Service · 01

Cybersecurity audit — technical and actionable.

An audit is only worth what it triggers. Our audit engagements deliver ranked findings, technical evidence, and an action plan that accounts for your real operational debt — not a generic grid pulled off the internet.

Request a scoping call

Firewall configuration audit, cloud posture review, Fortinet → Zscaler gap analysis, AWS architecture audit: we operate on dense technical perimeters where precision matters more than the size of the deliverable.

Firewall configuration audit (FortiGate / FortiManager)

Detailed review of filtering policies, objects, NAT, segmentation, application filtering and IPS rules, VPN settings, and multi-ADOM orchestration in FortiManager. We work from direct JSON-RPC exports to compare the running configuration against your documented baseline and identify obsolete, conflicting or overly permissive rules.

Typical deliverable: rule matrix with status (useful, harden, obsolete, duplicate), shadow rule identification, and a phased cleanup plan with no service interruption.

Zscaler ZIA / ZPA posture audit

Extraction and analysis of URL Filtering, Firewall Filtering, SSL Inspection, and Cloud App Control policies. Authentication via ZIdentity OAuth2 on your tenant, parsing of the rule base, and confrontation with actual usage from logs. We identify rules that never match, rules that match too much, and the blind spots in between.

For ZPA: review of application segmentation, Application Segments, Server Groups, App Connectors, and the Zero Trust access model actually in place.

Fortinet → Zscaler gap analysis

If you are running a migration or coexistence between FortiGate and Zscaler ZIA, we produce a read-only analysis comparing live policies on both sides. Each FortiGate rule is matched against equivalent ZIA rules and tagged: MISSING (to port), MODIFIED (partial equivalent), PRESENT (covered), ORPHAN (to remove on Forti), NATIVE_ZIA (already handled natively by the platform).

AWS cloud architecture audit

Review of VPC architecture, security groups, IAM posture (roles, policies, excessive permissions), logging (CloudTrail, VPC Flow Logs, GuardDuty), and isolation of sensitive workloads. For AWS Bedrock deployments, we audit access patterns: IAM instance profiles on EC2, Bedrock Access Gateway behind private VPC-only API Gateway, AgentCore Runtime, SigV4 signing, PrivateLink topology.

Targeted organisational audit

On request, focused documentary and organisational review: security policy, incident process, access management, ISO 27001 or NIST CSF compliance. We stay focused on items with operational value — not compliance tables disconnected from reality.

Typical deliverables

What you actually get.

  • Executive summary report (10-15 pages) — findings, risk levels, prioritisation
  • Technical appendices with evidence (extracts, captures, rule matrices)
  • Phased action plan over 3, 6 and 12 months with effort estimates
  • KPI dashboard to track remediation progress
  • Verbal debrief to technical teams and to the C-suite where relevant
  • 90-day follow-up (optional) to verify implementation

Frequently asked questions

FAQ — cybersecurity audit.

How long does a typical audit take?
A focused audit (one specific technical perimeter, e.g. "FortiGate configuration" or "Zscaler ZIA posture") typically runs 2 to 4 weeks. A cross-perimeter audit fits more naturally into a 6 to 10-week window. We prefer cadenced sprints over loosely scoped long missions.
Do you work remotely or on-site?
Both. Most of the work happens remotely through admin console access and configuration exports. We travel for scoping workshops, debriefs, and sensitive subjects that demand physical presence. Based in France, with on-site engagements available across Europe.
How is access to our systems handled?
Read-only access by default. We favour a dedicated named account with MFA enforced and full traceability. For automated extracts (FortiManager JSON-RPC, Zscaler API), we use technical credentials that you revoke at end-of-engagement. No data is stored outside your perimeter without explicit agreement.
Do you do penetration testing?
No, MINDSEC is not an offensive pentest firm. We specialise in configuration audit, architecture audit and posture review. For full intrusion testing, we refer to qualified partner firms.
How is pricing structured?
It depends on scope. A focused audit starts at a few thousand euros; a cross-perimeter audit is more substantial. We work either on a fixed-price basis (preferred — gives a clear frame) or on a daily rate for open-ended missions. Detailed quote after a free 30-minute scoping call.

Got a perimeter to audit?

Free 30-minute technical scoping call, no commitment. We confirm together whether the topic is in our wheelhouse — and whether we are in yours.

Book a call

Other practices

Service · 02

Network security engineering

Zscaler design and rollout, multi-ADOM FortiGate, secure AWS cloud architecture.
Service · 03

NOC automation

Detection pipelines, AI agents, CA Spectrum / ServiceNow / Splunk / Bedrock integration.
Service · 04

Zscaler & cloud security

ZIA/ZPA integration, ZIdentity, App Connector, IAM hardening, ZTNA.