Boutique cybersecurity strategic consultancy

Transform your security posture with a risk-based, vendor-agnostic partner.

We help boards, founders, and CIOs translate cyber risk into a clear, budgeted roadmap — balancing security, usability, and business growth. One-stop-shop for vCISO, GRC, breach response, and security architecture.

20+Enterprise programs led
3Continents covered
4Frameworks: NIST · CIS · ISO 27001 · C2M2
Trusted across regulated & high-growth industries
FinTech / NBFC Aviation Retail & Malls Smart Grid & Energy Cloud-Native SaaS B2B Distribution Robotics
Trusted by

Security programs we've built and run

A selection of organisations — across FinTech, aviation, retail, energy and SaaS — who have trusted KAS with their security.

IndiGo
Airbus
Quick Heal
IDFC
Persistent
CarDekho
Savex
Avanse
Fibe
Dr. Lal PathLabs
Sterlite
Garware
Pudumjee
InfoBeans
E2E Networks
Sankhya
KPoint
EnPro
Walnut
Chowbotics
Tata Consultancy Services
Praj Industries
GirnarSoft
Vascon Engineers
Shell
FinIQ
Maharashtra Natural Gas (MNGL)
RENU
3Xcellon
The Phoenix Mills
Why work with KAS

Strategic consulting, not vendor pushed security

We start with your business risk appetite — not a product catalog. Every engagement is bespoke, measurable, and aligned with the frameworks your auditors and customers already trust.

One-stop-shop for security

From strategy through deployment to ongoing monitoring — under one accountable program, with one budget.

Multi-framework strategy

Map a single program to NIST CSF, CIS Controls, ISO 27001:2022, C2M2 and sector regs — no duplicate work.

Cyber resilience by design

We focus on recovery, not just prevention — your business keeps running when something does get through.

Budget & usability balanced

Minimal cost and disruption. Solutions that staff actually adopt — security that lifts productivity, not friction.

What we do

Six pillars of a modern security program

Pick a single engagement, or run the full program. Most clients start with a 360° review and grow from there.

01

Security Transformation

A helping hand to redesign your posture across people, process, and technology — without ripping and replacing what already works.

Learn more →
02

Tailored Security Strategies

vCISO-led strategy aligned with your business goals, risk appetite, and growth horizon — not a one-size template.

Learn more →
03

Risk Management & Mitigation

Identify, quantify, and resolve risks via the right balance of acceptance, transfer, avoidance, and mitigation.

Learn more →
04

Compliance & Regulatory

ISO 27001:2022, PCI-DSS, RBI, CERT-In, ITGC — readiness, audit support, and continuous control monitoring.

Learn more →
05

Breach Response & Recovery

Incident coaching, ransomware recovery, forensic investigation, and dark-web monitoring when it matters most.

Learn more →
06

Security Architecture Design

Cloud-native, hybrid, and on-prem reference architectures — built with zero-trust and defence-in-depth principles.

Learn more →
Our approach

A repeatable six-phase cycle

The same methodology we've used to transform security at FinTechs, retail chains, aviation, and smart-grid operators.

01

360° Review

Landscape understanding across governance, identity, infra, SDLC, and inventory.

02

Risk Quantification

Risk sheet scored against NIST, CIS, C2M2 and ISO 27001 — board-ready.

03

Roadmap Planning

Align priorities with management based on business need and risk appetite.

04

Solutioning

Procurement, deployment and integration of decided controls and tooling.

05

Risk Monitoring

Continuous monitoring of controls, KPIs and KRAs against the program.

06

Handover

Handover with the option of continued management and advisory.

Standards we score & align to

Industry frameworks, mapped once — used everywhere

NIST CSF
CIS Controls
ISO 27001:2022
C2M2
SOC 2
RBI / CERT-In
DPDP / GDPR
CSCRF
IEC 62443
EU-NIS2
EU-CRA
and many more…
Technology & platforms

The stack we deploy and operate

We're vendor-agnostic — these are the cloud platforms and security tools we most often architect, deploy and run inside client environments.

Amazon Web Services
Microsoft Azure
Google Cloud
CrowdStrike
SentinelOne
Zscaler
Netskope
Trellix
KnowBe4
Sectona
Seceon
Black Kite
UpGuard
Sprinto
FIRST
Selected work

Security transformed, measurably

Outcomes from a few of our recent engagements. Names withheld under NDA — happy to share references on request.

FinTech / NBFC

NBFC with INR 6,000+ Cr AUM

Scaled the security program from 250 to 1,600 employees in 4 years. Today the team passes 8–10 audits a year including ITGC, PCI-DSS, ISO 27001:2022 and RBI.

Audit cycles cleared8–10 / year
Retail · Real Estate

Pan-India Retail Mall Chain

Project-managed security across 18+ malls and 16 commercial/residential properties to meet ISO 27001:2022 compliance, with central visibility for group CxOs.

Properties secured34+
Aviation

Aviation Giant — CERT-In Readiness

Coordinated across four teams in France and India to deliver holistic readiness for CERT-In April 2022 guidelines, including external audit support.

Geographies2 · 4 teams
Robotics & F&B

Robotic Food Dispensing Startup

Hardened the security profile of a salad-vending robot company to industry standards — contributing to a successful acquisition by a US retail giant.

OutcomeAcquired
Smart Grid / Energy

Smart Meter Grid Operator

Locked down PII-heavy environments deploying smart meters across multiple Indian states. Introduced dark-web monitoring against external attacks.

PII exposureContained
B2B Distribution

Pan-India B2B Distributor

INR 30,000 Cr revenue firm prepared for ISO 27001:2022. Deployed and configured 24 security platforms, then empowered the internal IT team for run-state.

Platforms deployed24
See all case studies
Leadership

Operators, not slideware

You're hiring decades of in-the-trenches CISO experience — the people you talk to in the proposal are the people in the program.

Rohit Srivastwa

Rohit Srivastwa

Co-Founder · Technology & Business

Three decades in cybersecurity. Founder of multiple security ventures; published author and frequent industry speaker. Leads strategy, business and product security engagements at KAS.

[email protected] +91 98223 99001
Aalok Karnik

Aalok Karnik

Co-Founder · Technology & Field CISO

Field CISO with deep experience running GRC, audit and incident programs for regulated enterprises. Leads vCISO engagements and security control deployments.

[email protected] +91 78878 97789
Stuti Srivastava

Stuti Srivastava

Co-Founder · Head of Operations

Runs operations across KAS — engagements, scheduling, finance and client success. Keeps the practice moving smoothly so the team stays focused on the work that matters to clients.

Global presence

Three offices, one accountable team

We work across timezones so your program runs continuously — not just in business hours.

United States flag

Seattle, USA

2033 Sixth Ave, Suite 600
Seattle, WA 98121

Sweden flag

Trollhättan, Sweden

Hovslagaregatan 17, LGH 1101
461 62 Trollhättan

India flag

Pune, India

504, Water's Square, Pimple Nilakh
Pune 411027

Start with a no-cost 360° review

A short, structured conversation with our founders to gauge where you are, what's at stake, and the shortest path to a meaningful posture upgrade.