Your Ecosystem, Under Our Wings.
Shielded Above Real-World Cyber Risk.

Penetration testing, GRC, cloud security, and awareness training — delivered by named OSCP and ISO 27001 Lead Auditor practitioners. Never anonymous juniors. Hands-on, UAE-based delivery.

Email us instead

Free 30-min call No sales pressure Written quote in 48 hours

Underwings is certified · Credentials on the delivery team
ISO 27001 Certified
ISO 9001 Certified
OSCP
CPTS
Fortinet NSE FortiGate Administrator
CEH
CCNP
Azure Security
ISO 27001 Lead Auditor
GRC Mastery
Aligned to: ISO 27001 UAE IA V2 ADHICS v2 PCI DSS SOC 2 UAE PDPL
What We Do

Five Pillars. Fifteen Flagship Services. One UAE Team.

Most UAE clients start with one Offensive Security or GRC engagement — then expand into other pillars over time. Pick the category that matches your current need; we'll guide the rest.

6 services NEW

Offensive Security

See what an attacker would actually do — manual pen tests by OSCP holders, not vulnerability-scan PDFs.

PTaaS · From AED 6,000/mo Network Pen Test Web App Pen Test Phishing Simulation Vulnerability Assessment
FromAED 9,000
Starter · Essentials · Professional · Enterprise
Led byNelson · OSCP · CPTS
OSCP · CPTS · CEH
Explore
2 services

Cloud Security

Fix the 10 – 30 high-severity Azure and Microsoft 365 misconfigurations most UAE businesses don't know they have.

Azure Cloud Security Microsoft 365 Review
FromAED 9,000
Starter · Essentials · Professional · Enterprise
Led byManoj · Azure Security
Azure Security · Security+
Explore
2 services

Network & Infrastructure

Review your FortiGate and security architecture by a rare CCNP + Fortinet + OSCP combination.

Firewall & Network Review Security Architecture Review
FromAED 12,000
Starter · Essentials · Professional · Enterprise
Led byVinoth · CCNP · Fortinet
CCNP · Fortinet · OSCP
Explore
6 services NEW

Cybersecurity GRC

Get ISO 27001 certified, NESA-ready, or PDPL-compliant — with an ISO 27001 Lead Auditor doing the work.

Continuous Compliance · From AED 4,000/mo ISO 27001 Gap ISO 27001 Implementation NESA / UAE IA V2 UAE PDPL Risk Register
FromAED 12,000
Starter · Essentials · Professional · Enterprise
Led byManoj · ISO 27001 LA
ISO 27001 LA · GRC Mastery
Explore
2 services

Training & Awareness

Train your team using live attack demos delivered by the same people who run the pen tests. Measure real behaviour change.

Awareness Training Workshops Tabletop IR Exercise
FromAED 6,000
Starter · Essentials · Professional · Enterprise
Led byNelson · CEH · OSCP
CEH · OSCP · GRC Mastery
Explore
Not sure where to start? Tell us your risk, compliance deadline, or what's keeping you up at night — we'll scope the right engagement in one call.
Book a 20-min scoping call
Founding Client Program

First 10 UAE Clients
No discounts. Better than discounts.

We don't cut prices to win our first clients — we add value. Here's what every founding client gets, on top of the standard engagement.

Typically AED 8,000

Free Retest Within 90 Days

We re-test all critical and high findings after remediation, at no extra cost. You don't pay twice to confirm a fix worked.

Typically AED 12,000

Quarterly Compliance Check-In for 12 Months

Four 60-minute sessions with our ISO 27001 Lead Auditor to keep you on track between annual audits. Calendar-locked from day one.

AED 10,000 credit

Case Study Credit

Agree to be a named reference (we'll co-author a 2-page case study), and receive AED 10,000 off your next engagement. No obligation to renew.

Typically AED 4,000

Complimentary Tabletop Walkthrough

One 90-minute executive incident response walkthrough within your first year. We facilitate, you stress-test your decision-making under pressure.

Become a Founding Client

Available to first 10 UAE clients only

Cybersecurity Software Sales

Security software that actually gets deployed -
Implementation, Support, and Training included

We partner with leading cybersecurity vendors so you don't have to navigate the market alone. From endpoint protection to SIEM, we handle everything — selection, deployment, training, and ongoing support. No shelfware.

Pentesting #1

Find vulnerabilities
before attackers do

Automated scanners miss what matters. Real attackers don't follow checklists — they think creatively, chain exploits, and find the gaps tools can't see. Our hands-on penetration testing uncovers the real risks hiding in your systems.

We simulate real-world attacks on your web applications, networks, APIs, and cloud infrastructure. You get a detailed report with proof-of-concept exploits, risk ratings, and clear remediation steps — not a generic scan output.

Web Apps Networks APIs Cloud Mobile Active Directory
CPTS Certified CPTS
OSCP+ Certified OSCP+
Learn more about our pen-testing process
Penetration Testing Process - Pre-Engagement, Information Gathering, Vulnerability Assessment, Exploitation, Lateral Movement, Post Exploitation, Proof-of-Concept, Post-Engagement
Cybersecurity GRC

ISO 27001, NESA, PDPL — Implementation, Not Just Advice

Hands-on GRC delivered by an ISO 27001 Lead Auditor. ISO 27001 gap and implementation, NESA / UAE IA V2 gap assessment, UAE PDPL compliance advisory, and ISO 27005-aligned risk register build. We implement; accredited certification bodies certify — never both.

01

ISO 27001 & Compliance Frameworks

Gap assessments, policy development, evidence management, and certification audit preparation. We guide you through ISO 27001, SOC 2, and other frameworks — turning complex requirements into clear, actionable steps that get you certification-ready faster.

02

Risk Assessment & Management

Comprehensive risk assessments that map threats to your business objectives. We help you understand where vulnerabilities exist, what controls are needed, and how to allocate resources effectively — from vendor risk to internal security posture.

03

Cybersecurity Awareness Training

Comprehensive security awareness programs that transform your workforce into your strongest defense. Simulated phishing campaigns, interactive training modules, and real-world scenarios teach employees to recognize threats, protect sensitive data, and become security-conscious in their daily work.

Ready to get audit-ready without the chaos?

Start your ISO 27001 journey
Industry Solutions

Security tailored to
your sector

Every industry faces unique threats, compliance requirements, and attack surfaces. We customize our services to match your sector's risk profile.

Our 2026 Focus

Healthcare Cybersecurity & ADHICS v2 Compliance

Healthcare is the UAE's fastest-growing cybersecurity segment, and ADHICS v2 compliance is technical enough that most generalist firms get it wrong. We're focusing our 2026 practice here — building deep specialization in ADHICS v2, EMR/EHR penetration testing, and UAE PDPL for health data.

Our ISO 27001 Lead Auditor (Manoj Prabhakaran) leads every healthcare engagement personally. Whether you're a private clinic preparing for your first ADHICS audit or a multi-site group needing ongoing compliance, we deliver the technical depth healthcare requires — without disrupting clinical workflows.

What we offer for healthcare: ADHICS v2 gap assessment and implementation, EMR/EHR penetration testing, medical device network segmentation review, BYOD policy for clinical staff, and breach response walkthroughs tailored to UAE Department of Health reporting requirements.

ADHICS v2 Gap Assessment — From AED 35,000 Healthcare Penetration Test — From AED 25,000 Book a Healthcare Consultation

Methodology references: ADHICS v2 · UAE PDPL · ISO 27001 · DoH Abu Dhabi · DHA Dubai · MoHAP guidance

We also serve other regulated sectors

High-value target

Fintech & Banking

Penetration testing for payment systems and APIs, ISO 27001 and PCI DSS compliance, and training that meets financial sector regulatory scrutiny.

VAPTPCI DSSISO 27001API Testing
Fast-moving target

SaaS & Technology

Continuous security testing for CI/CD pipelines, SOC 2 and ISO 27001 certification support, and developer-focused training that fits your workflow.

CI/CD TestingSOC 2Cloud VAPTDev Training
Constant attacks

E-Commerce & Retail

Online businesses face constant payment fraud and data theft. We provide web application pentesting, PCI DSS compliance, and social engineering training for operations teams.

Web VAPTPCI DSSPhishing TrainingAPI Security
Critical infrastructure

Government & Public Sector

Security assessments meeting government standards, NIST and NESA compliance support, and tailored training for employees handling citizen data and critical systems.

NISTNESAInfrastructure VAPTTraining
Nation-state risk

Oil, Gas & Energy

OT/ICS security assessments, SCADA system testing, and compliance with energy sector regulations. Protecting operational technology from threats that can impact physical infrastructure.

OT/ICS VAPTSCADA TestingISO 27001Staff Training

Don't see your industry? We work with any sector — our approach adapts to your specific threat landscape.

Talk to us about your sector

We don't just check boxes — we find real vulnerabilities, fix compliance gaps, and train your people

A UAE-based cybersecurity services company launching in 2026 — led by Manoj Prabhakaran (ISO 27001 Lead Auditor, CPTS, CDSA, Azure Security), Nelson Durairaj (OSCP, CEH, HTB Omniscient), and Vinoth Samiyappa (CCNP, Fortinet, Azure). Every engagement is led by a named practitioner you can verify. Pen tests end in re-tests. ISO 27001 programs end with an accredited certification body at your door. And we're pursuing our own ISO 27001:2022 certification in 2026 — the same program we deliver to clients, applied to ourselves first.

Meet the full team →

Contact

Let's figure out what you actually need

We're a small team, so you'll talk to someone who actually does the work — not a sales rep. Tell us what you're dealing with and we'll give you an honest recommendation within 24 hours.

Free consultation
Response in 24 hours
No obligation
We typically respond within 24 hours

Or reach us directly:

contact@underwings.org