Blog
Notes from the engagement, not the sales deck
Long-form notes on what useful offensive security work actually looks like — methodology, scoping discipline, reporting craft, and the market practices we think need calling out. Written for CISOs, Heads of Security, CTOs, and the engineers and platform teams behind them.
-
Practical guide ·
Financial-sector cybersecurity in Morocco: Bank Al-Maghrib and the DGSSI
Bank cybersecurity in Morocco: Bank Al-Maghrib’s Directive 3/W/2016, the mandatory penetration test, CERT-BAM, and the DGSSI overlap.
-
Practical guide ·
Penetration testing: types, methodology, process and cost
Penetration testing (pentest): what it is, how it differs from an audit, the types, methodology, process, cost and frequency — a guide for Morocco.
-
Practical guide ·
Video surveillance and the CNDP: what to declare in Morocco
Video surveillance in Morocco: must you declare CCTV to the CNDP, declaration vs authorization, image retention, and informing filmed people.
-
Practical guide ·
Declaring to Morocco's CNDP: forms, authorization, and timelines
How to declare a data processing activity to Morocco's CNDP: the forms (F211, F214, F112), a 24-hour receipt, prior authorization, and where to file.
-
Practical guide ·
Does the GDPR apply to a company outside the EU? The Morocco case
When does the GDPR reach a company in Morocco (or any non-EU country)? Territorial scope (Art. 3), the EU representative (Art. 27), and vs Law 09-08.
-
Practical guide ·
ISO 27001 in Morocco: certification, steps, cost and timeline
ISO 27001 in Morocco — what the standard is, how certification works, the Annex A 2022 controls, cost, timeline and the consultant’s role.
-
Practical guide ·
Phishing in Morocco: recognize an attack and protect your company
Phishing: how to recognize a fraudulent email, what to do if you clicked, and how to protect a company in Morocco.
-
Practical guide ·
Ransomware in Morocco: what to do in an attack and how to protect
Ransomware: what to do in the first hours of an attack, whether to pay, how to recover data, and how to protect a company in Morocco.
-
Practical guide ·
Morocco's CNDP and Law 09-08: a practical compliance guide for companies
CNDP declaration or prior authorization, processing inventory, security evidence and cross-border transfers — Law 09-08 explained for companies in Morocco.
-
Practical guide ·
Morocco's DGSSI, Law 05-20 and the DNSSI: what organizations actually have to do
Morocco's DGSSI, Law 05-20, the DNSSI directive and decree 2-21-406: who is in scope, what is required, and where to start for organizations in Morocco.
-
Buyer guide ·
Penetration testing buyer guide — what a useful pen test actually produces
Penetration testing buyer guide for CISOs and CTOs: the RFP questions to ask a provider, what a good report contains, and how to scope honestly.