Skip to content

Your Ecosystem, Under Our Wings.
Shielded Above Real-World Cyber Risk.

Penetration testing, GRC, cloud security, and awareness training — delivered by named OSCP and ISO 27001 Lead Auditor practitioners. Never anonymous juniors. Hands-on, UAE-based delivery.

Email us instead

Free 30-min call No sales pressure Written quote in 48 hours

Underwings is certified · Credentials on the delivery team
ISO 27001 Certified
ISO 9001 Certified
OSCP
CPTS
Fortinet NSE FortiGate Administrator
CEH
CCNP
Azure Security
ISO 27001 Lead Auditor
GRC Mastery
Aligned to: ISO 27001 UAE IA V2 ADHICS v2 PCI DSS SOC 2 UAE PDPL
What We Do

Five Pillars. Fifteen Flagship Services. One UAE Team.

Most UAE clients start with one GRC or Offensive Security engagement — then expand into other pillars over time. Pick the category that matches your current need; we'll guide the rest.

6 services NEW

Cybersecurity GRC

Get ISO 27001 certified, NESA-ready, or PDPL-compliant — with an ISO 27001 Lead Auditor doing the work.

Continuous Compliance · From AED 4,000/mo ISO 27001 Gap ISO 27001 Implementation NESA / UAE IA V2 UAE PDPL Risk Register
FromAED 12,000
Starter · Essentials · Professional · Enterprise
Led byManoj · ISO 27001 LA
ISO 27001 LA · GRC Mastery
Explore
6 services NEW

Offensive Security

See what an attacker would actually do — manual pen tests by OSCP holders, not vulnerability-scan PDFs.

PTaaS · From AED 6,000/mo Network Pen Test Web App Pen Test Phishing Simulation Vulnerability Assessment
FromAED 9,000
Starter · Essentials · Professional · Enterprise
Led byNelson · OSCP · CPTS
OSCP · CPTS · CEH
Explore
2 services

Cloud Security

Fix the 10 – 30 high-severity Azure and Microsoft 365 misconfigurations most UAE businesses don't know they have.

Azure Cloud Security Microsoft 365 Review
FromAED 9,000
Starter · Essentials · Professional · Enterprise
Led byManoj · Azure Security
Azure Security · Security+
Explore
2 services

Network & Infrastructure

Review your FortiGate and security architecture by a rare CCNP + Fortinet + OSCP combination.

Firewall & Network Review Security Architecture Review
FromAED 12,000
Starter · Essentials · Professional · Enterprise
Led byVinoth · CCNP · Fortinet
CCNP · Fortinet · OSCP
Explore
2 services

Training & Awareness

Train your team using live attack demos delivered by the same people who run the pen tests. Measure real behaviour change.

Awareness Training Workshops Tabletop IR Exercise
FromAED 6,000
Starter · Essentials · Professional · Enterprise
Led byNelson · CEH · OSCP
CEH · OSCP · GRC Mastery
Explore
Not sure where to start? Tell us your risk, compliance deadline, or what's keeping you up at night — we'll scope the right engagement in one call.
Book a 20-min scoping call
Cybersecurity Software Sales

Security software that actually gets deployed -
Implementation, Support, and Training included

We partner with leading cybersecurity vendors so you don't have to navigate the market alone. From endpoint protection to SIEM, we handle everything — selection, deployment, training, and ongoing support. No shelfware.

Pentesting #1

Find vulnerabilities
before attackers do

Automated scanners miss what matters. Real attackers don't follow checklists — they think creatively, chain exploits, and find the gaps tools can't see. Our hands-on penetration testing uncovers the real risks hiding in your systems.

We simulate real-world attacks on your web applications, networks, APIs, and cloud infrastructure. You get a detailed report with proof-of-concept exploits, risk ratings, and clear remediation steps — not a generic scan output.

Web Apps Networks APIs Cloud Mobile Active Directory
CPTS Certified CPTS
OSCP+ Certified OSCP+
Learn more about our pen-testing process
Penetration Testing Process - Pre-Engagement, Information Gathering, Vulnerability Assessment, Exploitation, Lateral Movement, Post Exploitation, Proof-of-Concept, Post-Engagement
Cybersecurity GRC

ISO 27001, NESA, PDPL — Implementation, Not Just Advice

Hands-on GRC delivered by an ISO 27001 Lead Auditor. ISO 27001 gap and implementation, NESA / UAE IA V2 gap assessment, UAE PDPL compliance advisory, and ISO 27005-aligned risk register build. We implement; accredited certification bodies certify — never both.

01

ISO 27001 & Compliance Frameworks

Gap assessments, policy development, evidence management, and certification audit preparation. We guide you through ISO 27001, SOC 2, and other frameworks — turning complex requirements into clear, actionable steps that get you certification-ready faster.

02

Risk Assessment & Management

Comprehensive risk assessments that map threats to your business objectives. We help you understand where vulnerabilities exist, what controls are needed, and how to allocate resources effectively — from vendor risk to internal security posture.

03

Cybersecurity Awareness Training

Comprehensive security awareness programs that transform your workforce into your strongest defense. Simulated phishing campaigns, interactive training modules, and real-world scenarios teach employees to recognize threats, protect sensitive data, and become security-conscious in their daily work.

Ready to get audit-ready without the chaos?

Start your ISO 27001 journey

We don't just check boxes — we find real vulnerabilities, fix compliance gaps, and train your people

A UAE-based cybersecurity services company launching in 2026 — led by Manoj Prabhakaran (ISO 27001 Lead Auditor, CPTS, CDSA, Azure Security), Nelson Durairaj (OSCP, CEH, HTB Omniscient), and Vinoth Samiyappa (CCNP, Fortinet, Azure). Every engagement is led by a named practitioner you can verify. Pen tests end in re-tests. ISO 27001 programs end with an accredited certification body at your door. And we're pursuing our own ISO 27001:2022 certification in 2026 — the same program we deliver to clients, applied to ourselves first.

Meet the full team →

Contact

Let's figure out what you actually need

We're a small team, so you'll talk to someone who actually does the work — not a sales rep. Tell us what you're dealing with and we'll give you an honest recommendation within 24 hours.

Free consultation
Response in 24 hours
No obligation
We typically respond within 24 hours

Or reach us directly:

[email protected]