Does imizicyber help with BNR cybersecurity compliance?

Yes. We help banks, microfinance institutions, and insurance companies meet BNR requirements through penetration testing, vulnerability assessments, and managed security.

KIGALI, RWANDA

Penetration testing and managed security for regulated organisations

OSCP-certified. Built for banks, telecoms, and government agencies across East Africa.

Request a consultation WhatsApp us Our services

Security engagements delivered for

Danske Bank Tier-1 African Banks across 5 countries

OSCP-certified, in Kigali

The only OSCP-certified penetration tester physically based in Rwanda. Not remote contractors, not scanner output.

We build custom tooling

Security validation tools in Python, Go, and JavaScript tailored to your specific APIs and systems.

Banking red team experience

Our consultants come from threat-led red team operations at European banks protecting millions of customers.

SERVICES

Three ways to work with us

Ongoing protection, targeted assessments, or training for your team.

MANAGED / MONTHLY RETAINER

Continuous Security

We deploy and manage security tooling across your environment and deliver monthly reports. An outsourced security function without the headcount.

SAST/DAST in CI/CD Attack surface monitoring Vulnerability tracking Custom validation tools Monthly reporting Incident support

Enquire about managed security →

ON-DEMAND / PER ENGAGEMENT

Penetration Testing

Manual security assessments by an OSCP-certified consultant. For compliance, product launches, or regulatory sign-off.

Web apps and APIs Mobile banking USSD services Network and Wi-Fi IoT and cameras Desktop / thick clients BNR / PCI DSS / ISO 27001

Request an assessment →

TRAINING / ON-SITE OR REMOTE

Security Awareness Training

Hands-on cybersecurity training for employees and IT teams. From executive awareness to technical workshops for developers and security staff.

Employee awareness Phishing simulations Secure coding Incident response drills Board-level briefings BNR compliance training

Enquire about training →

PROCESS

How we work

From scoping to remediation, we keep it straightforward.

Scoping call

We understand your environment, compliance needs, and testing objectives

Proposal and SOW

Clear scope, timeline, cost, and rules of engagement within 48 hours

Testing

1-3 weeks of manual testing with daily status updates on critical findings

Report and support

Detailed report with remediation guidance and 30 days of free follow-up

ABOUT

Independent offensive security consultancy, based in Kigali

imizicyber is a registered Rwandan security firm serving banks, government agencies, and enterprises across East Africa. We combine hands-on penetration testing with managed security tooling deployment.

6+Countries served

50+Security engagements

5+Years offensive security

500+Professionals trained

CREDENTIALS

CERT

OSCP and OSCP+Offensive Security

CERT

PNPTPractical Network Pentester

TALK

BlackHat Europe ArsenalPresenter, London 2023

MSc

Computer SecurityTechnical University of Denmark

BSc

InformaticsUniversity of Athens

OSS

Google Summer of CodeHoneynet Project 2023/2024

INSIGHTS

From the field

Security insights for regulated organisations in East Africa.

FEB 2026

BNR cybersecurity requirements: what banks in Rwanda need to know

A practical breakdown of the National Bank of Rwanda's cybersecurity regulation and what it means for your institution's security program.

FEB 2026

How much does penetration testing cost in Rwanda?

Transparent pricing guide with real market ranges, from single web app assessments to full enterprise engagements.

FEB 2026

VAPT in Rwanda: what organisations need to know

Complete guide to Vulnerability Assessment and Penetration Testing. Who needs it, what it covers, and how to choose a provider.

FEB 2026

Penetration testing vs vulnerability scanning

Understanding the difference between automated scanning and manual penetration testing, and when you need each.

FEB 2026

Why USSD banking services need security testing

USSD remains critical for financial inclusion in East Africa. Here is why *182# services need dedicated security assessments.

FAQ

Common questions

Why do banks in Rwanda need penetration testing?

BNR requires regulated financial institutions to maintain cybersecurity programs. Penetration testing finds vulnerabilities in your web apps, mobile banking, APIs, and USSD services before attackers do. It is a core component of BNR compliance.

Do you help with BNR cybersecurity compliance?

Yes. We help banks, microfinance institutions, and insurance companies meet BNR cybersecurity requirements through penetration testing, vulnerability assessments, security audits, and ongoing managed security.

How much does penetration testing cost in Rwanda?

Costs vary by scope and complexity. A web application assessment typically starts from USD 2,500 for small applications. Network penetration tests and comprehensive assessments for banking environments are scoped individually. Contact us for a tailored quote.

What is BNR Regulation on cybersecurity?

The National Bank of Rwanda requires all regulated financial institutions to implement cybersecurity programs including regular vulnerability assessments, penetration testing, incident response plans, and security awareness training. We help organisations meet these requirements.

What certifications do your consultants hold?

OSCP and OSCP+ (the gold standard in penetration testing), PNPT, and BlackHat Europe Arsenal presenter. This certification level is unique among security providers physically based in Rwanda.

How often should banks do penetration testing?

BNR recommends at minimum annual penetration testing, and after any significant infrastructure or application changes. Most institutions we work with test quarterly for critical systems like mobile banking and payment APIs.

What is the difference between VAPT and penetration testing?

VAPT combines automated vulnerability scanning with manual penetration testing. Vulnerability assessment identifies weaknesses using tools. Penetration testing goes further by manually exploiting vulnerabilities to demonstrate real business impact. We do both.

Do I need ISO 27001 certification in Rwanda?

ISO 27001 is not legally mandatory in Rwanda but is increasingly required by international partners, investors, and clients. BNR encourages ISO 27001 alignment for financial institutions. We help organisations prepare through gap analysis and security improvements.

Do you offer cybersecurity training for employees?

Yes. We deliver security awareness training for all staff levels, from executive briefings to hands-on technical workshops for developers and IT teams. Training covers phishing recognition, secure coding practices, incident response procedures, and BNR compliance requirements. Available on-site in Kigali or remotely across East Africa.

Do you work with organisations outside Rwanda?

Yes. We are based in Kigali but deliver engagements across East Africa, including remote assessments. Our lead consultant has worked in offensive security roles in Denmark and the UAE, and has delivered penetration testing engagements in multiple African countries.

COMPLIANCE

BNR requires regular security assessments. Is your institution compliant?

Get a free 30-minute scoping call to understand your compliance gaps.

Schedule a call WhatsApp us now

CONTACT

Get in touch

We respond within 24 hours.

Phone

+250 793 146 617

Location

Kigali, Rwanda

Entity

Imizi Investment Group Ltd

WhatsApp for immediate response