We are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

Positive security

We believe that good cyber security:

  • starts with a deep and thorough understanding of how your organisation works
  • provides the strongest protection for the most important things
  • responds and adapts to people's needs

Rather than comparing your setup against checklists of known threats and common solutions, we work hard to properly understand your business. We always start with the question "What do you need to protect?" and work our way forward from there.

Read more about our approach to positive security.

Our services meet your needs

We typically work with clients — like CIOs, CTOs, CISOs, plus CEOs and NEDs — over longer periods of time to deliver real and measurable outcomes, rather than one-off deliverables.

Below are a few examples of the problems you may be facing, and how we can help, but it is not exhaustive. Pick your favourite way to get in touch and we will be happy to discuss your individual needs.

cyber risk analysis

Cyber risk analysis

"I need to understand the cyber risk to my organisation is so I can have confidence that we are doing the right things"

Cyber risk is the cornerstone of modern security programmes and decision making. We’ll use data to help identify and analyse the risk scenarios relevant to your operations, and where you should be focusing your effort. Then we help you mobilise projects that help to manage it to an appropriate level or improve the efficiency and resilience where this has been achieved. By measuring the things that matter and ‘closing the loop’ you’re able to make simple, effective justifications on security investment to business stakeholders. Get in touch if you'd like us to work on your cyber risk project.

security programme review

Security programme management

“I need expert, independent advice that helps me understand why my security programme is off track or failing to deliver, so that I can take appropriate action.”

Many security programmes struggle to demonstrate return on investment. We’ll conduct a programme review looking at your underlying cyber capability and compare your programme plan to a cyber risk assessment. This will call out any gaps — in foundational capability, or focus — so that you can take the appropriate corrective action. We can even help you demonstrate, through data and evidence, how the actions you are taking are contributing to managing your cyber risk and measure the security benefit from your programme activities. Arrange a session to take a high-level view at your programme.

cyber due diligence

Satisfy due-diligence requirements

“I need to quickly understand what security capability my organisation has now, so that I can judge if, or how much, to invest.”

Cyber security is a board-level item and an important part of investment decisions. We’ll conduct an assessment to answer your questions on cyber capability and effectiveness of cyber governance and risk management. This is beneficial as part of regular ‘health check’ for organisations, or as cyber due-diligence to inform strategies at important economic transactions like acquisition, investment or sale. Give us a call to discuss your investment needs.