20 November 2025·14 weeks

NIS2 readiness for a Hungarian energy SME · passed first audit on schedule

Name: First Kibertan-Act audit: passed · zero critical findings, 3 minor.
Item: NIS2 readiness for a Hungarian energy SME · passed first audit on schedule
Rating: 5
Author: Anonymised Hungarian energy SME

Turned a manually-maintained energy-sector SME into a NIS2-ready organisation in 14 weeks · from gap assessment to passing the first Kibertan-act audit on schedule.

THE PROBLEM

[1/3]

01NIS2 transposition made the company an 'important entity' overnight · unprepared.
02Existing IT: flat network, mixed patch status, no SIEM, no incident runbooks.
03Supply chain had 4 third-party ICT vendors without DPAs or security review.
04Budget was tight; buying enterprise tooling wasn't an option.

THE SOLUTION

[2/3]

Gap-assessment against NIS2 + Kibertan Act · prioritised 42-point roadmap.
Network segmentation via pfSense + Tailscale for OT/IT separation.
Wazuh SIEM + Elastic Security for log aggregation + detection rules.
Vendor security review process + DPA rollout to the 4 third parties.
Incident-response runbook + quarterly tabletop exercises.

Technologies

WazuhElastic SecuritypfSenseTailscaleVault

THE OUTCOME

[3/3]

01First Kibertan-Act audit: passed · zero critical findings, 3 minor.
02MTTR on simulated incidents: 4h → 45min.
03Vendor security coverage: 0% → 100% with signed DPAs.
04Security spend < 1% of revenue · no enterprise tool upgrade needed.

Let's get started.

Send an email or book a 30-minute call.

Start a project Back to case studies