Senior, independent, and small by choice

How we work

Ellipse Project was founded in 2016 in Warsaw by Anna Kowalska, after eight years at two of the larger Central European consultancies. The founding observation was that mid-market clients were being served either by the large consultancies (where the senior signatory rarely did the work) or by sole practitioners (who lacked the bench depth for substantial engagements). There was a gap between the two.

We are deliberately small. Eleven people across our Warsaw office and senior consultants in Kraków, Vilnius, and Berlin. Every engagement is led by one of our partners, who is responsible for the work from scope to closure. There is no offshore second-tier delivery. The cost of small scale is that we have to be selective about the engagements we take; we are. We say no to about half of the work that approaches us, mostly because we do not have capacity rather than because we are unwilling.

We are independent. Ellipse Project is partner-owned, with no outside investment and no commercial relationships with tool vendors, simulation-platform providers, or certification bodies. We have no incentive to recommend specific tooling and no commercial reason to push particular methodologies.

Our work product is written. We deliver narrative reports rather than slide decks. Where slides are useful — board presentations, executive briefings — we produce them as derivative artefacts from the underlying written work. The discipline of writing the work down forces clarity that slides do not, and our clients have consistently told us they value it.

Our published work appears on the insights page on this site. We contribute occasionally to industry venues — the ECSO knowledge base, the Polish CSIRT GOV publications, sector conferences. Where we publish, we credit the client engagements that informed the work under NDA arrangements.

Our values

Company history

• 2016. Founded in Warsaw by Anna Kowalska. Initial focus on ISO 27001 readiness engagements for Polish banking clients.
• 2018. Expanded into Czech Republic with our first engagement at a major Czech transmission system operator. Pavel Novák joined as the second partner.
• 2019. Added a healthcare practice with Dr Magdalena Wójcik joining as Head of Advisory. First hospital-network engagement signed.
• 2021. DORA and NIS2 advisory practices established in anticipation of the regulatory transposition; first preparatory engagements signed in Q4.
• 2023. Opened Baltic operations from a base in Vilnius with Kristina Berga joining as the regional lead.
• 2024. Achieved ISO 27001:2022 certification for our own operations. Reached eleven people across four cities.
• 2025. First DORA-aligned readiness engagement completed and approved by client home-state supervisor.

Where we operate

Headquartered in Warsaw, with senior consultants in Kraków, Vilnius, and Berlin. Engagements span Poland, the Baltic states, Czech Republic, Slovakia, and Germany. We travel where the work requires it and are equally comfortable on-site, remote, or hybrid.

Press & recognition

For media and analyst enquiries, see our press page or contact office@ellipseproject.com directly. We are listed in industry directories including the European Cyber Security Organisation (ECSO) member directory and the Polish Chamber of Information Technology and Telecommunications (PIIT) member listing.