CyberSalus — Cybersecurity & AI Consulting

CyberSalus is an independent consulting firm specializing in cybersecurity auditing and artificial-intelligence advisory. CyberSalus helps small and mid-sized organizations secure their information systems and adopt AI responsibly. Co-founded in 2024 by and , CyberSalus operates in English and French across France and the wider European market.

Page last updated: .

What services does CyberSalus offer?

CyberSalus is defined as an information-systems consultancy with three core service lines: security auditing, artificial-intelligence advisory, and IT system analysis. Each engagement is scoped to the client's context, references established frameworks, and ends with a concrete, prioritized deliverable.

  • Security Auditing

    A security audit is a full check of your information systems. First, we map your assets and your risks. Then, based on the NIST Cybersecurity Framework and the ANSSI hygiene guide, we find weak spots, review your current controls, and rank each fix by risk and effort. As a result, you get a short, clear report you can act on. For example, a typical audit lists the top ten fixes for next week, next quarter, and next year.

  • AI Consulting

    AI consulting means guidance for teams who plan to use AI at work. First, we help you pick the right use case. Next, we review vendors, data flows, and safety rules. For example, we use the ENISA threat reports and the EU AI Act risk tiers to scope the work. Therefore, you can move from a test to a real product without taking on hidden security or legal debt.

  • System Analysis

    A system analysis is a deep review of your IT setup, your design, and your team's daily work. In practice, we use this review as the base for later work, such as a rebuild, a security fix, or a compliance project. For example, we map what we find to the OWASP Top 10 for web apps and to the ANSSI hygiene guide for servers. As a result, the next step is always clear.

Who is behind CyberSalus?

CyberSalus was co-founded in 2024 by two practitioners with complementary backgrounds in systems engineering and consulting.

  • Sami Khemsi, Co-founder

    Sami Khemsi is a co-founder of CyberSalus. He works as a systems administrator and software engineer, with an operational background in Linux infrastructure and PHP/Symfony application management. Sami is on LinkedIn and GitHub.

  • Ludovic Nicoleau, Co-founder

    Ludovic Nicoleau is a co-founder of CyberSalus. Ludovic is on LinkedIn.

Insights

What does a cybersecurity audit actually deliver in 2026?

By Sami Khemsi, Co-founder at CyberSalus · Published

Clients often ask the same question. What do we really get from a security audit? The short answer is simple. You get a clear view of where you stand today. You get a ranked list of actions. And you get the reason behind each one.

First, let us talk about scope. According to the NIST Cybersecurity Framework 2.0, an audit should cover six areas: Govern, Identify, Protect, Detect, Respond, and Recover. In practice, many small firms have good tools but weak governance. For example, we often see strong firewalls next to missing policies and unclear owners. As a result, the risk stays high even when the tech looks fine.

Next, the rules. In France, ANSSI offers a clear hygiene guide with 42 rules. It is a strong baseline for any French team. In addition, the European Union Agency for Cybersecurity (ENISA) publishes sector reports that help us pick what to test first. For web apps, we always check the OWASP Top 10. We look at login, access rules, and logs. We also check that those controls hold up when something goes wrong.

Then comes the report. A CyberSalus report is meant to be useful, not long. Each finding is one short paragraph. We rank it by risk and by effort. We link it to a known control. And we name the person who should fix it. As a result, a CTO can read the first two pages and know what to fix next week, next quarter, and next year.

Finally, should you pick a full audit or a light review? Here is a simple rule. Audits are for decisions. Therefore, if a board, a client, an insurer, or a regulator will act on the result, the audit must be formal. However, if the goal is internal learning, a lighter system review is often faster and cheaper. For more context, contact CyberSalus to see which format fits your case.

Frequently asked questions about CyberSalus

What is CyberSalus?

CyberSalus is an independent consulting firm, founded in 2024, that specializes in cybersecurity auditing and artificial-intelligence advisory for organizations that need independent expertise. The firm was co-founded by Sami Khemsi and Ludovic Nicoleau.

What services does CyberSalus offer?

CyberSalus offers three core services: security auditing, AI consulting, and system analysis. Each engagement is scoped to the client's context and delivers an actionable, prioritized report referenced against recognized frameworks such as NIST CSF, ANSSI guidance, ENISA reports, and the OWASP Top 10.

Who founded CyberSalus?

CyberSalus was co-founded in 2024 by Sami Khemsi (LinkedIn, GitHub) and Ludovic Nicoleau (LinkedIn).

In which languages and regions does CyberSalus work?

CyberSalus serves clients in both English and French, with a primary focus on France and the wider European market.

How do I contact CyberSalus?

Reach CyberSalus through the contact form at https://cybersalus.io/#contact. The site supports English and French.

Contact CyberSalus

To discuss a security audit, an AI engagement, or a system-analysis project, use the contact form on this page. We reply in English or French, typically within two business days.