It is widely recognised that people are one of the primary challenges to effective security; whether from the errors, overlooked security requirements, lack of awareness or the malicious insider, almost all security incidents have a human element to them.

Consistently, we see that security risk is not well integrated with other business risk processes.  It often falls outside of good risk governance practices that exist as part of the overall business risk management.

A security assurance function should be fully integrated into wider business assurance to be effective in providing confidence to management about the current exposure to cyber risk.

Penetration Testing gives organisations insights into the real weaknesses in their security and, when properly performed, allows them to understand and remediate not just the vulnerabilities themselves but the root causes that underlie them.

When organisations undertake any form of change, there is a potential to add new risks to the equation. This is particularly true, from a cyber security perspective, when there is development of new systems or changes to systems and infrastructure.

We often hear from boards and business leadership that they are unable to understand whether they are getting an effective return on their investment into security. Security is often seen as an ‘expensive black box’ which results in frustration from the business...

Even in the best governed and operated security functions, incidents are, unfortunately, a likely occurrence. Incident management and crisis management, while often being more an art than a science, requires effective and regular communication with business stakeholders.

We offer staff augmentation services to fulfil strategic security roles at our clients either to provide interim coverage between full time employees or as ongoing service. We bring our unique and personal approach to these roles to transfer our values of teaming and making a lasting difference.