Skip to main content
Senior-led · No juniors · Global reach

Enterprise Security & IT. No Enterprise Overhead.

Senior IT and security leadership — the kind that used to be out of reach for most businesses — now focused entirely on companies of 10–250 people. Infrastructure managed. Data protected. In English, German, or Croatian.

Free Discovery Call Our Services
Available in: EN DE HR
Services

Security. IT management. Fully managed.

From one-time assessments to full managed partnerships — every service is led by a named senior consultant and delivered with enterprise-grade rigour, sized for your business.

01 — CYBERSECURITY

Assess, test, govern, defend, respond, train.

Vulnerability Assessment

Find what attackers would

We run the same scans attackers do — and find what they'd exploit. Prioritised fix list, not a 300-page PDF.

Penetration Testing

Controlled attacks, real proof

We try to break in, show you exactly how we did it, then help you close the door. Real attacks, documented proof.

Security Consulting & ISMS

Zero Trust, ISMS, CISO-as-a-Service

Zero Trust architecture, ISMS design, and GRC frameworks built for your actual situation — not a Fortune 500 template.

Compliance, GRC & Audit

NIS2 · GDPR · ISO 27001

NIS2 fines reach €10M. We map what applies to your business, close the gaps, and produce documentation that holds up.

Incident Response

4-hour activation

4-hour response activation. Containment, forensics, EU authority breach notification — we handle it while you focus on running the business.

Security Awareness Training

Role-specific, measured, repeated

1 in 3 employees clicks a phishing link. After our training, yours won't. Real simulations, role-specific, measurable.

02 — IT & MANAGED

Your IT function — fully operated, not half-outsourced.

IT Maintenance & Support

Reactive IT is expensive and disruptive. We handle patches, hardware lifecycles, and day-to-day issues before they surface — so your team stops firefighting and gets back to work.

CloudOn-Prem

Managed IT Services (MSP)

Full outsourced IT management — infrastructure, users, vendors, projects. Enterprise-grade operations without the enterprise headcount.

CloudHybridOn-Prem

Managed Security Services (MSSP)

Continuous monitoring, threat detection, and response — your dedicated security operations capability without building a SOC in-house.

CloudOn-Prem24/7
See full scope and deliverables for each service
How we work

Four phases. No surprises. No retainer lock-in.

Same methodology whether you're running a 20-person SaaS or a 200-person manufacturer.

  1. 01 30 min

    Discovery

    A real conversation, not a pitch.

    We talk through your operations, sector, regulatory scope, and what's actually keeping you up at night. No forms, no qualification filters — if we can't help, we say so.

  2. 02 1–2 weeks

    Baseline

    We map your actual attack surface.

    Automated scans plus manual review — external, internal, cloud, and process. Every finding verified and ranked by business impact, not CVSS alone.

  3. 03 2–12 weeks

    Fix

    We fix it with you — and verify it's actually fixed.

    We don't hand over a PDF and vanish. A named senior consultant works alongside your team, tackles blockers, and closes findings in order of actual risk — then confirms the fix holds.

  4. 04 Ongoing

    Verify

    Re-test, then retainer — only if it makes sense.

    We re-validate every fix. Then we tell you honestly whether an ongoing relationship adds value, or whether you're fine without us. Most clients stay. Some don't need to.

Active breach? Incident response engagements skip phases 01–02. Activation in under 4 hours — forensics and containment first, everything else second.

Incident response
Why Lockpoint

Most providers do IT or security.
We do both — properly.

Four reasons clients choose us for IT and security — and stay long after the first engagement.

01

Enterprise credentials, SME focus

Our team has held the CIO and CISO roles your board holds leadership accountable for. That experience now protects companies of 10–250 people — where it has far greater impact per person.

02

One partner for security & IT

Pure-play security firms can't run your IT. MSPs bolt security on as an afterthought. Lockpoint does both — Zero Trust architecture, ISMS, and full managed IT/MSSP, under one roof.

03

No juniors. Real accountability.

The consultant you meet is the consultant who does the work. Every engagement has a named senior consultant responsible for your outcome — and we verify results, not just report them.

04

Trilingual. Cross-border.

We work in Croatian, English, and German — across Southeast Europe, the DACH region, and beyond. Backed by a trusted international network of specialists, we can cover any scope, in the right language.

About

Built on enterprise experience.
Sized for businesses that actually need it.

Our team brings 15+ years of experience leading IT and security at global organisations — enterprise infrastructure, Zero Trust architectures, ISMS programmes, GRC across multiple jurisdictions. We apply that same depth to the 10–250-person companies that rarely get access to it.

No junior staff. No recycled Fortune 500 templates. No 300-page PDFs nobody reads. And when a need falls outside our core team, we tap a trusted international network of specialists — so you always get the right expertise.

Our story & methodology What we deliver

Sectors we work with

8
Financial services
SaaS & technology
Manufacturing
Healthcare & life sciences
Professional services
Logistics & retail
Public sector suppliers
Critical infrastructure
Regulated or not. NIS2 relevant or not. 10–250 FTE
FAQ

Questions worth answering up front.

If yours isn't here, we'll answer it on the discovery call. In plain language.

We're only 30 people. Isn't enterprise-grade security overkill?

It's the opposite. Enterprises have layered defences, dedicated teams, and cyber-insurance. A 30-person company rarely does — which makes a single incident existential. Enterprise discipline, right-sized to your operation, is exactly what SMEs need.

Do we fall under NIS2? What happens if we don't comply?

NIS2 applies far more broadly than its predecessor — essential and important entities across 18 sectors. Penalties reach €10M or 2% of global turnover. The first step is a scoping review: we tell you in writing whether you're in scope, what controls apply, and the realistic effort to meet them.

What's the difference between vulnerability assessment and penetration testing?

A vulnerability assessment is broad and automated — it maps known weaknesses. A penetration test is narrow and manual — a senior practitioner chains real exploitation techniques to prove impact. Most SMEs start with an assessment, then run targeted pentests annually or before major releases.

Can you work with our existing IT provider or in-house team?

Yes. We can sit alongside your MSP or IT team as security specialists, or take over the full IT function if that's simpler. We'll tell you honestly which model fits.

How much does a typical engagement cost?

Project work is fixed-fee once we understand scope — no hourly billing surprises. Managed services are monthly, sized to your environment. We give you a clear number after the discovery call, and we'll tell you honestly if a cheaper option serves you better.

Do you operate outside Southeast Europe?

Yes. We're based in Split, Croatia, but engagements span the EU, the DACH region, the UK, and beyond. Assessments and advisory work are fully remote; on-site presence is coordinated per engagement.

Free · No commitment · No sales pitch

Not sure where your biggest risk is?

That's exactly what the first call is for. We'll ask the right questions, tell you honestly where you stand, and outline what's actually worth addressing — no jargon, no upsell.

Book Free Consultation hello@lockpoint.hr

Response within 24 hours · Southeast Europe · Senior practitioners only