Book Assessment →
South African SOC · Built on Open Standards · 24/7 Roadmap

Your Security Operations Centre.
On African soil.
Answering in 15 minutes.

OpenCyOps is a fully managed SOC for African regulated mid-market businesses. We detect threats in minutes, contain them in hours, and publish our SLAs so you can hold us to them. Built on a transparent open-source stack. Operated by named African operators. Your data never leaves the continent.

Book a Free Maturity Assessment → See how we work →
P1 acknowledgement ≤ 15 min Data stays in SA POPIA · PCI DSS · ISO 27001 Johannesburg · Cape Town
The commitments. In writing.

Incumbents hide their SLAs. We publish ours.

Incumbents host your data offshore. We don't. Incumbents route you through anonymous queues. We don't. Here's what we sign for, every time.

≤ 15 MIN

P1 acknowledgement

Every package. Published in every contract. Measured every quarter.

100%

Data resident in South Africa

POPIA §72 aligned by architecture. No offshore routing. No data-transfer ambiguity.

NAMED

Your operator. Not a queue.

Every client has a named L2 analyst lead. You know their name. You have their phone number.

The Wedge

Four pillars. One defensible position.

The only SOC built for African regulated businesses.

Open-Stack Economics

Transparent cost. No per-EPS surcharges. Zero licence lock-in. Your security costs don't rise with your growth.

African Data Residency

In-country PoPs in Johannesburg and Cape Town. POPIA §72 aligned. Sovereignty by architecture, not by promise.

Compliance-as-Outcome

Audit-ready evidence bundles mapped to POPIA, PCI DSS, ISO 27001 and King IV. Not raw logs. Outcomes.

Human-Grade Response

Named operator. Direct phone number. Real relationship. This is not an offshore ticket factory.

The people answering the call

Named leadership. Direct accountability.

This is not an offshore ticket queue. The operators accountable for your outcome are named, reachable, and in the work.

R

Ralph Albert Vraagom

Founder
Strategy · Market Access · Ecosystem
Handles
Vision · Partnerships · Market development across Africa. Harvard Business School alumnus. Top 5 Accenture Rising Star in ICT (SA, 2020).
LinkedIn profile
T

Thammy Shipalana

Founder & Managing Director
Security Operations Lead
Handles
12+ years in cyber security operations. 7 years SOC management at enterprise scale. Detection · Incident response · Analyst leadership.
thammy@opencyops.africa LinkedIn profile
N

Njabulo Mhlongo

Sales & Product Director
Commercial · Product · Go-to-Market
Handles
23+ years in technology across Africa. Product · Cloud · Strategy · Digital transformation. Commercial and GTM ownership.
njabulo@opencyops.africa LinkedIn profile

Response within 4 business hours. No bot. No form-to-void.

Why this matters in 2026

The threat landscape has moved. The incumbent model hasn't.

POPIA enforcement is real.

The Information Regulator has issued material penalties and enforcement notices in 2024–2025. Audit trails, cross-border transfer controls, and breach response are no longer optional — they are statutory.

Mid-market is the new target.

South African ransomware victimology has shifted from large enterprise to 200–2,000 employee businesses — the exact segment incumbent MSSPs are structurally too expensive to serve.

Licence economics are broken.

Per-EPS SIEM pricing means your security costs rise with your growth. Open-stack economics decouple the two — you scale, your SOC cost does not.

Services

Four packages. Outcome-tiered.

We price by risk tier, not by endpoint or EPS. You should not be punished for growing.

For growing businesses

CyOps Essentials

You pass your compliance audit. Your board gets a quarterly risk report. You stop guessing whether you're exposed.

From USD 1,500 / month
Learn more →
Recommended
For regulated mid-market

CyOps Professional

You sleep at night. Your incidents are contained before they hit the news. Your compliance evidence is audit-ready, always.

From USD 5,000 / month
Learn more →
For complex, at-scale

CyOps Enterprise

Your SOC becomes a boardroom asset. You measure cyber risk the way the CFO measures financial risk.

Custom · USD 15–35k / month
Learn more →
Strategy · vCISO · SOC build

CyOps Advisory

You build the security programme the regulator expects, with someone who's built them before.

Project or retainer
Learn more →
What the first 90 days look like

Operational transparency. From Day 1.

Incumbents don't show you this. We publish it because we sign for it.

Day 1 — Kick-off

You meet your named L2 analyst. Scope confirmed. MSA signed.

Day 7 — Baseline

Every endpoint, every log source, every identity boundary catalogued.

Day 14 — Assessment

Prioritised risk roadmap — with or without us. Yours to keep, either way.

Day 30 — SIEM live

First executive report published. First incident runbook tested.

Day 60 — 24/7

Full monitoring live. Compliance evidence bundle v1 generated.

Day 90 — Board review

Measurable reduction in risk posture score. Year-1 roadmap locked.

Start here

Send Thammy a line.
Or Njabulo.
You'll hear back today.

No bot. No form-to-void. No "our sales team will reach out in 5–7 business days." Named leadership. Direct accountability. Four business hours.

✉ Email Thammy ✉ Email Njabulo
Or book a 30-minute discovery call →