About us /Firm

BLACKSWAN SRL is a management consulting firm focused on cyber & information security

The firm has been founded in 2012 as the merge of the ideas of 4 affirmed professionals which have been among the main actors in the development and sharing of best practices within this field.


BL4CKSWAN is based in Italy’s main cities (Milan and Rome) satisfying the needs of some of the biggest italian organizations where information security risks have a high impact.


BL4CKSWAN is a QSA Company which operates as a certification authority based on the PCI DSS frameworks authorized by the PCI SSC (Payment Card Industry – Security Standards Council).


  • Finance

  • Aerospace

  • Energy

  • Retail



  • Multinationals

  • Big Corporates

  • SME


About us /Team

Founders ensure operational excellence

curing, in the forefront, the challenges of the Clients

BL4CKSWAN operates through its founders and selected professionals to always provide teams with references and skills to succesfully complete the projects.

Services /Intro

Our expertise is based on a deep knowledge

of each information security pillar

  • Compliance

    We support our clients with on demand
    consulting or directly managing the certification

    Show more >
  • Risk control

    If you know your enemies and know yourself, you will not be imperiled in a hundred battles
    SunTzu – The art of war

    Show more >
  • Training

    Information security is constantly evolving
    Education and training are not a constraint but a true need

    Show more >
  • Frontier security

    Words such as big data, e-discovery, smart city, OSINT and many more are on the mouth ofeveryone. However fascinating can be to see how information technology is leading the economic and cultural evolution, companies often need to invest in undefined projects or not-ready products which could have a high impact on information security.

    Trusting in the value of continuous R&D activities, we have identified the most important themes and structured projects with an high innovative content.

    Show more >

Services /Compliance

We support our clients with on demand consulting

or directly managing the certification process


    PCI DSS is about contrasting frauds on payments. PCI DSS is primarily required by Visa and Mastercard to all organizations who receive or process payments with their cards.

    BL4CKSWAN is a firm accredited by the PCI Council to certify organizations interested by PCI DSS.

    It primarily applies to: e-commerce, call center and retail businesses.

  • ISO/IEC 27001

    ISO/IEC 27001 is an International standard. ISO/IEC 27001 allows the implementation of a management model to manage information security. This management model can be certified and can be listedwithin publicly accessible directories of accreditation bodies.

    ISO/IEC 27001 has been updated in 2013 with the direct contributionof BL4CKSWAN. ISO/IEC 27001 can be applied to every business of every size and industry.

    It primarily applies: where a structured information security management system is needed.

  • Privacy

    Management of the organization’s employees or their own client’s personally identifiableinformationis ruled by a growing number of laws and regulations which require several information security measures and related management practices to protect them.

    It primarily applies to:every organizationthat manages personal data.

Services /Risk control

If you know your enemies and know yourself, you will not be imperiled

in a hundred battles. SunTzu – The art of war

  • Risk Management and BIA

    Evaluating security risks and impacts on business continuity are challenges of capital importance for selecting the best security measures.

    We can support companies of any type and dimension in this complex duty through the adoption of a wide set of tools and widely recognized best practices.

  • Vulnerability Assessment and Penetration Testing

    Cyberattack simulations are the practical proof of the security of each system, which is endangered, by its own nature, by the smallest human error.

    From the highest level automated testing to the deepermanually performedhacking actions we can providethe right level of security controlrequired byyour business.

  • Policies and Procedures

    Organization-wide rules and practical activities to be performed to fulfill them, information security policies and procedures are core pieces in the security strategy of every organization.

    In order to get the most with information security policies and procedures, they need to be adapted to the corporate culture and correctly shared with all involvedpeople.

  • Business continuity plans and Disaster Recovery

    Supplying ICT services in every situation needs an exhaustive preparation towardseach possible scenario, which might also foresee the activation of an alternative site for disaster recovery.

Services /Training

Information security is constantly evolving.
Education and training arenot a constraint but a true need


    Taking advantage ofthe opportunities offered by new technologies, we deliver education and training courseswhich can be focused to one single manager or shared to all the organization’s staff.

    Our trainers deliver courses based on the most recognized international certificationssuch as CISM, CISSP and CISA.


    Since 2014 BL4CKSWAN is training partner of the well renown PECB (www.pecb.org), so BL4CKSWAN can release certifications internationally recognized. Through the PECB partnership BL4CKSWAN can deliver courses based on several standards among which ISO/IEC 27001 for information security, ISO 28000 for supply chain security and 22301 for business continuity.


    Our experience allows us to easily build on-demand courses tailored on the needs of our clients.


    Download our 2016 training catalogue here

Services /Frontier security

Today they are just “buzz-words”.
Tomorrow they’ll become trends


    Development ofan OSINT process starting fromidentification and gathering of relevant data sources.

    Support on the implementation of relevant technologies and configuration of their usage processes.


    Implementing dashboards based on state-of-the-art international frameworks to constantlymonitor the information security level and drive decisions based on true data.


    Supplying middle and top managers is not an innovation in the business world, but in the information security field it’s something which has been rarely seen. Temporary management is useful both in small entities where a CISO can be not cost effective and in the big entities for managing changing or contingency situations.


We relentlessy develop specific cyber security softwares that will simplify your life

  • KYM (Know Your Merchants)

    KYM is a software developed for acquirers, with the specific aim of assisting planning and execution of PCI DSS .compliance programsinvolving merchants and service providers.

    KYM (Know Your Merchants)

    Already known as EAR, PILAR is a software which implements qualitative and quantitative risk analysis features for informationsecurity. PILAR is based on MAGERIT methodology, developed in 1997 by the Spanish Ministry for the public administration and nowadays among the most widely adopted in the world.


    This echo solution allows real time detection of not authorized networks and easily displaying their geographical localization.



Follow BL4CKSWAN on Twitter or on main social networks


Choose where you want to meet us

  • Milano

    Piazza della Repubblica 32 20124 Milano

    Fax +390287182696

    Show map

  • Roma

    Via Nicola Pellati 60 00149 Roma

    Fax +39 0668308660

    Show map



  • Clusit
  • Uninfo
  • Oracle
  • Pci
  • Pecb
Back to top