We built this for ourselves
Seckify started as a weekend project to fix our own security workflow. Then a colleague wanted it. Then their friends. It just kept growing.
From side project to platform
Spreadsheet chaos
We were managing risk registers in Excel, tracking compliance in shared docs, and copying data between five different tools. Every audit prep was a scramble.
Built it for ourselves
One weekend we threw together a simple dashboard to see our own security posture at a glance. No more tab-switching. No more copy-paste. It just worked.
Friends started asking
A colleague saw the dashboard and asked for a copy. Then their friend asked. Then someone needed compliance tracking too. We kept adding modules because people kept needing them.
A full platform
What started as a personal tool is now 11 integrated modules covering risk, compliance, policy, incidents, vendors, reporting, and more. Still built by practitioners, for practitioners.
Principles, not promises
Built by CISOs, for CISOs
We use this tool ourselves, every day. Every feature exists because we needed it, not because a PM put it on a roadmap.
Simple over complex
Enterprise GRC tools need a team of consultants. We need something one person can set up in an afternoon and actually use.
Community-driven
Every new module was requested by someone we know. Budget tracking, vendor risk, audit prep — all built because a friend said "can it do this?"
Self-hosted, self-reliant
Your data stays on your server. No cloud dependency, no vendor lock-in, no surprise pricing changes. Deploy and own it.
A small team, one platform
Seckify is built by a small team of working security and engineering people — not a product org, not a sales team. Everyone here ships code and uses the tool in their own work.
Artur Chlebicki
Cybersecurity SME
Poland
Day-to-day Artur lives between red-team engagements, threat-modeling workshops, and the cloud-security work that keeps regulated companies out of the news. He treats CISO Toolkit as an opinionated answer to a question he kept hearing from peers: "how do I run my whole program without buying a six-figure GRC suite?"
He speaks at industry conferences on the failure modes he sees most often — unsafe deserialization, threat modeling under AI pressure — and writes long-form notes about pentest findings on his blog, slowly but steadily building a leadership presence in the field.
Nikos Papadopoulos
Platform & Compliance
Greece
Nikos owns the compliance side of the toolkit — the cross-framework mapping, the control catalogues, the bits that let one piece of evidence count for SOC 2, ISO 27001, NIS2, and DORA at once. He spent the last decade in fintech security, where audit season hit four times a year and there was never any spare headcount.
He believes the only honest GRC tool is one that admits compliance is a graph problem, not a checklist, and most of his pull requests start with the words "this should be inferred, not entered."
Luka Horvat
Incident Response & Engineering
Croatia
Luka came to Seckify from an MSSP background, where he ran 24/7 SOC operations for European banks. The incident-response module, the NIST-aligned playbooks, and the timeline-tracking UI carry his fingerprints — built the way he wanted them when he was the one being paged at 3 a.m.
He cares more than is strictly reasonable about latency, keyboard shortcuts, and whether the dashboard tells you the truth on the worst day of the quarter, not just on the demo.
Emil Twardzik
Experienced Fullstack Developer
Poland
Emil is the reason the platform feels fast and looks consistent. He moves comfortably across the stack — from database migrations and server-side rendering down to the animation curves that make the dashboard feel less like a spreadsheet and more like a tool you actually want to open.
A decade of shipping production software in regulated environments taught him the unglamorous parts of fullstack work — observability, accessibility, sensible defaults — and that’s the lens he brings to every PR.
Want to see what we built?
No sales pitch. Just a tool we use every day that might help you too.