Cyber Security Offensive & Defensive NIST · ISO 27001 · Cyber Essentials

Real protection.
Not compliance
theatre.

Full-spectrum cyber security — from penetration testing and threat intelligence through to SOC monitoring, incident response, and board-level security governance. Technical depth that finds real vulnerabilities before attackers do.

Get a free risk assessment → Explore services

No obligation · Assessment delivered within 5 business days · NDA as standard

Threat Intelligence Dashboard Monitoring active

Organisation Risk Score

Pre-engagement baseline

74 / 100

HIGH RISK

External attack surface 12 exposures

Unpatched CVEs (Critical) 3 found

Email phishing exposure DMARC missing

MFA enforcement 34% uncovered

Endpoint protection Deployed

Post-remediation target score 92 / 100

Assessed: Today ⚠ Action required

Measurable outcomes

Security measured in risk reduced, not reports filed

Every engagement is grounded in before/after risk scores, verified vulnerability counts, and compliance posture — not just a list of activities completed.

Results reflect typical engagement outcomes. Actual improvements depend on baseline posture, scope, and remediation commitment.

98%

Vulnerabilities missed internally

Of organisations that self-assess as "secure", 98% have critical vulnerabilities identified during an independent penetration test or red team exercise.

−85%

Attack surface reduction

Average external attack surface reduction following a structured vulnerability management and hardening programme over a 90-day initial engagement.

6 wks

Cyber Essentials certification

Average time from initial gap assessment to Cyber Essentials Plus certification — enabling clients to meet procurement requirements and reduce insurance premiums.

4 hrs

Incident response SLA

Guaranteed first-responder engagement within 4 hours of a confirmed incident — reducing dwell time, limiting blast radius, and accelerating recovery.

Ideal for

Organisations where a breach would be catastrophic

Cyber security investment is proportionate to the cost of failure. We work with organisations where the reputational, regulatory, or operational consequence of a breach justifies technical security done properly.

Get a free risk assessment →

Best fit

Financial services, legal, and professional services firms handling sensitive client data
PE-backed businesses preparing for due diligence or exit where security posture is scrutinised
Organisations that have suffered a breach or near-miss and need a structured response
Businesses facing Cyber Essentials, ISO 27001, or SOC 2 certification requirements
Companies with remote or hybrid workforces and unmanaged device exposure
Organisations in regulated sectors (FCA, ICO, GDPR, NIS2) with compliance obligations

Where risk concentrates

Unpatched internet-facing systems and legacy infrastructure
Poor email security — missing SPF, DKIM, DMARC, and phishing controls
Over-privileged user accounts and absent MFA enforcement
Shadow IT and unmanaged SaaS application sprawl
Inadequate backup and disaster recovery without tested restore procedures

Core services

Full-spectrum cyber security, end to end

Offensive testing to find what attackers will find. Defensive architecture to stop them. Governance frameworks to keep you compliant. Incident response for when it goes wrong.

🎯

Penetration Testing

CREST-aligned external and internal penetration testing across networks, web applications, APIs, and cloud environments. Detailed findings reports with CVSS severity scoring and remediation guidance.

→ Network · Web app · API · Cloud · Mobile

🔴

Red Team Exercises

Full-scope adversary simulation — testing people, processes, and technology simultaneously. Objective-based campaigns modelling real threat actor TTPs to expose gaps that vulnerability scanning cannot find.

→ Adversary simulation · TTP mapping · Physical

🔍

Vulnerability Assessment & Management

Continuous vulnerability scanning, prioritisation by exploitability and business impact, and a structured remediation programme with tracked closure rates and risk-reduction reporting.

→ Continuous scanning · CVE prioritisation · Tracking

🛡

Security Architecture & Hardening

Zero-trust architecture design, network segmentation, identity hardening, endpoint security configuration review, and cloud security posture management — reducing attack surface at the architectural level.

→ Zero-trust · CSPM · Network segmentation · Hardening

👁

SOC Monitoring & SIEM

24/7 Security Operations Centre monitoring with SIEM correlation, threat hunting, anomaly detection, and human analyst escalation for confirmed incidents. Full visibility across endpoint, network, and cloud.

→ 24/7 SOC · SIEM · Threat hunting · EDR integration

🚨

Incident Response & Recovery

Rapid-response incident triage, containment, forensic investigation, and recovery — with a guaranteed 4-hour SLA for confirmed incidents. Post-incident root cause analysis and lessons-learned programme.

→ <4hr response · Containment · Forensics · Recovery

📧

Email Security & Anti-Phishing

SPF, DKIM, and DMARC configuration, advanced email filtering, business email compromise (BEC) protection, and phishing simulation campaigns with staff training to reduce the human attack vector.

→ DMARC · BEC protection · Phishing simulation

🔐

Identity & Access Management

MFA enforcement, privileged access management (PAM), conditional access policies, identity governance, and SSO rationalisation — eliminating over-privileged accounts and credential-based attack paths.

→ MFA · PAM · Conditional access · Identity governance

📋

Security Awareness Training

Role-based security awareness programmes, phishing simulation campaigns, board-level security briefings, and a culture of security built through education — not just policy documents nobody reads.

→ Phishing sims · Role-based training · Board briefings

Offensive security

Find what attackers will find — before they do

Our offensive security practice operates on one principle: the only way to know your defences are adequate is to test them against realistic attack scenarios, conducted by practitioners who think like adversaries.

What we test

External network perimeter — every internet-facing system and service
Web applications, APIs, and mobile applications
Internal network — post-breach lateral movement paths
Active Directory and identity infrastructure
Cloud environments — AWS, Azure, and GCP misconfigurations
Physical security and social engineering (on request)
Wi-Fi infrastructure and rogue access point detection

Book a penetration test →

Scoping & Rules of Engagement

Defining test boundaries, objectives, and rules of engagement before any testing begins. All work is authorised in writing, with clear escalation procedures for critical findings discovered in scope.

ScopingRoEWritten authorisation

Reconnaissance & Intelligence Gathering

OSINT collection, attack surface mapping, technology fingerprinting, and credential exposure scanning — understanding what an attacker knows before they touch your systems.

OSINTAttack surface mappingHUMINT

Exploitation & Privilege Escalation

Attempting to exploit discovered vulnerabilities in a controlled manner — demonstrating real-world impact through privilege escalation, lateral movement, and objective achievement.

ExploitationPrivilege escalationLateral movement

Reporting & Remediation Guidance

A technical findings report with CVSS-scored vulnerabilities, proof-of-concept evidence, and prioritised, actionable remediation steps. Executive summary for board and risk committee.

CVSS scoringPoC evidenceExec summary

Remediation Verification Testing

Free re-test of all Critical and High findings within 90 days of the original report — verifying that remediations have been implemented correctly and not introduced new vulnerabilities.

Re-testVerification90-day included

Common findings

What we typically find — and what it means

Illustrative examples of the vulnerability classes and severity levels discovered across penetration testing engagements.

Finding	Category	Severity	Business impact
Unauthenticated RCE on internet-facing service	Network perimeter	Critical	Complete system compromise without credentials — full business impact
SQL injection in customer portal — data exfiltration path	Web application	Critical	Potential GDPR breach, customer data exposure, regulatory notification required
NTLM relay attack — domain compromise via internal network	Internal network / AD	High	Full Active Directory compromise achievable from any network-connected device
Missing DMARC — organisation impersonation via email	Email security	High	Enables phishing campaigns appearing to originate from your domain
AWS S3 bucket publicly accessible — sensitive data exposed	Cloud misconfiguration	High	Sensitive files readable by anyone — immediate GDPR and reputational exposure
Password spraying — 40% of accounts lockout-exempt	Identity & Access	Medium	Credential stuffing attacks viable; account policy remediation required
Outdated TLS configuration — downgrade attack path	Network / Cryptography	Medium	Encrypted traffic potentially interceptable on public networks

Compliance & frameworks

Security that satisfies auditors, investors, and regulators

We design security programmes that align to the frameworks your clients, investors, and regulators care about — so compliance is a by-product of good security, not a separate exercise.

Cyber Essentials

NCSC UK certification — procurement and insurance baseline

ISO 27001

Information security management system — international standard

NIST CSF

Identify · Protect · Detect · Respond · Recover framework

GDPR / UK GDPR

Data protection compliance and breach response obligations

NIS2

EU Network & Information Security Directive — critical sectors

DORA

Digital Operational Resilience Act — financial services EU

Cyber Essentials & CE Plus

From gap assessment to certification in 6 weeks

We run the gap assessment, remediate every control failure, and manage the certification submission — delivering the certificate your procurement and insurance teams require without the 6-month project it usually becomes.

Cyber Essentials (self-assessed) and Cyber Essentials Plus (independently verified)
Boundary firewalls and internet gateways configuration review
Secure configuration across servers, workstations, and mobile devices
Access control and administrative account management
Malware protection and patch management verification

ISO 27001

ISMS design, implementation, and certification support

ISO 27001 certification demonstrates that information security is embedded in how your organisation operates — not bolted on. We design and implement the ISMS, manage the internal audit programme, and support you through external certification.

Risk assessment and Statement of Applicability (SoA)
Policy and procedure library design and documentation
Internal audit programme and management review
Certification body selection and audit preparation
Ongoing surveillance audit support and continual improvement

Incident response

When something goes wrong, speed is everything

Every hour of dwell time after a breach increases the blast radius, the recovery cost, and the regulatory exposure. Our incident response service is designed to cut that time to a minimum.

Hour 0–4

Triage & Containment

Incident confirmed and severity classified
IR team engaged — responder on-site or remote within 4 hours
Initial containment actions to limit lateral movement
Executive and legal team notified per communication plan

Hour 4–24

Investigation & Eradication

Forensic evidence preservation and chain of custody
Attack vector identification and root cause analysis
Malware removal and compromised credential rotation
Regulatory notification assessment (ICO 72-hour window)

Day 1–7

Recovery & Restoration

Systems restored from clean backups with integrity verification
Enhanced monitoring deployed across affected environment
Stakeholder and customer communication support
Regulatory submissions drafted and filed where required

Day 7–30

Post-Incident Review

Full incident timeline and root cause report
Recommendations to prevent recurrence
Security posture uplift programme defined
Insurance claim support documentation

Case studies

Real incidents. Real recoveries.

Outcomes from penetration testing, incident response, and security programme engagements across regulated and high-risk sectors.

Zero

Successful ransomware incidents in the 24 months following our security hardening and EDR deployment for a legal firm that had previously suffered two ransomware attacks in three years. Full endpoint, email, and identity posture overhaul delivered in 8 weeks.

Security Hardening

£2.4M

Technical security risk identified during M&A due diligence — comprising unpatched CVEs on internet-facing systems, missing DMARC across 6 domains, and exposed admin interfaces — enabling price renegotiation before the deal closed.

M&A Due Diligence

6 wks

Cyber Essentials Plus certification achieved for a FinTech startup — unlocking a £4M enterprise contract that required certification as a prerequisite. Gap-to-cert in 6 weeks, including remediation of 14 control failures.

Cyber Essentials Plus

4 hrs

Ransomware incident contained within 4 hours of first alert for a professional services firm — limiting encryption to 3 workstations from a potential estate of 180. Full recovery from clean backups completed within 18 hours with zero data loss.

Incident Response

Engagement models

Fixed-scope assessments and ongoing managed security

Choose a fixed-scope engagement for a defined assessment or certification, or a managed security retainer for continuous protection, monitoring, and programme governance.

Assessment

Security Assessment

Fixed scope · 1–3 weeks

From £3,500

External attack surface scan and analysis
Vulnerability assessment (authenticated)
Email security review (SPF, DKIM, DMARC)
Identity and access control review
Cloud configuration review (one platform)
Written findings report with risk register
Remediation priority roadmap
Penetration testing (manual exploitation)
24/7 SOC monitoring

Request an assessment →

Recommended

Managed

Managed Security

Continuous protection · Monthly retainer

From £2,500 / month

24/7 SOC monitoring and SIEM
Endpoint detection and response (EDR)
Vulnerability management (continuous)
Patch management and compliance tracking
Email security and anti-phishing
Monthly security report and risk score
Quarterly penetration test (external)
Incident response retainer (<4hr SLA)
Cyber Essentials maintenance

Book a discovery call →

Enterprise

Security Programme

Custom · CISO-as-a-Service

Custom pricing

All Managed Security inclusions
Fractional CISO — strategic leadership
Full internal and external penetration testing
Red team exercise (annual)
ISO 27001 implementation and certification
Board and risk committee reporting
Regulatory compliance programme
Supplier and third-party risk management

Discuss requirements →

FAQ

Common questions about cyber security services

Questions we hear most often from businesses evaluating cyber security investment for the first time — or after a security incident.

A vulnerability assessment uses automated tools to identify known weaknesses — it tells you what vulnerabilities exist. A penetration test goes further: a human tester actively attempts to exploit those vulnerabilities, demonstrating real-world impact and chaining vulnerabilities together in ways automated tools cannot detect. Penetration tests give you evidence of what an attacker could actually do, not just a list of CVEs to patch.

As a minimum, annually — and after any significant infrastructure change, new application deployment, or security incident. Our Managed Security plan includes a quarterly external penetration test, which we recommend as the baseline for most organisations. If you handle significant volumes of personal or financial data, or are subject to regulatory frameworks like FCA or NIS2, more frequent testing is typically required.

Standard penetration tests are conducted carefully to avoid causing service disruption. We agree rules of engagement before testing that define whether certain attack techniques (like denial-of-service testing) are in scope, and we have clear escalation procedures if we discover something that poses an immediate risk. We've conducted thousands of tests without causing unplanned downtime — and we're transparent when an activity carries any risk so you can make an informed decision.

A fractional CISO gives you a senior security leader without the full-time cost — typically £150–200k+ for an in-house CISO. They own your security strategy, report to the board, manage the security programme, and provide the governance function that regulators and investors expect to see. It's appropriate for organisations that need demonstrable security leadership at executive level but don't yet have the scale to justify a dedicated hire.

If we discover a critical vulnerability during a test — something that poses an immediate, severe risk — we stop and notify you immediately rather than continuing to exploit it or waiting until the final report. This is our responsible disclosure procedure. We agree escalation contacts and communication channels in the scoping call before any testing begins, so you're never in a situation where a critical finding goes unreported until the PDF lands.

Yes — and this is the most common engagement model. Your IT team handles BAU operations and day-to-day management; we provide the specialist security capability (penetration testing, SOC monitoring, incident response, compliance governance) that sits outside the scope of a generalist IT function. We work with your team, not around them, and knowledge transfer is built into every engagement.

Real protection.Not compliancetheatre.