01 · Red Team
Offensive operations
Adversary-simulated operations, physical intrusions, phishing campaigns and cloud exploitation – run by operators who think like attackers, not auditors.
Operators in Podgorica (HQ) & Belgrade
Operator led cyber defence
for real incidents
Balkan resilience. Israeli discipline. One integrated cyber unit.
BKK is a field team of senior red teamers, DFIR leads and detection engineers that plugs into banks, fintech, critical infrastructure and other high-risk organisations across the Balkans and Europe.
Operators with backgrounds in intelligence services, DFIR and high-risk investigations, used to politically sensitive incidents.
Response time
24/7
24/7 availability for critical incidents across our operating regions.
Adversary
180+
Attack paths mapped across banks, fintech, healthcare and critical infrastructure in the region.
DFIR hours
12k+
Field-proven expertise in ransomware, BEC, insider threats and cloud-native compromise scenarios.
Briefings
80+
Board and regulator sessions that convert technical findings into clear, accountable decisions.
Red Team
Full-scope adversary simulations across identity, endpoints, cloud and physical security.
DFIR
Rapid triage, containment and forensics, with evidence preserved for legal and regulatory needs.
SOC + Hunt
Detection engineering and threat hunting to harden your monitoring stack against real attackers.
Advisory
Pragmatic guidance for CISOs who defend complex organisations under real-world constraints.
What BKK brings to the table
02 · DFIR
Digital forensics & IR
From ransomware to stealthy BEC and insider threats, our DFIR team handles containment, eradication, evidence preservation and board-grade reporting.
03 · SOC
SOC augmentation
Threat hunting, detection engineering and purple team exercises that convert theory into improved detection rules across your stack.
04 · Advisory
Cyber advisory
Design reviews, architecture hardening and security leadership mentoring for CISOs tasked with defending complex organisations.
OPERATIONS · SERVICES & COMPLIANCE CATALOGUE
One unit covering operations, architecture and regulation
BKK combines offensive operators, DFIR specialists, threat hunters and cyber strategists with GDPR / DORA / NIS2 competence. We work out of Podgorica (HQ) and Belgrade, with projects across Montenegro, Serbia, Bulgaria and Israel.
Offensive testing & Red Team
Campaigns that emulate real attackers, not checkbox pentests.
- · Full-scope Red Team operations (identity, endpoint, cloud, physical).
- · Infrastructure and application penetration testing.
- · Social engineering and phishing campaigns.
- · Cloud and SaaS security assessments (Microsoft 365, Azure, AWS, Google Workspace).
DFIR & incident response
Structured response led by senior incident commanders.
- · Ransomware, BEC and data theft investigations.
- · Root cause analysis and containment strategy.
- · Forensic acquisition and evidence preservation for legal and regulatory processes.
- · IR retainers with clear SLAs and predefined communication channels.
SOC, advisory & compliance
From detection engineering to regulatory readiness for GDPR, DORA and NIS2.
- · Threat hunting and SOC augmentation (on-prem and MSSP models).
- · Cyber advisory, architecture reviews and security roadmap design.
- · GDPR consultancy: data mapping, TOMs, DPIA support, DPO-as-a-service.
- · DORA and NIS2 readiness: gap analysis, control implementation and board reporting.
- · Alignment with ISO 27001 and sector regulators (financial, telco, healthcare, critical infrastructure).
REGIONAL FOOTPRINT · STRATEGIC RELATIONSHIPS
Countries we operate in and maintain high-profile relationships with
Our primary operations are run from Podgorica (HQ) and Belgrade, with long-term engagements across Montenegro, Serbia, Bulgaria and Israel.
Montenegro
Serbia
Bulgaria
Israel
FOUNDERS · NATIONAL SECURITY ORIGINS
Led by officers from counter-terrorism and national security
BKK was founded by operators who have planned and commanded counter-terrorism and national security missions where failure was not an option. They are used to real adversaries, classified briefings and decisions under political pressure. We bring that discipline into your environment: we state risks plainly, escalate when it matters and stand behind our assessments when they are challenged.
PARTNERS
Tooling and platforms we work with
We integrate deeply with your existing stack and routinely operate with the following vendors.
CLIENT PROFILE · REGULATED & HIGH-IMPACT ENVIRONMENTS
Built for organisations that cannot afford improvisation in cyber defence
BKK primarily serves organisations where cyber risk is tightly linked to financial stability, public trust or safety of life. Engagements are led by senior operators and advisors with combined offensive, DFIR, SOC and regulatory experience.
We work in close coordination with internal security, risk and compliance teams, as well as external stakeholders such as regulators, auditors and insurers. Our mandate is to add clarity, structure and predictability to how cyber incidents and transformation programmes are executed.
Typical sectors we support
- · Banks, payments providers and fintech platforms.
- · Telecom operators, ISPs and managed service providers.
- · Healthcare institutions and medical networks.
- · Critical infrastructure and utilities.
- · Public sector bodies with high-value data and citizen services.
For selected clients, we maintain long-term partnerships that combine offensive testing, incident response readiness, SOC augmentation and GDPR / DORA / NIS2 advisory into a single, coherent workstream.
Commercial advantage
Lower total cost, faster delivery, stronger assurance
Our engagements are typically priced 20–30% below comparable providers and delivered 30–40% faster. We are also the first firm in the region to offer year-long contracts with monthly penetration tests, enabling PCI-DSS clients to meet quarterly audit requirements with minimal operational overhead.