About ContrailRisks
The practice
behind
the strategy
ContrailRisks is a boutique cyber security consultancy built on a simple conviction: organisations deserve senior, independent advice — not vendor-aligned recommendations dressed up as strategy.
10+
years experience
11
certifications
EMEA
delivery reach
Why we exist
Security strategy that belongs to you,
not your vendors
Most organisations receive security advice through one of two lenses: a product vendor with something to sell, or a large consultancy with an army of junior staff and a methodology built for scale, not fit. Neither delivers what boards and leadership teams actually need.
ContrailRisks was founded to fill that gap. A boutique practice built around senior expertise, direct engagement, and a commitment to independence that is structural — not just a marketing claim. We work across EMEA, embedded alongside leadership teams at the moments that matter most.
Whether navigating regulatory change, evaluating a technology investment, leading a security programme, or protecting deal value in an M&A transaction, our role is to give you clarity, confidence, and a clear path forward.
Leadership
Founder-led.
Senior by design.
Every engagement is led personally by our founder — not delegated after the sale. You engage a senior practitioner and that is exactly who shows up, every time.
Founder & Principal Advisor
Fabrizio Di Carlo
Over a decade of hands-on experience in cyber security, governance, and resilience across financial services, technology, and regulated industries throughout EMEA. CISA, ISO 27001 & ISO 42001 Lead Auditor and Implementer.
10+
Years experience
11
Professional certifications
EMEA
Delivery reach
100%
Vendor-agnostic
How we work
Four principles
that don't move
These aren't values on a wall. They're the structural commitments that define every engagement — and the reason clients come back.
Independent by design
We hold no vendor partnerships, receive no referral fees, and carry no product quotas. Our only obligation is to you.
Senior, not staffed
Every engagement is led by a senior practitioner — not handed to junior consultants after the sale. You get the experience you engaged.
Outcomes over outputs
We measure success by the resilience and clarity we leave behind, not the volume of documentation we produce.
Calibrated to context
We don't apply one-size templates. Every recommendation is shaped by your sector, risk profile, growth stage, and regulatory environment.
Speaking & Media
Where ideas
travel
Available for panels, keynotes, and media commentary on cyber security strategy, DORA, NIS2, AI governance, and the evolving role of the CISO.Speaking enquiries →
The world's leading identity security event — 5th consecutive year as speaker.
June 2026
London, UK
Upcoming interview — details to follow on release.
Coming soon
Upcoming interview — details to follow on release.
Coming soon
Ready to work with us?
Start with a conversation. No commitment, no hard sell — just an honest discussion about your security challenges and how we might help.