registered cybersecurity and technology firm (Company No. 16762568) headquartered in London, England. We deliver elite cybersecurity services and technical project management to enterprises across more than 40 countries worldwide.

What distinguishes Cybernoq is the combination of three things most firms can't offer simultaneously: genuine technical depth (our consultants are practitioners, not just advisors), operational excellence (we deliver projects on time, on budget, to the highest standard), and a truly global perspective built from working across diverse industries and geographies.

We don't use junior consultants on senior engagements. Every project is led by a certified expert with real-world experience in the specific domain. Our client retention rate of 98% reflects the quality and consistency of our work.

Cybernoq LTD is registered in England and Wales, with our registered office at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ. We are a fully global firm, having delivered projects in over 40 countries across Europe, the Middle East, Asia-Pacific, North America, and Africa.

For on-site engagements, our consultants travel globally. For remote engagements, we operate across all time zones with dedicated team members available around the clock. Language is not a barrier — our team includes professionals fluent in English, Arabic, French, German, and several other languages.

Our consultants hold the most respected certifications in the cybersecurity industry, including OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert), CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CEH (Certified Ethical Hacker), CREST certifications, AWS/Azure/GCP security specializations, PMP (Project Management Professional), and PRINCE2.

We require all consultants to maintain their certifications through continuous professional development and to stay current with the latest attack techniques, tools, and defensive strategies. Many of our team members have backgrounds in intelligence agencies, Big 4 consulting, and leading technology companies.

Our engagement process is designed to be efficient and transparent. It begins with an initial consultation call (typically 30-60 minutes) where we understand your requirements, current security posture, and objectives. We respond to all inquiries within 2 hours during business hours.

Following the consultation, we provide a detailed proposal within 2-3 business days covering scope, methodology, timeline, deliverables, and investment. Once the proposal is accepted and the engagement agreement is signed, we assign a dedicated project team and schedule a kickoff meeting.

Throughout the engagement, you have direct access to your lead consultant and receive regular progress updates. All deliverables are reviewed internally before submission to ensure they meet our quality standards. Post-engagement, we offer a debrief call to walk through findings and answer questions.

The duration of a penetration test depends on the scope and complexity of the engagement. A focused web application penetration test typically takes 5-10 business days. An internal network penetration test for a medium-sized organization usually takes 10-15 business days. A comprehensive red team exercise for a large enterprise can take 4-12 weeks.

We always provide a detailed timeline in our proposal based on your specific scope. We never rush engagements to meet arbitrary deadlines — thoroughness is paramount. However, we also understand business constraints and work with you to find the right balance between depth and timeline.

A vulnerability assessment is an automated or semi-automated process that identifies and catalogues known vulnerabilities in your systems. It tells you what vulnerabilities exist but doesn't attempt to exploit them. It's faster and less expensive, but provides limited insight into actual exploitability and business impact.

A penetration test goes significantly further. Our consultants actively attempt to exploit vulnerabilities, chain multiple weaknesses together, and demonstrate the real-world business impact of a successful attack. We think like attackers, not scanners. A penetration test tells you not just what vulnerabilities exist, but which ones can actually be exploited, how they can be chained together, and what an attacker could achieve.

We recommend penetration testing over vulnerability assessments for any organization that needs to understand their true security posture. Vulnerability assessments are useful for continuous monitoring between penetration tests.

We offer both. Many of our services — including SOC as a Service, Threat Intelligence, Vulnerability Management, and DevSecOps — are ongoing, subscription-based services that provide continuous protection. These are typically structured as annual contracts with monthly service delivery.

Point-in-time services like penetration testing, compliance assessments, and incident response are delivered as discrete engagements. However, we strongly recommend annual penetration testing at minimum, and many clients engage us quarterly for high-risk environments.

We also offer retainer arrangements for incident response, where you pay a monthly retainer fee to guarantee priority response and a pre-agreed hourly rate if an incident occurs. This is significantly more cost-effective than engaging us on an emergency basis after an incident.

Our pricing is scope-based and transparent. We don't publish standard rate cards because every engagement is different — the complexity, scope, and required expertise vary significantly between organizations. What we do guarantee is that our pricing reflects the actual value delivered, not inflated day rates.

For project-based engagements (penetration testing, compliance, incident response), we provide fixed-price proposals based on the agreed scope. There are no surprise invoices — if the scope changes, we discuss and agree on any price adjustments before proceeding.

For ongoing services (SOC, threat intelligence, vulnerability management), we offer monthly or annual subscription pricing with clear SLAs and deliverables. Annual contracts receive preferential pricing.

To receive a proposal, contact us at info@cybernoq.com with details of your requirements. We typically provide proposals within 2-3 business days.

We work with organizations of all sizes, from Series A startups to Fortune 500 enterprises and government agencies. Our service packages are designed to scale appropriately for different organizational sizes and budgets.

For smaller organizations, we offer focused, high-impact engagements that deliver maximum security improvement within budget constraints. Many of our SMB clients start with a penetration test or compliance assessment and expand their engagement as their security maturity grows.

Regardless of organization size, every client receives the same quality of expertise and professionalism. We don't have a "small client" team — the same calibre of consultant works on all engagements.

Confidentiality is the foundation of everything we do. All engagements are governed by a comprehensive Non-Disclosure Agreement (NDA) signed before any sensitive information is shared. Our consultants are bound by strict confidentiality obligations both contractually and professionally.

During engagements, we follow strict data handling procedures. Any sensitive data encountered during testing is handled according to agreed protocols and is never stored beyond the engagement period. All engagement data is encrypted in transit and at rest using industry-standard encryption.

We are fully compliant with GDPR and UK Data Protection Act requirements. We can provide our data processing agreement (DPA) for clients who require it for their own compliance purposes.

Critical vulnerability discovery is handled through our immediate notification protocol. If we discover a critical vulnerability that poses an immediate risk to your organization — such as an unauthenticated remote code execution vulnerability or an exposed database containing sensitive data — we notify your designated contact immediately, regardless of where we are in the engagement timeline.

We don't wait until the final report to tell you about critical findings. You receive immediate verbal notification followed by a written preliminary finding within 24 hours. This allows your team to begin remediation immediately while we continue the assessment.

The final report will include the full context, exploitation evidence, business impact assessment, and detailed remediation guidance for all findings, including the critical ones already communicated.

Absolutely. Our GRC practice has guided hundreds of organizations to successful ISO 27001 and SOC 2 certification. We provide end-to-end support from initial gap assessment through certification audit, including ISMS design, policy development, risk assessment, control implementation, staff training, internal audit, and auditor liaison.

For ISO 27001, we typically achieve certification within 6-12 months depending on the organization's starting point and complexity. For SOC 2 Type I, the timeline is typically 3-6 months; Type II requires an additional 6-12 month observation period.

We work with accredited certification bodies and can recommend auditors based on your industry, geography, and specific requirements. Our success rate for first-attempt certification is 96%.

Yes. Incident response is one of our core capabilities and we treat active incidents as the highest priority. Contact us immediately at info@cybernoq.com with "INCIDENT RESPONSE" in the subject line. We target a 1-hour response SLA for active incidents.

Our DFIR team will immediately begin remote triage to assess the situation, contain the threat, and preserve forensic evidence. If on-site presence is required, we can deploy globally within 24 hours.

If you don't currently have an incident response retainer with us, we can still engage on an emergency basis. However, we strongly recommend establishing a retainer before an incident occurs — it guarantees priority response, pre-agreed rates, and allows us to understand your environment in advance, dramatically reducing response time when it matters most.

Staying ahead of the threat landscape is a core organizational commitment at Cybernoq. Our consultants dedicate significant time to continuous learning, research, and skills development. This includes participating in CTF (Capture The Flag) competitions, contributing to open-source security tools, publishing security research, and maintaining active memberships in professional organizations.

We operate our own internal threat intelligence platform that aggregates feeds from commercial, open-source, and proprietary sources. Our threat intelligence team produces daily briefings that keep all consultants informed of new vulnerabilities, active exploitation campaigns, and emerging threat actor TTPs.

We also maintain close relationships with law enforcement agencies, national CERTs, and industry information sharing groups (ISACs) to receive early warning intelligence about emerging threats targeting our clients' sectors.

Yes, absolutely. Cybernoq provides comprehensive on-site security infrastructure deployment across Saudi Arabia, UAE, Jordan, and Syria. Our services include server installation and hardening, firewall deployment (Fortinet, Cisco, Sophos), network infrastructure setup with VLAN configuration, CCTV system installation, access control systems, and complete office hardening.

We combine cybersecurity expertise with physical infrastructure knowledge to deliver truly integrated security solutions. Our team can deploy rapidly with minimal downtime and provides 24/7 post-deployment support.

Our on-site infrastructure deployment services are currently available in: Saudi Arabia, United Arab Emirates, Jordan, and Syria. We have established teams and partnerships in these regions to ensure rapid deployment and local support. For deployments outside these areas, please contact us to discuss possibilities.

Timelines vary based on project scope, but we typically work on the following schedule: Assessment & Planning (1-2 weeks), Equipment Procurement (2-4 weeks), On-Site Installation (1-3 weeks depending on complexity), Testing & Hardening (1-2 weeks), and Knowledge Transfer (ongoing). We prioritize minimal downtime and work closely with your team to schedule deployments during maintenance windows.

Yes. Cybernoq provides specialized security assessments for government agencies and classified environments with support for TOP SECRET clearance requirements, TEMPEST compliance, and compartmentalized reporting protocols. Our team understands the unique security requirements of government operations and can work within strict classification frameworks.

Please contact us directly to discuss your specific government security requirements.

We provide comprehensive compliance support for financial institutions including PCI-DSS (Payment Card Industry), SWIFT CSP (Secure Customer Handling Program), Basel III capital adequacy requirements, and central bank regulatory frameworks. Our assessments are tailored to your specific regulatory environment and ensure full compliance with both international standards and local regulatory requirements.

Yes. We specialize in critical infrastructure security including SCADA/ICS (Supervisory Control and Data Acquisition / Industrial Control Systems) security assessments, industrial control system hardening, and resilience planning for energy, water, telecommunications, and other critical sectors. Our team understands the unique operational requirements of critical infrastructure and can design security solutions that maintain system availability while protecting against advanced threats.

Zero Trust is a security model that assumes no user or device can be trusted by default, even if they're inside your network. Instead of trusting based on location (inside the firewall), Zero Trust requires continuous verification of every user, device, and application.

Cybernoq helps design and implement Zero Trust architectures tailored to your organization, including microsegmentation, continuous verification frameworks, and identity-based access controls. This approach dramatically reduces your attack surface and improves your ability to detect and respond to threats.

Yes. Quantum computing poses a significant threat to current encryption standards. Cybernoq offers quantum-safe cryptography assessments and post-quantum migration planning to help your organization prepare for this emerging threat. We evaluate your current cryptographic infrastructure and develop migration strategies to transition to quantum-resistant algorithms before quantum computers become a practical threat.