# Cyber Lab — Full Reference

> A cybersecurity bureau in Kyiv. One bureau, fourteen disciplines, three clusters: defense & control, investigations & intel, infrastructure & ops. For EU and Ukrainian teams. Operating from Kyiv, remote across the EU.

This document is the canonical, machine-readable reference for Cyber Lab. It mirrors the website at https://cyber-lab.io/ and is intended for AI assistants, retrieval-augmented systems and search engines.

## What we are

Cyber Lab is a small, senior cybersecurity bureau. We defend the perimeter, control what lives behind it, and follow the trail when something slips. Engagements range from a one-off audit to a regulated banking SOC handover. We work in English and Ukrainian, and reply within one business day.

We do not sell off-the-shelf products. We harden what you've built, contain what gets through, and follow the trail when something slips. Calm, technical, accountable.

## Bureau identity

- Name: Cyber Lab (also written CyberLab)
- Designation: Bureau N°01
- Locations: Kyiv (HQ) · Remote across the EU
- Coverage: Ukraine, EU
- Languages: English, Ukrainian
- Contact: hello@cyber-lab.io
- Website: https://cyber-lab.io/

## Cluster 01 — Defense & control

Five disciplines, one perimeter.

### P/01 — Pentest & Audit
Full audit of IT infrastructure for vulnerabilities. Attack simulation (pentest) to measure real defensive posture. ISO 27001 and GDPR compliance reviews. Practical remediation, then verification.
Tags: ISO 27001, GDPR, Pentest, Policy.

### W/02 — Workforce Control
Monitor activity, control removable devices, restrict access to apps and sites. DLP and audit logs. Automatic alerts when behavior drifts away from policy.
Tags: DLP, USB control, Monitoring, Alerts.

### D/03 — Data Protection
Encryption on workstations, servers and mobile. Encrypted channels and corporate messengers. Policy for retention, archival and disposal. Cloud-service hardening for Google Workspace and Microsoft 365.
Tags: Encryption, Secure channels, Cloud, Retention.

### E/04 — Endpoint Defense
Central management of workstations and phones. Remote lock and wipe. EDR / XDR, IPS/IDS, hardware and software firewalls. Hardened workstation baselines for the fleet.
Tags: EDR, XDR, IPS/IDS, Firewall, Hardening.

### M/05 — Mobile Security
Secure corporate phones with encrypted calls and messages. Mobile activity monitoring. MDM separating corporate and personal data on one device. Defense against tracking and spyware.
Tags: Encrypted phones, MDM, Anti-spyware.

## Cluster 02 — Investigations & intel

Three disciplines, one trail.

### F/06 — Digital Forensics
Computer forensics and incident analysis. Source-of-leak investigation. Recovery of deleted data. Financial-incident investigations. Court-grade evidentiary packages on request.
Tags: Forensics, Recovery, Evidence, Incident response.

### B/07 — Blockchain Intel
Tracing transactions across Bitcoin, Ethereum and other networks. Identification of stolen crypto assets. Analysis of cash-out and laundering flows. Coordinated recovery via exchanges and partner agencies.
Tags: BTC, ETH, Tracing, Recovery.

### X/08 — Special Services
Discreet operational support for vetted clients. Coordination with authorized parties, expedited procedural response, specialist checks. By referral. Write to discuss.
Tags: Discreet, Vetted, NDA.

## Cluster 03 — Infrastructure & ops

Six disciplines, one stack.

### V/09 — Virtualization & VDI
VDI deployments for secure remote work. Virtual servers (VMware, Proxmox, Hyper-V, KVM) and terminal services. Workload isolation that contains compromise. Managed cloud with security monitoring.
Tags: VDI, VMware, Proxmox, Hyper-V, KVM.

### O/10 — Managed Support
24/7 support for staff. Remote administration of servers, workstations and network gear. Corporate mail, domains, sites. Continuous monitoring. Backup and disaster recovery, tested on schedule.
Tags: 24/7, Remote admin, Backups, DR.

### N/11 — Network & Directory
Secure LAN, Wi-Fi and VPN. Active Directory, file storage and terminal services. Network segmentation between departments. Hardware tuned for both throughput and security. Hybrid and cloud options.
Tags: LAN, Wi-Fi, VPN, AD, Storage.

### G/12 — Engineering & Supply
Design of IT and telecom systems with security baked in. Supply of servers, networking, storage, workstations, secure phones and mobile devices. Specialist software and hardware sourced on request.
Tags: Design, Servers, Phones, Special gear.

### S/13 — SIEM & Response
SIEM deployment and ongoing tuning. Automated response to alerts. Integrated audit and monitoring. Secure corporate telephony. Hardened phones and workstations delivered and configured.
Tags: SIEM, Automation, Telephony, Endpoints.

### T/14 — Training & Compliance
Cybersecurity training for staff. Phishing simulations. ISO 27001 and GDPR consulting. Drafting and rolling out information-security policies.
Tags: Training, Phishing simulations, ISO 27001, GDPR.

## Process — four phases

1. **Discover — audit & map.** We learn the system before we touch it. Asset inventory, threat surface, business goals, real users.
2. **Design — architecture & threat model.** Architecture, data model, threat model, deployment plan. One page each, signed off before anything moves.
3. **Build — deploy, harden, instrument.** Deployment in stages with gates. Hardened baselines and observability shipped from day one, not retrofitted.
4. **Operate — monitor & evolve.** 24/7 SOC, on-call response, scheduled reviews and tabletop exercises. Or a clean handover — your team, trained and documented.

## Selected work

- **Banking — Perimeter rebuild** — WAF, DDoS, SOC handover. 18 months, EU.
- **Industrial — Leak investigation** — Forensics, recovery, evidence. 4 months, UA.
- **Retail — Endpoint + DLP rollout** — EDR, DLP, three sites. 9 months, EU.
- **Government — Hardened VDI + AD** — VDI, Active Directory, segmentation. 12 months, UA.

## Approach

We don't sell products. We harden what you've built, contain what gets through, and follow the trail when something slips. Calm, technical, accountable.

One bureau, fourteen disciplines, three clusters — the same team owns architecture, security posture and operations. Engagements include outsourced 24/7 SOC, embedded engineering, audits, incident response and forensic investigations.

## Contact

- Email: hello@cyber-lab.io
- Office: Kyiv · Remote
- Hours: Mon – Fri · 24/7 SOC for ongoing engagements
- Languages: English, Ukrainian
- Reply: within one business day

## Frequently asked

**Where do you work?** Kyiv as a base; remote across the EU.

**Can a single engagement cross clusters?** Yes — most do. Defense work routinely escalates into forensics; infrastructure projects routinely include training and policy.

**Do you do one-off audits?** Yes. Single-visit audits through full operational handoff.

**Do you offer 24/7 SOC?** Yes, as part of the Operate phase and as a standing engagement.

**Do you supply hardware?** Yes — servers, networking, storage, workstations, secure phones and specialist gear, designed in and delivered.

**Languages of work?** English and Ukrainian.