Security architecture. From design to deployment.
We design and deliver security architecture for governments, defence organisations, and critical infrastructure operators in Albania and the Western Balkans — combining independent architecture expertise with validated technology solutions. Architecture decisions are made on technical merit — and where required, we supply and deploy the technology to realise them.
Advisory Services
Each engagement produces auditable deliverables aligned to recognised frameworks. Architecture, compliance, and technology supply are available as integrated or standalone engagements.
Architecture for Zero Trust, Data-Centric Security, and segmented or high-assurance environments. Designs are documented to support independent review and audit.
Structured readiness work for ISO/IEC 27001, GDPR, NIS2, and sector-specific obligations. Outputs are designed for board reporting and regulator dialogue.
Architecture reviews, control assessments, and exposure analysis. Findings are prioritised by risk to the organisation, not severity in isolation.
Network, identity, and platform design where security is part of the architecture, not retrofitted afterwards. Vendor-neutral, evidence-based selection.
Methodology
Every engagement follows the same four phases. Each phase produces documented outputs that can be reviewed independently and traced through to design decisions.
Phase 01
Current-state analysis, stakeholder interviews, document review, and regulatory mapping.
Phase 02
Gap analysis, risk assessment, control effectiveness review against the target framework.
Phase 03
Target architecture, control mapping, prioritised remediation, and migration sequencing.
Phase 04
Architecture decision records, audit-ready documentation, board-level summary, and handover.
Frameworks & Standards
Deliverables are mapped to the standards that your auditors, regulators, and internal stakeholders already use.
Gap analysis against the 93 Annex A controls, ISMS scoping, Statement of Applicability, certification readiness.
Govern, Identify, Protect, Detect, Respond, Recover — function-by-function maturity baselining and roadmap.
Applicability assessment, governance obligations, incident reporting, and Article 21 risk-management measures — aligned with EU accession requirements.
Technical and organisational measures appropriate to the risk, including pseudonymisation, encryption, and resilience.
Credentials
Industry certifications validate methodology and continued professional development. Project work — not certifications alone — establishes capability.
(ISC)² Certified Information Systems Security Professional
(ISC)² Certified Cloud Security Professional
EC-Council Certified Ethical Hacker
Lead Implementer / Lead Auditor methodology
Engagement Models
Fixed scope, fixed deliverables, predictable timelines. Every engagement begins with a written proposal — scope, deliverables, and timeline — before any work commences.
3–4 weeks
Independent review of an existing architecture or design. Documented findings, prioritised observations, and recommended next steps.
6–12 weeks
ISO 27001 or NIS2 readiness. Gap analysis, control mapping, Statement of Applicability, and certification preparation.
3–6 months
Target architecture design and implementation oversight. Includes ADRs, migration sequencing, and procurement-ready specifications.
Technology Ecosystem
Technology selection is based on fit to the control objective, sovereignty requirements, and lifecycle cost. Pentaquark supplies hardware and software solutions from the vendors below as part of integrated architecture engagements.
Contact
Introductions are typically a 30-minute call to confirm fit. Engagements begin with a written scope, deliverables, and timeline before any work commences.