Services

Five lanes. One operating model.

Pick the lane closest to your problem; we'll scope the rest in discovery. Every engagement comes back to the same operating model: a small senior team, anchored to your board cadence, audit-ready by design.

vCISO and BISO for regulated fintech

Board-level vCISO and BISO for UK and EU fintech. ISMS, audit prep, board reporting, and vendor risk on a fractional cadence from discovery to retainer.

ISMSBoard packVendor / ICT risk90-day plan

AI guardrails for production agents

Ship AI in production under audit: three guardrail layers, model risk, and red teams for FCA, ICO, and NCSC expectations. We embed with your platform team.

Input filterBehaviour cageOutput guardRed-team

Cloud Security Architecture & Engineering

Architecture reviews, control design, and secure-by-default platforms for AWS, Azure, and GCP at regulated scale.

Architecture reviewControl designSecure defaults

GRC, ISMS & Audit Readiness

ISO 27001, SOC 2, PCI DSS v4, GDPR, SOX, DORA. Scoped, designed, delivered, audited.

ISO 27001PCI DSS v4DORASOC 2

DevSecOps, Detection & Operational Resilience

Build security into the SDLC and run a detection capability boards understand. SAST/DAST, secure CI/CD, SOC playbooks, MTTR.

Secure pipelinesDetectionOperational resilience

The operating model

The same shape, every engagement.

Small senior team. Your board cadence. Audit-ready by design. We tell you up front when the right answer is "you don't need us for this".

Step 01

Diagnose

An 8-week initial scope. By week 8 you have an ISMS skeleton, a 90-day plan and a board-pack template.

Step 02

Deliver

Monthly retainer thereafter — typically 1.5 days/week with monthly board cadence. We hold the pen on the ISMS.

Step 03

Exit cleanly

When you hire a permanent CISO we transition with a 4-week shadow and an exit pack of artefacts.

Next step

Scope the lane that fits — in one conversation

No proposals, no pitching. We'll diagnose, scope, and price up front.

Book a discovery call Read the vCISO pillar →