HLB M2 ALTPI Secure IT
HLB M2 is a group of entities with an established market position, ranked among the TOP 10 largest audit firms in Poland.
The HLB M2 team comprises 80 professionals, including 20 holders of statutory auditor, CIA, FCCA and tax adviser qualifications.
For nearly 20 years, we have been supporting Polish and international clients across various sectors of the economy, providing professional audit, accounting and advisory services.
Comprehensive IT Security for Your Business
IT Consulting & Strategy
Development of information security strategies and advisory on the selection of a target IT operating model.
- Alignment of IT strategy with business strategy
- Definition of information security objectives
- SWOT analysis and TCO assessment
- Definition of roles, responsibilities and oversight parameters
IT Audits
Pentests, vulnerability assessments, compliance audits and evaluation of network architecture, systems and applications security.
- White/Crystal box penetration testing
- Threat classification using the STRIDE model
- CIS/SANS/NIST compliance audits
- Platform performance and configuration audits
IT Implementations
We support clients from concept and technical design, through hardware and software delivery, integration, hardening, testing and handover to operations.
- IT architecture design
- System integration and hardening
- Business continuity plans (BCP)
IT Infrastructure Maintenance
IT support — 2nd line support with 1h SLA for critical incidents.
- Incident and ticket management
- Server and network infrastructure management
- Backups and data protection
- Dedicated Account Manager
Cybersecurity Training
Practical training and workshops with live demonstrations — real attack scenarios.
- Social engineering and targeted attacks
- Email threats and phishing
- AI threats and deepfake
- Ransomware and identity theft
IT Security Incident Response
Comprehensive IT crisis management that minimises financial and reputational losses.
- Rapid response (Incident Response)
- Post-breach analysis (Forensics)
- System recovery (Disaster Recovery)
- Regulatory support (NIS2, DORA)
Pentests — Security Testing of Services, Applications, IT Infrastructure
Threat classification based on the STRIDE model — a structural approach to threat analysis:
| S | Spoofing Identity | Impersonating another person or system |
| T | Tampering with Data | Unauthorised modification of data |
| R | Repudiation | Denying actions performed (no audit trail) |
| I | Information Disclosure | Unauthorised disclosure of information |
| D | Denial of Service | Preventing use of resources |
| E | Elevation of Privilege | Gaining higher privileges than assigned |
IT Audit on an Hourly Subscription Basis
Virtual Chief Information Security Officer (vCISO) and “Your Hacker” in an hourly package — flexible support tailored to your company’s needs.
Available monthly packages:
- White/Crystal box penetration testing
- Vulnerability assessment
- Compliance audits with CIS/SANS Institute/NIST security recommendations
- Network architecture, systems and applications security assessment
- Business process security assessment (account creation, account lockout, role models)
NIS2 and DORA Audits
NIS2 Audit
Cybersecurity Directive
Objective: Verification of the resilience of key and important entities (e.g. energy, transport, healthcare, manufacturing) to cyber threats.
Scope: Risk management assessment, supply chain security, incident handling and business continuity.
IT support role: Assessment of infrastructure alignment with stringent legal requirements.
DORA Audit
Digital Operational Resilience Act
Objective: Ensuring full operational resilience of the financial sector to ICT disruptions.
Scope: Penetration testing, third-party risk management (TPRM), service continuity assurance during system failures.
IT support role: Audit of critical systems and processes.
Practical Cybersecurity Training and Workshops
User-Targeted Attacks and Social Engineering
Reducing the risk of breaches caused by human error and data leaks.
Email Threats and Impersonation Attacks
Reducing susceptibility to phishing, fraud and business email compromise (BEC).
AI-Based Threats and Deepfake
Raising awareness of new threats and AI-powered fraud.
Ransomware and Data Breaches
Better preparation for incidents and minimisation of downtime and financial losses.
Online Identity Theft
More effective protection of employee identities and organisational reputation.
What Do You Gain from Our Support?
Rapid Response (Incident Response)
Immediate threat isolation to stop data leaks or malware spread (e.g. ransomware).
Post-Breach Analysis (Forensics)
Precise identification of the attack source (“patient zero”) and the vulnerability exploited by criminals, to prevent recurrence.
System Recovery (Disaster Recovery)
Safe restoration of data from backups and verification of system integrity before relaunch.
Regulatory Support
Assistance in preparing documentation required by NIS2 or DORA, and support in reporting incidents to the relevant authorities (e.g. CSIRT, KNF, UODO).
Bartłomiej Ptach
Expert Team Leader
Graduate of the Faculty of Telecommunications at Gdańsk University of Technology, IT security specialist — Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP).
Experienced IT security specialist combining over 20 years of unique experience in IT security audits and projects, as well as project management.
He has participated in the creation and implementation of numerous information security strategies. He conducts information security governance audits and IT audits (qualitative and quantitative) that help identify savings, realign or correct IT processes to business needs, and secure the company’s confidential information.
He gained professional experience in Germany, where he spent five years conducting application and infrastructure security audits and risk analysis. Since 2016, he has been collaborating with the HLB M2 group.
Selected projects for
PTC ERA, Digi Malaysia, Ergo Hestia S.A, Gmina Czersk, Powiat Piotrków Trybunalski, Dellner Couplers Polska, Nicols Poland, Wydawnictwo C.H. Beck, BPS TFI, Liberty Bank Georgia, HK Finance, INFARMA, Cartu Bank Georgia
