cyberops.ch

What It Is

CyberOps Advisory is an independent cybersecurity advisory firm based in Zurich, Switzerland. It provides strategic cybersecurity consulting for boards, executives, CISOs, and security leaders. It is not a security software product or managed platform; rather, it is a high-end advisory service centered on founder Mark Barwinski’s senior-level experience, with a background spanning intelligence, consulting, industrial, and financial environments including the NSA, PwC Switzerland, Siemens, and UBS.

Core Capabilities

In terms of protection and advisory coverage, CyberOps offers virtual CISO services, board-level cyber risk briefings, maturity and risk assessments, regulatory compliance, security transformation, incident response coordination, OSINT, and post-quantum cryptography readiness. Its assessment frameworks include NIST CSF, ISO 27001, SOC-CMM, and MITRE ATT&CK. Around European regulatory requirements such as DORA, NIS2, FINMA, and GDPR, it provides gap analysis, remediation roadmaps, and audit preparation. Its PQC offering is a notable differentiator, covering cryptographic asset inventories, alignment with NIST PQC/CNSA 2.0, crypto-agility assessments, and migration roadmaps.

Deployment and Management Model

The service is primarily delivered as consulting engagement, either on-site or virtually. Virtual CISO support is typically delivered on a monthly or biweekly retainer basis, at around 2 to 5 days per month, and can also be expanded into an interim full-time CISO role. Risk assessments are usually 3 to 6 week projects; compliance consulting runs 4 to 12 weeks; and security transformation engagements may last 3 to 12 months. Deliverables emphasize board-readable reporting, governance cadence, risk summaries, investment prioritization, and support for regulatory communications. However, the public materials do not indicate any dedicated alerting platform, API, or SaaS console capabilities.

Pricing and Value for Money

The website does not disclose specific pricing. It only states that engagements may be structured as retainers, fixed-scope projects, on-demand consulting, or milestone-based work. Given its positioning as a senior expert-led service, costs are likely closer to boutique consulting or premium independent advisory than standardized tool subscriptions. It offers strong value for organizations that need board-level judgment, regulatory interpretation, and security organization redesign. If the main requirement is vulnerability scanning, EDR, WAF, or managed SOC services, it is not the most direct fit.

Pros, Cons, and Best Fit

Its strengths are that it is independent and vendor-neutral, emphasizes no subcontracting, can translate technical risk into the language of business decision-making, and has experience in European financial regulation and post-quantum security. Its drawbacks are opaque pricing, delivery capacity that may be constrained by the founder and partner network, and the lack of publicly named customer references. It is best suited for mid-sized companies, financial institutions, critical infrastructure operators, growth-stage firms, organizations without a dedicated CISO, and teams that need to explain cybersecurity governance maturity to boards or regulators, especially in Europe and the DACH region.

Access from China and Alternatives

Access from mainland China, payment methods, and local delivery capabilities are not specified in the available materials, so these remain unknown. For Chinese companies with EU-related operations, DORA/NIS2/FINMA requirements, or cross-border security governance needs, CyberOps Advisory may serve as a useful European expert advisory supplement. If the need is local Chinese MLPS compliance, critical information infrastructure protection, data export compliance, or on-site delivery in China, domestic security vendors and consultancies such as Qi An Xin, NSFOCUS, DBAPPSecurity, Venustech, and Topsec may be more appropriate.