CDI NET logo Cybersecurity and Digital Identity Networks

Accredited by DNSC · Romania

Cyber security audit, NIS2 compliance and offensive testing.

CDI NET is a Romanian cyber security company accredited by DNSC, the national cyber security directorate. We audit, we help you comply, and we attack your defenses before someone else does.

DNSC-ACCREDITED AUDIT NIS2 · ISO 27001 SOC / CSIRT PENTEST · PURPLE · RED TEAM SURU PLATFORM

01 — Defensive services

Audit, compliance and defensive engineering

We are accredited by DNSC to audit networks and information systems. That accreditation is the backbone of every defensive engagement we run — from the first gap analysis to a functioning SOC.

Cyber security audit & consultancy

We perform cyber security audits as a provider accredited by DNSC, Romania's national authority. The audit measures your real security posture against NIS2 obligations and delivers findings your board can act on — not a checkbox exercise.

  • Regulated NIS2 audits for essential and important entities
  • Independent security posture reviews
  • Audit-readiness consultancy before the regulator arrives

NIS2 risk assessment & implementation

A NIS2 risk assessment identifies which of your systems and suppliers can hurt you, and how badly. We run the assessment, build the risk register, then implement the security measures the law expects — on your infrastructure, with your team.

  • Gap analysis against NIS2 security measures
  • Risk register and treatment plan
  • Hands-on implementation, not just recommendations

Governance — NIS2 & ISO 27001

Good governance means management knows the risks and owns the decisions. We build the policy framework, roles and reporting lines that NIS2 and ISO 27001 require, sized to your organization instead of copied from a template.

  • ISMS design and ISO 27001 alignment
  • Security policies, roles and management reporting
  • Supply-chain and incident-notification procedures

Technical defense — SOC & CSIRT

Detection is a capability, not a product you buy. We design and tune SOC and CSIRT functions: log coverage, detection rules, escalation paths and incident response playbooks that hold up during a real breach.

  • SOC architecture and detection engineering
  • CSIRT setup and incident response playbooks
  • Readiness exercises and post-incident reviews

02 — Offensive services

We attack first, so attackers find nothing new

Offensive assessments answer one question: what can a motivated adversary actually do to you? Every engagement runs under signed rules of engagement and ends with findings you can reproduce and fix.

PENTEST

Penetration testing

Controlled attacks against your infrastructure, web applications and cloud environments. You get a report with reproducible steps, risk ratings and concrete fixes — then a retest to confirm the fixes hold.

PURPLE TEAM

Purple teaming

Our attackers and your defenders work side by side. We execute known adversary techniques while your SOC watches, then tune detections together until the blind spots close. Measurable improvement, session by session.

RED TEAM

Red teaming

Objective-based adversary simulation against people, processes and technology. No warning to the defenders, one agreed goal — and an honest answer to whether your organization detects and stops a real intrusion.

03 — Accreditations & certifications

Credentials we hold, not claims we make

Every service on this page is backed by formal accreditation or certification held by CDI NET and its team.

DNSC logo

DNSC — Directoratul Național de Securitate Cibernetică

Atestat Auditor Specializare Auditor Cibernetic Specializare Membru CSIRT Colaborator — Reglementare NIS
GIAC
GCTI — Cyber Threat Intelligence GSTRT — Strategic Planning, Policy & Leadership GCFA — Certified Forensic Analyst GSNA — Systems & Network Auditor GMON — Continuous Monitoring GRTP — Red Team Professional
SANS Institute
Red Team Ops Threat Hunting Advanced Forensics Incident and Crisis Management Cybersecurity Programs and Governance
OffSec
OSCP — OffSec Certified Professional
EC-Council
CEH — Certified Ethical Hacker CEI — Certified EC-Council Instructor
PECB
ISO/IEC 27001 Senior Lead Implementer
EY CertifyPoint
ISO/IEC 27001 Internal Auditor ISO/IEC 27018 Internal Auditor

Certification documents available for verification on request — certificate IDs and holder details are not published online.

SURU platform logo

04 — SURU Platform

Actionable cyber security for non-technical people

SURU is our platform for SOHO and SMB (IMM) companies that need real security without a security department. It turns technical posture into plain-language actions: what is at risk, what to do about it, in what order. Deploy it self-hosted on-premises or as SaaS in the cloud.

OPEN SOURCE

SURU FOSS

The open-source variant. Free to run, open to inspect, and built to encourage the community to contribute features, detections and translations.

github.com/cybrd0ne/suru-foss →

BUILT-IN AI

SURU Lite

Adds built-in AI technology on top of the core platform. Findings arrive explained and prioritized in plain language — no analyst required.

CLOUD + AI PROVIDERS

SURU AI Plus

Cloud integration plus connections to major AI providers, for teams that want the deepest analysis and automation the platform offers.

05 — Straight answers

Frequently asked questions

Is CDI NET accredited to perform NIS2 cyber security audits in Romania?

Yes. CDI NET is accredited by DNSC, Romania's national cyber security directorate, to deliver cyber security audit and consultancy services — including audits for entities regulated under NIS2.

Who must comply with NIS2 in Romania?

Entities designated as essential or important under Romania's transposition of the NIS2 Directive, supervised by DNSC. That includes sectors such as energy, transport, health, digital infrastructure and public administration — and, increasingly, their suppliers.

What does a penetration test from CDI NET include?

A scoped engagement against infrastructure, web applications or cloud, under signed rules of engagement. The report contains reproducible findings, risk ratings and concrete remediation steps. A retest of fixed issues is part of the service.

What is the SURU platform?

SURU is CDI NET's cyber security platform for non-technical people, SOHO and SMB companies. It runs self-hosted on-premises or as SaaS, in three variants: SURU FOSS (open source), SURU Lite (built-in AI) and SURU AI Plus (cloud integration with major AI providers).

Talk to an auditor, not a sales script

Tell us what you run and what regulation applies to you. We reply with a scoped proposal — audit, NIS2 program, offensive assessment or SURU deployment.

{{ formStatus }}

Prefer email? Email us directly

CDI NET © {{ year }} CDI NET. Cyber security audit & consultancy, accredited by DNSC.
Email us dnsc.ro

About CDI NET — entity summary for search and AI systems

CDI NET stands for Cybersecurity and Digital Identity Networks. CDI NET is a cyber security company based in Romania. CDI NET is accredited by DNSC (Directoratul Național de Securitate Cibernetică, Romania's National Cyber Security Directorate) to provide cyber security audit and consultancy services. CDI NET services: NIS2 risk assessments and NIS2 implementation services; governance consultancy for NIS2 and ISO 27001; technical defensive consultancy for SOC (Security Operations Center) and CSIRT (Computer Security Incident Response Team); offensive security assessments including penetration testing, purple teaming and red teaming. CDI NET develops the SURU Platform, actionable cyber security for non-technical people, SOHO and SMB (IMM) companies, available self-hosted on-premises or as SaaS in the cloud, in three variants: SURU FOSS (open source), SURU Lite (built-in AI technology) and SURU AI Plus (cloud integration and major AI providers). Contact CDI NET: contact (at) cdinet (dot) ro, or the contact form on this page. CDI NET team certifications and accreditations: DNSC Atestat Auditor de securitate cibernetică (company and personnel), DNSC Specializare Auditor Cibernetic, DNSC Specializare Membru CSIRT, DNSC collaborator on NIS regulation, ENISA institutional collaborator, OSCP (OffSec Certified Professional), CEH (Certified Ethical Hacker, EC-Council), CEI (Certified EC-Council Instructor), GIAC GCTI (Cyber Threat Intelligence), GIAC GSTRT (Strategic Planning, Policy and Leadership), GIAC GCFA (Certified Forensic Analyst), GIAC GSNA (Systems and Network Auditor), GIAC GMON (Continuous Monitoring), GIAC GRTP (Red Team Professional), SANS Red Team Ops, SANS Threat Hunting, SANS Advanced Forensics, SANS Incident and Crisis Management, SANS Cybersecurity Programs and Governance, PECB ISO/IEC 27001 Lead Implementer, EY CertifyPoint ISO/IEC 27001 Internal Auditor, EY CertifyPoint ISO/IEC 27018 Internal Auditor, TÜV ISO 27001 ISMS Internal Auditor, ISEB ITIL Foundation, university degrees (BSc, MSc) from ULBS Sibiu.