About us

Origin story

CyberArrange was founded through a combination of research work and practical cybersecurity consulting.

Part of the team comes from research connected to the Faculty of Electrical Engineering and Computing, University of Zagreb, where work on automated IT system modeling and cyber range preparation led to the idea of building tools that make realistic cybersecurity exercises easier to prepare and repeat.

At the same time, work with micro and small businesses, as well as with organizations in regulated environments, showed a different problem. Many organizations know they need better cybersecurity, but do not have the internal capacity, time, or specialist knowledge to implement it properly. Small businesses are often forced to use solutions designed for much larger organizations, while operators of critical infrastructure face increasing regulatory and security requirements without always having the tools to test their real readiness.

CyberArrange was created to address both sides of this problem. We provide practical cybersecurity services that help organizations improve their security today, while developing technology that makes testing, training, and system modeling more efficient in the long term.

Problems we solve

In most organizations, cybersecurity problems are not caused by a complete lack of controls, but by gaps between documentation, technical reality, and actual preparedness.

For micro and small businesses, the challenge is usually proportionality. Legal obligations exist, but available solutions are often too complex, too expensive, or not adapted to the way small organizations actually work.

For operators of critical infrastructure and other regulated sectors, the situation is different. Controls may already exist, but it is often unclear how exposed the organization really is, whether procedures would work during an incident, and whether compliance work actually improves resilience.

We help organizations deal with problems such as:

  • unclear visibility into real technical risk
  • security measures that exist on paper but are weak in practice
  • compliance efforts that do not reflect the actual system
  • lack of time and internal capacity for testing and improvement
  • incident response procedures that have never been exercised realistically

Our work focuses on assessment, testing, implementation of safeguards, training, and advisory based on the real environment the organization operates.

Our skills

Our work combines practical cybersecurity consulting, hands-on technical work, and research-driven development.

We work with micro and small businesses, as well as with organizations in regulated and critical sectors, helping them understand their exposure, implement necessary safeguards, and test their readiness under realistic conditions.

Our experience includes:

  • security assessment, vulnerability scanning, and security testing
  • implementation of technical and organizational security measures required under GDPR Article 32
  • secure system configuration, access control, encryption, and backup design
  • training for non-technical staff, management, and technical teams
  • tabletop exercises and cyber range simulations
  • advisory related to NIS2 and security requirements for critical infrastructure
  • development of automated tools for system modeling and cybersecurity exercises

Our work related to GDPR focuses on the technical side of data protection — implementing safeguards such as access control, encryption, secure communication, and backup systems.
We do not provide legal interpretation of data protection law, but we implement the technical measures organizations are expected to have in place.

Part of our work is also research and development.
CyberArrange originated from research connected to the Faculty of Electrical Engineering and Computing, University of Zagreb, and we continue to develop our own tools for automated cyber range preparation, infrastructure modeling, and AI-assisted scenario generation.

Our goal is not only to deliver reports, but to help organizations become more secure and more capable of managing risk on their own.

Contact

info@cyberarrange.com

You can follow our Daily Cybersecurity News digest at cyberarrangedaily.substack.com.

Company info

CyberArrange Security Solutions Llc for computer services

Gabonjin 1a, Gabonjin

Registered in the Court Register of the Commercial Court in Rijeka

Company registration number (MBS): 040454331

VAT number: HR22364187135

IBAN: HR0524020061101158779, Erste & Steiermärkische Bank d.d.,
Jadranski trg 3A, 51000 Rijeka, Croatia

Share capital: EUR 2,500.00, fully paid

Director: Ivan Kovačević