Home / Services
Services

One security team for everything you're expected to have

Choose what you need today and add more as you grow. Every engagement begins with a free security review, so you only invest where it moves the needle.

Fractional CISO

A security leader, without the full-time salary

You get a named, experienced security lead who owns your programme: strategy, risk register, policies, board and customer reporting, and the answers to those long security questionnaires. It's the accountability of a Head of Security, sized and priced for a small business.

  • A risk register and security roadmap tied to your goals
  • Security questionnaires and due-diligence handled for you
  • Board-ready reporting in plain English

Best for

Businesses that need someone accountable for security, are answering customer questionnaires, or are preparing to raise or sell.

Best for

Losing or delaying deals because a customer wants proof of ISO 27001, SOC 2 or a completed security assessment.

ISO 27001 & SOC 2 readiness

Get audit-ready, guided by a team doing it right now

Certification feels enormous from the outside. We break it into a clear path: gap assessment, building your Information Security Management System, putting controls in place, and assembling the evidence auditors actually ask for. Because we're going through ISO 27001 ourselves, you skip the guesswork and the expensive mistakes.

  • Gap assessment against ISO 27001 or SOC 2
  • Full policy set and ISMS, not templates you're left to fill in
  • Evidence collection and support through the external audit
Security awareness training

Turn your people from the risk into the defence

Most breaches start with a person, not a firewall. We run engaging, practical training for your whole team, plus phishing simulations that show where the real gaps are, and simple policies people actually follow. It's the same programme we ran across our own company.

  • Live and on-demand awareness training with completion tracking
  • Phishing simulations and clear reporting
  • Plain-language policies staff will actually read

Best for

Any team that uses email. Especially useful before an audit or as part of cyber-insurance requirements.

Best for

Businesses with no incident plan, or who've had a scare and never want to feel that helpless again.

Incident response & readiness

A plan before you need it, and a team when you do

The worst time to figure out what to do is mid-incident. We prepare a response plan tailored to your business, rehearse it with a tabletop exercise, and stand ready if something happens. We've done this for real on our own systems: detected an intrusion, contained it, rotated every credential and hardened the gap the same day.

  • An incident response plan mapped to your systems and people
  • Tabletop drills so the plan works under pressure
  • A team on call for containment and recovery
Identity & access

The controls that stop most breaches

Stolen or reused passwords are behind a huge share of incidents. We put single sign-on and multi-factor authentication across your tools, enforce least-privilege access, and set up clean joiner, mover and leaver processes so access is never left lying around. Unglamorous, and the highest return on effort in security.

  • Single sign-on and MFA across Microsoft 365, Google and your apps
  • Least-privilege roles and regular access reviews
  • Automated joiner, mover and leaver processes

Best for

Everyone. If you only do one thing this quarter, make it MFA everywhere and tidy access.

Best for

Cloud-first businesses running on Microsoft 365, Google Workspace, Azure or a stack of SaaS tools.

Cloud & SaaS security

Harden the stack your business actually runs on

Your business lives in the cloud, and that's where it needs defending. We tighten Microsoft 365, Google Workspace, Azure and your SaaS apps against a proven baseline, manage secrets properly, make sure backups are tested and restorable, and bring secure practices into how your software is built and shipped.

  • Cloud and SaaS hardening against a clear baseline
  • Secrets management, backup and tested disaster recovery
  • Secure development for teams that build their own software

Not sure where to start?

That's what the free security review is for. We'll tell you the two or three things that matter most for your business right now.