Hard2bit
Cybersecurity Compliance 24/7 SOC AI security Threat hunting

Cybersecurity and compliance blog

Technical breakdowns, practical guides and operational criteria from the Hard2bit team — the same one that runs a 24/7 SOC, handles incident response, executes pentests and supports compliance programmes at mid-market and large organisations.

We publish about the work we run every day. Every article is signed by someone who has been inside the problem, not written by an external copywriter. You'll find technical breakdowns of high-impact CVEs, implementation-focused guides on NIS2, DORA, ENS and ISO 27001, and explanations of which controls actually move maturity forward and which are theatre.

We cover five areas:

  • Offensive security pentesting, red team, external attack surface, web and API audits
  • Compliance and GRC NIS2, DORA, ENS, ISO 27001, ISO 42001, EU AI Act and third-party risk
  • AI security agents, MCP, LLMs, model supply-chain risk, GenAI browser extensions
  • Defensive operations managed SOC, MDR, threat hunting, incident response, CTEM
  • Current threats campaigns and techniques observed in real engagements: ClickFix, device code phishing, Microsoft 365 account takeover, C2 over Teams, npm supply-chain attacks

Comparisons and essential guides

When the decision is X or Y: what each option assesses, where they overlap, and when each makes sense. Written to unblock scoping and procurement calls.

Start here — themes and pillar posts

Four areas where the blog concentrates most material. Each block links to the articles that cover the fundamentals and to the equivalent service at Hard2bit.

Signed by the team

The blog is signed by Hard2bit's founding partners and technical team. Every article carries the byline of someone who has worked the problem in a real engagement — not an external copywriter.

Meet the full team →
  • Adrián González

    CEO

  • Thilina Manana

    Head of Operations and Security

  • Daniel O'Grady

    CIO

Featured

Latest articles

Frequently asked questions

How we publish, who writes, what we cover and how to cite the material.

How often do you publish?

Several articles a month. We refresh the pillar posts (NIS2, DORA, ENS, ISO 27001, pentesting, SOC, AI security) whenever the technique or the regulatory interpretation shifts.

Who writes the articles?

The Hard2bit team: SOC analysts, pentesters, compliance leads and security architects. Every article is signed by someone who has worked the problem in a real engagement, not by an external copywriter.

What topics do you cover?

Offensive security (pentesting, red team, external attack surface), compliance and GRC (NIS2, DORA, ENS, ISO 27001, ISO 42001, EU AI Act), AI security (agents, MCP, LLMs), defensive operations (managed SOC, MDR, threat hunting, incident response) and analysis of live cyber threats.

Are the articles relevant outside Spain?

The technical ones are: CVE analyses, security architecture, AI, threat hunting or pentesting content is transnational. Compliance material focuses on the European regulatory frame (NIS2, DORA, EU AI Act) and on Spanish specifics (ENS). The English edition covers the same topics adapted to the UK/EU context.

Can I link or quote the articles?

Yes, with attribution to Hard2bit and a link to the original URL. For partial reproduction or translation, get in touch and we'll coordinate.