top of page

Maya Security 
Board-Level Cyber Risk, OT/ICS and Critical Infrastructure Cybersecurity Advisory

About Maya Security

Maya Security is an Israeli cybersecurity advisory firm specializing in board-level cyber risk, OT/ICS cybersecurity, energy-sector cybersecurity, critical infrastructure, regulatory readiness, CISO-as-a-Service, DPO-as-a-Service and executive cyber readiness.

Founded in 2012, Maya Security works with organizations where cyber risk has consequences beyond the security team: operations, continuity, safety, regulation, governance, public interest and executive accountability.

The firm is led by Joseph Assaf Turner, known professionally in Israel as Assaf Turner (אסף טורנר), Founder and CEO of Maya Security and former Head of the Sectoral Cybersecurity Unit at Israel’s Ministry of Energy and Infrastructure.

What We Do

Maya Security helps boards, CEOs, CISOs and executive leadership understand cyber exposure, set priorities, challenge assumptions and translate technical and regulatory complexity into decisions that can be approved, tracked and evidenced.

Our work is most relevant for energy, industrial, critical infrastructure and regulated organizations that need independent senior judgment on cyber risk, OT/ICS exposure, regulatory expectations, privacy obligations and executive readiness.

We focus on practical advisory, not noise. The objective is to help leadership understand what matters, what is exposed, what requires action and what evidence exists.

Core Advisory Areas


Board-Level Cyber Risk Advisory

Cyber risk becomes a board and executive issue when it affects operations, continuity, regulation, safety, customer trust or public interest.

Maya Security advises boards, CEOs and executive leadership on cyber risk governance, executive oversight, risk prioritization, decision-making and evidence of readiness.

Typical work includes board and executive cyber risk briefings, governance reviews, executive tabletop exercises, risk visibility reports and board-level action plans.

OT/ICS Cybersecurity Advisory

Operational technology environments require a different cybersecurity approach. In OT/ICS, cyber risk may affect production, safety, continuity, equipment, engineering processes and physical operations.

Maya Security advises organizations on cyber risk in industrial control systems and operational technology environments, including SCADA, DCS, PLCs, industrial networks, remote access, supplier exposure and operational constraints.

The work focuses on practical risk visibility and defensible prioritization, without treating OT as ordinary IT with more expensive consequences.

Energy and Critical Infrastructure Cybersecurity

Energy and critical infrastructure organizations operate in environments where cyber risk can affect continuity of service, public interest, safety, regulation and national resilience.

Maya Security advises energy-sector organizations, infrastructure operators and regulated entities on cybersecurity readiness, OT/ICS exposure, regulatory expectations and executive oversight.

This work combines sector-specific cyber risk understanding with management-facing advisory for leadership teams that must make decisions under operational and regulatory pressure.

CISO-as-a-Service

Maya Security provides CISO-as-a-Service for organizations that need senior cybersecurity leadership without appointing a full-time CISO.

The service supports boards, CEOs and executive teams that need practical cyber strategy, governance, risk prioritization, supplier oversight, incident readiness, regulatory alignment and management-level reporting.

CISO-as-a-Service connects cybersecurity to business priorities, OT/IT environments, regulatory expectations and executive accountability.

DPO-as-a-Service, Privacy Governance and Regulatory Readiness

Maya Security provides DPO-as-a-Service, privacy governance and regulatory readiness support for organizations that need practical oversight of data protection, privacy obligations, cyber regulation and management accountability.

The work may include privacy risk visibility, policy development, supplier privacy review, incident readiness, regulatory gap assessment, audit preparation and executive reporting.

DPO-as-a-Service is delivered as part of Maya Security’s broader governance approach, connecting privacy, cybersecurity, regulation and leadership accountability.

Executive Cyber Exercises and Incident Readiness

Cyber incidents become leadership events long before they become fully understood technical events.

Maya Security designs and facilitates executive cyber exercises, tabletop simulations and incident readiness reviews for boards, CEOs, CISOs and senior leadership teams in regulated, operational and critical infrastructure environments.

These exercises help leadership understand decision points, escalation paths, legal and regulatory exposure, supplier dependencies, OT/IT coordination, crisis communications and evidence of readiness before a real incident forces those questions under pressure.

Led by Joseph Assaf Turner

Joseph Assaf Turner, known professionally in Israel as Assaf Turner (אסף טורנר), is the Founder and CEO of Maya Security.

He previously served as Head of the Sectoral Cybersecurity Unit at Israel’s Ministry of Energy and Infrastructure, where his work focused on sectoral cyber readiness, energy-sector cybersecurity, critical infrastructure, operational environments, industrial control systems, regulation and national resilience.

His advisory work combines private-sector cybersecurity leadership with senior public-sector cyber regulatory experience. This perspective is especially relevant for organizations where cyber risk affects operations, continuity, governance, regulation, safety or public interest.

How We Work


Independent Judgment

We provide clear, senior advice designed to help leadership understand cyber risk without vendor pressure, unnecessary noise or technical theater dressed as strategy.

 

Operational Reality

We align cybersecurity with real operational environments, including OT/ICS constraints, legacy systems, industrial processes, engineering needs and business continuity.

 

Regulatory Accountability

We help organizations prepare for cyber and privacy regulation, audits, evidence requirements, executive oversight and board-level reporting.

 

Management-Level Clarity

We translate technical findings, cyber exposure, OT risk and regulatory expectations into clear decisions leadership can understand, approve, track and evidence.

Practical Outcomes

Our work is designed to produce usable priorities, defensible readiness, clear responsibilities and action plans that fit the organization’s risk, operations and governance reality.

Who We Work With

Maya Security is most relevant for organizations operating in serious environments, including:

  • Energy-sector organizations

  • Industrial companies

  • Critical infrastructure operators

  • Regulated organizations

  • Organizations with OT/ICS environments

  • Boards and executive teams overseeing cyber risk

  • Organizations requiring CISO-as-a-Service or DPO-as-a-Service

  • Companies preparing for cyber regulation, audits or incident response

 

Why Maya Security

Cybersecurity is not only a technical problem. In regulated, operational and critical infrastructure environments, it is also a governance, continuity, legal, safety and executive accountability issue.

Maya Security helps leadership see cyber risk clearly, prioritize what matters and build defensible readiness before incidents, audits or regulatory pressure expose the gaps.

Contact Maya Security to discuss board-level cyber risk advisory, OT/ICS cybersecurity, energy and critical infrastructure readiness, CISO-as-a-Service, DPO-as-a-Service, privacy governance or executive cyber exercises for your organization.

bottom of page