About SubRosa.

We deliver cutting edge security technology solutions and services to our Clients so that they are prepared to tackle the ever growing cyber threat. Through the SubRosa Unified Risk Platform, we deliver threat intelligence, security controls validation and incident alerting and response. We employ and partner with some of the leading risk and security experts in the industry, enabling us to deliver effective services and software solutions to our clients of all sizes, across the globe.

SubRosa is Latin for under the rose, which denotes secrecy and confidentiality; one of the core principles of data protection and cybersecurity.

SubRosa is a boutique cybersecurity and risk advisory headquartered in Cleveland, Ohio. We were founded by two former intelligence operators who saw the need to simplify complex, technical cybersecurity services and deliver them to the small and large enterprise. To accomplish this, we recruited some of the best pentesters, consultants and analysts in the industry and fostered relationships with the most sophisticated and respected technology partners in the business.

Our core values.


We ask a lot of questions, why? Because we offer no pre-decided or mass produced solutions. Each engagement will be applicable and tailored to your business requirements.

Closed-loop solutions.

We are a trusted extension of your business and support you through the entire lifecycle of your engagement. Ensuring you are supported and your organization secure.



We are driven by the individual outcome of every engagement: maximizing the efficiency, value and quality of our engagements to meet your business and security objectives.

SubRosa’s expertise.

Our expertise spans the width and breadth of the cybersecurity spectrum: from penetration testing to enterprise governance, risk and compliance. The four domains of our expertise are:

Cyber attack readiness.

Services to enable you to proactively prepare for a cyber attack by testing and training your systems and people: identifying avenues of attack through risk and vulnerability identification and validation.

Explore Now
Cyber attack readiness
Risk and compliance

Risk and compliance.

Services and solutions to make enterprise and cyber risk transparent and easily manageable.

Explore Now

Incident response.

Cyber attacks are an unfortunate inevitable. We provide incident response services and solutions to help you detect, react and manage cyber incidents.

Explore Now
Risk and compliance 1
Risk and compliance 2

Integrated solutions.

Software and managed services to support service delivery and management of risk and vulnerabilities during and after an engagement.

Explore Now

Ontdek onze diensten.

Secure Access Service Edge (SASE)
Beheerde SOC
Verzekering door derden

Leer meer.

Aanbevolen oplossing:

Protect your workforce from social engineering attacks with cyber awareness training.

Read the blog:

Phishing 101: How to recognize a social engineering attack against your organization.


Krijg inzicht in hoe kwaadwillende dreigingsactoren uw netwerk aanvallen.

Neem contact op

Dien een RFP in

Wat betreft