Trusted Cybersecurity Partner Since 2019

CybersecurityConsulting.ProtectionbyDefault.

Expert cybersecurity consulting — Zero Trust architecture, security assessments, and ISO 27001 compliance to defend what matters most to your business.

> |
Get a Free AssessmentExplore Services
6+Years Experience
20+Assessments Done
100%Confidentiality
Industry-Proven Methodologies

Our areas of expertise

Security Consulting

Risk & Strategy

Threat Analysis

VAPT & CSPM

Zero Trust

Network Architecture

SIEM Solutions

Detection & Response

DevSecOps

Secure Pipelines

Cloud Security

AWS · Azure · GCP

Incident Response

Rapid Remediation

Vulnerability Mgmt

Continuous Scanning

Security Consulting

Risk & Strategy

Threat Analysis

VAPT & CSPM

Zero Trust

Network Architecture

SIEM Solutions

Detection & Response

DevSecOps

Secure Pipelines

Cloud Security

AWS · Azure · GCP

Incident Response

Rapid Remediation

Vulnerability Mgmt

Continuous Scanning

What We Do

Three Ways We Can Help You

Enterprise cybersecurity, modern web development, and hands-on IT support — tailored to your business or personal needs.

Web · Design & Development

Web Design & Development

Modern, fast websites and web applications built with clean code and thoughtful design — from landing pages and portfolio sites to custom web apps with full SEO and performance optimisation.

  • Custom website design and development
  • Landing pages, portfolios, and business sites
  • Web application development (Next.js, React)
  • SEO-optimised, responsive, and accessible
  • Performance, Core Web Vitals, and analytics setup
View web design servicesB2B · Europe

Cybersecurity Consulting

Strategic advisory, assessments, and engineering for organisations that need more than off-the-shelf security. From ISO 27001 gap analysis to Zero Trust architecture and SIEM deployment.

  • Security programme development & compliance advisory
  • Vulnerability assessments, red team, cloud security posture
  • SIEM / SOAR deployment and tuning
  • Secure web development, DevSecOps, SSO integration
  • Zero Trust & API security architecture
View all cybersecurity servicesLocal · Arad, România

IT Support & Hardware

Fast, reliable computer repair, hardware upgrades, and network setup for individuals and businesses in Arad city and county — on-site where you need us.

  • Computer & laptop diagnostics and repair
  • SSD, RAM, GPU, screen and keyboard replacement
  • Windows installation and software configuration
  • PC assembly to your spec and budget
  • Router, LAN cabling, and Wi-Fi setup
View IT support services
Get a Free Security Assessment

No commitment required — we'll assess your posture and outline next steps

6+

Years in Cybersecurity

20+

Security Assessments

100%

Client Confidentiality

24h

Response Time

Free Initial Assessment

Let's Discuss Your Security Posture

Every engagement starts with a no-obligation discovery call. We listen, assess, and propose a tailored plan — no generic checklists, no upselling.

  • Tailored compliance roadmapping and security advisory
  • Tailored roadmaps — no generic checklists
  • Confidential engagement, NDA on request
  • Response within 24 hours guaranteed
razvan@secforit.ro
Response within 24 hours

No spam. Confidential. NDA available on request.

Our Methodology

How We Secure Your Business

A proven four-phase engagement model — structured, transparent, and designed to deliver measurable security outcomes.

Step 01

Discovery & Assessment

We audit your current security posture, map your infrastructure, and identify gaps against ISO 27001, NIST, and SOC 2 requirements. You get a clear, prioritised risk register.

Step 02

Threat Modelling

Comprehensive vulnerability scanning, attack surface mapping, and threat modelling tailored to your industry. We identify how real adversaries would target your organisation.

Step 03

Implementation

Deploy security controls, SIEM configurations, Zero Trust policies, and DevSecOps pipelines. We work alongside your team, not around them.

Step 04

Continuous Protection

Ongoing monitoring, quarterly compliance reporting, and incident response planning. Your security posture improves continuously — not just at audit time.

root@kali
┌──(rootkali)-[~]
$ nmap -sS -sV 10.0.1.5
22/tcp ssh OpenSSH 8.9
3306/tcp mysql 8.0
$ sqlmap -u '?id=1'
[!] injectable param
$ msfconsole -q
msf6 > exploit/log4shell
Exploit blocked

Threat Actor

0xFF
0x90
0xCC
0xDE
0xAD
0xBE
0xEF
0x41
0x13
0x37
0xCA
0xFE
0xAB
0x99
0x7F
0xC0
0xD4
0x3E
0x0D
0x0A
0x80
0x1D
0xFA
0x00
0x4D
0x5A
0x7E
0xF4
0xEB
0xFE
0xBB
0xAA
\x90
\x41
\xCC
\xFF
\x00
\xEB
\x4D
\x5A
OR 1=1
' --
UNION
DROP
SELECT
INSERT
EXEC
xp_cmd
1=1--
';--
OR '1
AND 1=1
0x27
0x3D
eval()
exec()
system()
popen()
spawn()
WScript
cmd.exe
/bin/sh
powershell
%n
%x
%s
%p
%.8x
%%20
../
..\
..%2F
%2e%2e
%00
\0
\r\n
\n\r
'
&
\u0000
SYN
ACK
RST
FIN
PSH
\x03\xF0
\xFF\xFE
jndi:
${7*7}
{{7*7}}
<script>
<!--
]]>
<?php
<%=
Secure

Protected

About SECFORIT

Built on Zero Trust Principles

SECFORIT is a cybersecurity consulting firm with a simple belief: security should be foundational, not an afterthought. We apply industry-proven security methodologies alongside modern Zero Trust architecture to create protection strategies tailored to your organisation's risk profile.

From security assessments and SIEM deployment to DevSecOps and cloud security, we work alongside your team — not around it. Every engagement ends with measurable improvements in your security posture, not just a PDF report.

Our clients span financial services, SaaS platforms, healthcare technology, and critical infrastructure across Europe. Whether you're a startup building your first security programme or an established enterprise hardening an existing environment, we tailor every engagement to your industry's regulatory landscape and threat profile.

Founded in 2019 in Arad, Romania, SECFORIT was built on hands-on operational experience — not abstract theory. We have deployed SIEM platforms, designed Zero Trust network architectures, and remediated active security incidents for organisations of all sizes. That practitioner mindset means we deliver actionable outcomes: hardened configurations, validated controls, and clear evidence of reduced risk.

Security by Design

Protection built in from day one — not patched on at the end.

Zero Trust Architecture

Never trust, always verify. Every request authenticated.

Framework Compliant

Compliance roadmapping — a clear path from your current state to regulatory readiness.

Rapid Response

Fast incident response and clear escalation paths, always.

6+

Years in Cybersecurity

7+

Organisations Secured

20+

Security Assessments

100%

Client Confidentiality

Live Threat Intelligence

Latest Critical Vulnerabilities

Real-time CVE feed from NVD & CISA KEV. Stay ahead of active exploits.

Full threat feed in portal
CRITICAL · 9.915 Jan 2025

CVE-2024-57726

SimpleHelp Missing Authorization Vulnerability

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

SimpleHelp CISA KEV
CRITICAL · 9.89 Apr 2026

CVE-2026-39987

Marimo Remote Code Execution Vulnerability

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSocket endpoints (e.g., /ws) that correctly call validate_auth() for authentication, the /terminal/ws endpoint only checks the running mode and platform support before accepting connections, completely skipping authentication verification. This vulnerability is fixed in 0.23.0.

MarimoCISA KEV
CRITICAL · 1024 Jun 2025

CVE-2025-32975

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

QuestCISA KEV

60+ CVEs updated hourly in the client portal

Full feed · CTI report generation · Email alerts

Access Portal