About
We are not a technology vendor, a Big Four practice, or a generalist consultancy. We are specialists — at the intersection of technical cybersecurity expertise and board-level governance accountability.
Book a discovery callOur philosophy
Technical advisors speak in frameworks, threat vectors, and CVEs. Boards speak in accountability, fiduciary duty, and business risk. Most cybersecurity advisors serve the CISO. We serve the board.
The first question we ask is not "what tools do you use?" It is "who is accountable when your AI causes harm?" That answer reveals where governance actually starts.
Our engagements end with boards that can demonstrate effective AI oversight — not with reports that sit in a drawer after the engagement closes.
Board-level advisory requires genuine availability and deep context. We work with a small number of clients at a time, by choice.
No technology to sell, no vendor referral fees, no preferred partners. Our only interest is your board's governance capability.
The team
Lead Advisor — AI Governance & Board Advisory
Award-winning cyber leader with over 15 years of experience across tech unicorns, global financial institutions, and critical infrastructure. Holds formal certification in AI oversight for corporate directors. Serves in an active advisory capacity on AI risk at the board level within a major Asia-Pacific energy group — bringing firsthand governance experience to every engagement.
LinkedIn →Risk & Governance Advisory
Executive MBA with over 15 years building risk management strategies, governance documentation, and executive training programs across complex, multi-jurisdictional organizations. Turns advisory insight into sustainable capability — frameworks and policies that work long after the engagement ends.
LinkedIn →Credentials
Formal certification in AI governance for corporate directors — one of very few cybersecurity practices globally with this credential. Designed specifically for the boardroom context in which we operate.
Firsthand advisory at the board level in AI risk governance — not frameworks developed from the outside. We know what boards actually ask, what they struggle to understand, and what governance they can realistically sustain.
Tech unicorns, tier-1 global financial institutions, critical infrastructure operators, and executive consulting — always at the intersection of technical depth and business leadership.
Registered in Estonia as Cyber Hermes OÜ. Deep working knowledge of DORA, NIS2, GDPR, EU AI Act, and SEC examination priorities — as practiced regulatory fluency, not theoretical familiarity.
Our approach
Every engagement is designed from the board's perspective — what they need to govern, what decisions they must make, and what regulators expect them to demonstrate.
Risk inventory, governance framework, regulatory map, board education, incident protocol — each element builds on the last. The result is coherent governance capability, not disconnected advice.
No technology to sell, no vendor partnerships that influence our recommendations. We are honest about what governance requires — even when that is inconvenient to hear.