Leonardo

Leonardo

Speciality: Adversary Emulation (Red Teaming)

Italy 60468 employees Publishes CVEs
Visit Website View on LinkedIn
[01] About

Defense and space manufacturing company based in Italy; $18.5B annual revenue, 22,929 employees (+10.2% YoY growth), founded in 1948, with a EUR12.6B market cap. Provides cybersecurity services including adversary emulation and red teaming, with a global industrial and commercial presence in 150 countries.

Leonardo is a global security company that realises multi-domain technological capabilities in AD&S. With over 60,000 employees worldwide, the company has a significant industrial presence in Italy, the UK, Poland, and the US. It also has a commercial presence in 150 countries through subsidiaries, joint ventures and investments. A key player in major international strategic programmes, it is a technological and industrial partner of governments, defence administrations, institutions and companies. In 2024, Leonardo recorded consolidated revenues of €17.8 bn, new orders for €20.9 bn and invested €2.5 bn in R&D. Innovation, continuous research, digitalisation and sustainability are the pillars of its business worldwide. Stefano Pontecorvo has been the Chairman since 9 May 2023 and Roberto Cingolani has been the CEO and General Manager since 9 May 2023. Follow Leonardo on social media: ➡️https://x.com/Leonardo_live ➡️https://www.instagram.com/leonardo_company/ ➡️https://www.youtube.com/leonardocompany
[02] Services
Adversary Emulation (red Teaming)
Penetration Testing
Vulnerability Assessment
Defensive Cyber Services
Cyber Risk Management
Cyber Resilience Services
Security Testing
Digital Twinning And Emulation
Cybersecurity Training And Software Toolsets
[03] Certifications
ISO 9001:2015

ISO 9001:2015 and Cybersecurity/IT


Origin and Development


ISO 9001:2015 is a quality management system standard developed by the International Organization for Standardization (ISO), a global federation of national standards bodies. However, it's important to clarify that ISO 9001:2015 is not specifically a cybersecurity or IT certification—it's a general quality management standard applicable to any organization regardless of industry. The standard was released in 2015 as the fifth revision of ISO 9001, which was first published in 1987. For cybersecurity specifically, ISO created ISO/IEC 27001, which is the actual information security management system standard.


Industry Value and Importance


ISO 9001:2015 is valued across industries because it demonstrates an organization's commitment to consistent quality management, customer satisfaction, and continuous improvement. When applied to IT and cybersecurity contexts, it helps organizations establish systematic processes for service delivery and quality assurance. However, for cybersecurity-specific certification, organizations typically pursue ISO/IEC 27001, which directly addresses information security controls, risk management, and data protection. Both certifications are internationally recognized and often required for government contracts, enterprise partnerships, and demonstrating due diligence to customers and stakeholders.
ISO 27001

ISO 27001: Information Security Management Certification


Origin


ISO 27001 was developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), and was first published in 2005. It evolved from the British Standard BS 7799-2, which was created in the late 1990s. The standard was developed in response to the growing need for organizations to systematically manage and protect sensitive information in an increasingly digital business environment. ISO 27001 has since been revised, with major updates released in 2013 and 2022 to address evolving cybersecurity threats and best practices.


Industry Value and Importance


ISO 27001 is globally recognized as the leading standard for information security management systems (ISMS) and is valued for providing a systematic, risk-based approach to protecting sensitive data. Organizations that achieve ISO 27001 certification demonstrate to clients, partners, and regulators that they have implemented comprehensive security controls and are committed to maintaining confidentiality, integrity, and availability of information. The certification is particularly important for organizations handling sensitive data, as it helps meet regulatory compliance requirements, reduces security incidents, builds customer trust, and often provides a competitive advantage in procurement processes where information security assurance is required.
ISO 37001

ISO 37001: Anti-Bribery Management Systems


Note: ISO 37001 is not a cybersecurity/IT certification. It is an anti-bribery management system standard.


Origin


ISO 37001 was published in October 2015 by the International Organization for Standardization (ISO), the independent international body that develops voluntary standards. The standard was created in response to growing global concern about corruption and bribery in business transactions. It was developed by ISO's Project Committee ISO/PC 278, which included anti-corruption experts from over 30 countries, to provide organizations with a framework for establishing, implementing, and maintaining an anti-bribery management system.


Industry Value


ISO 37001 is valued because it demonstrates an organization's commitment to preventing, detecting, and addressing bribery. Certification helps organizations reduce the risk of bribery occurring, reassure stakeholders about ethical business practices, and potentially provide a defense in legal proceedings by showing due diligence. The standard is particularly important for companies operating internationally or in high-risk sectors, as it provides a recognized framework for compliance with anti-bribery laws such as the UK Bribery Act and the US Foreign Corrupt Practices Act.


---


*If you're looking for cybersecurity/IT certifications, you may be thinking of standards like ISO/IEC 27001 (Information Security Management) or ISO/IEC 27032 (Cybersecurity).*

ISO/IEC 20000
Cybersecurity Maturity Model Certification (cmmc)
[05] Notable Clients
  • Italian Ministry of Defense
  • UK Ministry of Defence
  • European Defense Ministries