Device Services Training Team Compliance
Operational · DACH · Spain · LATAM · Italy

Offensive Security. Zero Tolerance. Real Results.

Hardware pentesting, NIS2 compliance, managed cyber defence — delivered by a team that combines legal expertise, offensive security, and deep regulatory knowledge.

NIS2 ISO 27001 ISO 42001 DORA Red Team RFID / RF IoT Security
View Services
sonvidas-scan — bash
root@sonvidas:~$ ./audit --target client.net --mode full
Scope authorized · SoW signed
WiFi scan: 3 rogue APs detected
! RFID badge cloneable in 4.2s
IoT sweep: 12 unpatched devices
NIS2 gap analysis: running
! Critical findings: 3 · High: 7
Report ETA: 72h
root@sonvidas:~$
2015.
Founded · Active since
4×
Markets · DACH · ES · LATAM · IT
72h
Max report delivery
100%
Authorized engagements only
Managed Security Device

Your Network. Always Watched.

A preconfigured hardware security device — deployed on-site, maintained remotely by Sonvidas. Monthly security checks, firmware updates, and anomaly reports included.

[DEVICE_NAME]
by Sonvidas · Managed Security Hardware
Platform
Raspberry Pi
RF Tool
Flipper Zero
IDS Engine
Suricata / Zeek
Updates
Monthly · Remote
WiFi Scan
Continuous
RF / RFID
SubGHz · NFC · BLE
System active · Monitoring

One Device. Full Visibility.

We configure, harden, and ship the device. You plug it in. We monitor. Every month you receive a plain-language anomaly report — what was detected, what it means, what to do.

No IT department required. No complex setup. Built for SMEs that need enterprise-grade visibility without enterprise-grade overhead.

  • Hardware Preconfigured, hardened, ready to deploy
  • Monthly check Security scan, firmware update, anomaly review
  • Report Plain-language PDF for management, not IT
  • NIS2 evidence Logs and reports usable in compliance audits
  • Incident alert Critical findings notified within 4 hours
Hardware (one-time)€ 490 – 890
DACH · Monthly retainer€ 300 – 800 / mo
Spain · Monthly retainer€ 200 – 500 / mo
Italy · Monthly retainer€ 200 – 500 / mo
LATAM · Monthly retainer$ 300 – 800 / mo
Services

Offensive. Compliant. Delivered.

Fixed-price assessments. No lengthy procurement. Signed Scope of Work before any testing begins.

📡
1–2 days on-site

WiFi & Network Spot Audit

WPA handshake capture, rogue AP detection, open port sweep, deauth test. PDF report included within 3 days of visit.

DACH€ 1,500 – 4,000
Spain / Italy€ 900 – 2,500
LATAM$ 800 – 2,000
🔑
1 day on-site

Physical Access / RFID Audit

RFID/NFC badge cloning test, door reader assessment, SubGHz gate replay. Live demo included. Report within 2 days.

DACH€ 2,000 – 5,000
Spain / Italy€ 1,200 – 3,000
LATAM$ 1,500 – 5,000
🎣
5–7 days remote

Phishing & Awareness Campaign

Evil twin + captive portal setup, simulated phishing wave, click-rate report for management. Campaign runs 3–5 days.

DACH€ 1,800 – 3,500
Spain / Italy€ 1,000 – 2,500
LATAM$ 500 – 2,000
📷
2–3 days on-site

IoT / Smart Office Audit

Scan printers, IP cameras, smart locks, building automation. BLE + SubGHz sweep. Strong NIS2 / ENS compliance angle.

DACH€ 2,500 – 6,000
Spain / Italy€ 1,500 – 4,000
LATAM$ 1,500 – 5,000
🎯
Half or full day

Executive Awareness Workshop

Live hardware demos for management. Badge clone, rogue hotspot, IR hijack — risk explained in plain language. No IT background needed.

DACH€ 1,500 – 4,000
Spain / Italy€ 800 – 2,500
LATAM$ 500 – 2,000
🛡️
Documentation

NIS2 / ISO Gap Analysis

Structured gap analysis against NIS2, ISO 27001, or DORA. Prioritized findings with business impact. Executive summary included.

DACH€ 2,500 – 5,000
Spain / Italy€ 1,500 – 3,000
LATAM$ 1,000 – 3,000
🔬
2–4 weeks

SME Network Pentest

Internal + external scope, grey box methodology. CVSS-rated findings with remediation steps. NIS2 / ISO 27001 / ENS evidence report. One re-test included.

DACH€ 5,000 – 15,000
Spain / Italy€ 2,500 – 8,000
LATAM$ 2,000 – 6,000
🔴
4–8 weeks

Red Team Engagement

Combined physical + network. Pi dropbox implant on-site, Flipper for physical bypass, remote exfil simulation. Full kill-chain narrative in final report.

DACH€ 8,000 – 25,000
Spain / Italy€ 4,000 – 12,000
LATAM$ 3,000 – 10,000
📊
Monthly · Recurring

Network Sensor / IDS Monitoring

Raspberry Pi running Suricata/Zeek on-prem. Monthly anomaly report. Optional quarterly vuln scan add-on. Low churn, easy to scale across multiple sites.

DACH€ 300 – 800 / mo
Spain / Italy€ 200 – 500 / mo
LATAM$ 300 – 800 / mo
⚖️
Monthly · Recurring

Compliance Advisory Retainer

Ongoing NIS2 / ISO 27001 / DORA advisory. Regulatory updates, policy reviews, incident readiness. Quarterly management report included.

DACH€ 1,500 – 3,500 / mo
Spain / Italy€ 800 – 2,000 / mo
LATAM$ 800 – 2,000 / mo
In-House Training

Knowledge is Defence.

All training delivered in-house at your premises. Available in German, English, Spanish, Italian. Custom formats on request.

01 /

Executive Cyber Risk Briefing

Live hardware demonstration for C-level and board. Badge cloning, rogue hotspot, IR device hijack — cyber risk made tangible. No IT knowledge required. Designed to trigger board-level decision-making on cybersecurity investment.

Half day · 4h C-Level · Board · GF DE · EN · ES · IT
DACH€ 2,500 – 4,500
Spain / Italy€ 1,500 – 2,800
LATAM$ 1,000 – 2,500
02 /

NIS2 & ISO 27001 Compliance Workshop

Structured full-day workshop for compliance, legal, and IT leadership. Covers NIS2 obligations, ISO 27001 control mapping, personal liability of management under §38 BSIG, and practical implementation roadmap. Includes gap assessment workbook.

Full day · 8h Compliance · Legal · IT Lead DE · EN · ES · IT
DACH€ 3,500 – 6,000
Spain / Italy€ 2,000 – 3,500
LATAM$ 1,500 – 3,000
03 /

Physical Security Awareness

Hands-on half-day training covering physical attack vectors: RFID badge cloning, tailgating, social engineering, rogue device placement. Live demonstrations with Flipper Zero. Participants learn to recognize and report physical security incidents.

Half day · 4h All staff · Security team DE · EN · ES · IT
DACH€ 2,000 – 3,500
Spain / Italy€ 1,200 – 2,200
LATAM$ 800 – 2,000
04 /

Phishing & Social Engineering Defence

Interactive full-day training for all employees. Covers phishing recognition, evil twin attacks, vishing, pretexting. Includes a live simulated phishing exercise during training. Practical decision trees for reporting. Measurable awareness uplift.

Full day · 8h All employees DE · EN · ES · IT
DACH€ 3,000 – 5,500
Spain / Italy€ 1,800 – 3,200
LATAM$ 1,200 – 2,500
05 /

IoT & Connected Device Security

Technical full-day training for IT teams. Covers IoT attack surfaces, BLE/SubGHz vulnerabilities, network segmentation, firmware analysis basics. Live device scanning session included. Directly mapped to NIS2 supply chain and asset management requirements.

Full day · 8h IT teams · OT teams DE · EN · ES · IT
DACH€ 3,500 – 6,000
Spain / Italy€ 2,000 – 3,800
LATAM$ 1,500 – 3,000
06 /

AI Governance & Cyber Risk

Strategic half-day briefing for C-level on AI governance frameworks (ISO 42001), regulatory obligations under DORA and NIS2, and emerging AI-specific attack vectors. Covers management liability, vendor AI risk, and practical governance decisions. Based on current academic research.

Half day · 4h C-Level · Compliance · Legal DE · EN · ES · IT
DACH€ 2,800 – 5,000
Spain / Italy€ 1,800 – 3,000
LATAM$ 1,200 – 2,500

All prices exclude travel & accommodation. Multi-session and multi-language discounts available. Custom formats on request.

The Team

Legal. Technical. Operational.

Two complementary profiles. One delivers strategic compliance and regulatory expertise. The other delivers hands-on technical implementation and DACH market execution.

Natalia Riveros

Natalia Riveros

Strategy · Compliance · Research International · LATAM · Europe

Legal and cybersecurity background. Specialisation in NIS2, ISO 27001, ISO 42001, DORA, and critical infrastructure security. Speaker at E-world energy & water 2025 and 2026. Accepted research presenter at WINIR Conference 2026 on AI governance and regulatory fragmentation.

NIS2 ISO 27001 ISO 42001 API Security E-world Speaker WINIR Research
MG

Mike G.

Technical Implementation · DACH DACH · Germany · Austria · Switzerland

Hands-on technical implementation and DACH market execution. Hardware security specialist with Raspberry Pi and Flipper Zero toolstack. Native German speaker with deep understanding of Mittelstand culture, regulatory context, and client expectations in the DACH region.

Kali Linux Raspberry Pi Flipper Zero RF / RFID DACH Markets German Native
Regulatory Coverage

Every Framework. One Team.

All Sonvidas engagements produce evidence-ready documentation aligned with applicable regulatory frameworks.

🇪🇺
NIS2
EU Network & Information Security Directive · In force Dec 2025
🔒
ISO 27001
Information Security Management System · International standard
🤖
ISO 42001
AI Management System · Governance & risk for AI systems
🏦
DORA
Digital Operational Resilience Act · Financial sector
🛡️
BSIG / BSI
German NIS2 implementation · KRITIS regulation
🇪🇸
ENS
Esquema Nacional de Seguridad · Spain public sector
🌍
GDPR
General Data Protection Regulation · EU / EEA
💳
PCI DSS
Payment Card Industry Data Security Standard

Ready to find your real vulnerabilities?

No unsolicited proposals. Every engagement starts with a signed Scope of Work. Contact us to schedule a scoping call.