Frequently Asked Questions

WHAT OUR CLIENTS ASK US

Frequently Asked Questions.

These are some of the key questions we get asked by clients. If your question isn't covered here, please get in touch.

What kind of organisations do you work with?

We work with organisations of all sizes, from small businesses to larger enterprises. Our focus is on helping smaller organisations build practical, proportionate security capabilities that fit their unique needs and constraints.

What services do you offer?

We offer a range of services including security assessments, virtual CISO support, security programme development, detection engineering, SOC strategy, and cyber resilience consulting. We tailor our services to meet the specific needs of each client.

How do you usually start working with a new client?

We typically begin with a short discovery call to understand your context, risks, and constraints. From there, we recommend a lightweight assessment or workshop so we can map your current position, clarify priorities, and propose a focused plan rather than a long list of best-practice tasks.

Do we need a full-time security team to work with you?

No. Many of our clients have little or no dedicated security headcount. We help you make the best use of the people and tools you already have, then build capability step by step so that security becomes part of how you work, not a separate empire.

What is a virtual CISO and how is it different from an internal CISO?

A virtual CISO gives you senior security leadership on a fractional basis. You get the same strategic guidance, board-level support, and decision-making help as a full-time CISO, but sized to your budget and stage of maturity, with clear time commitments and outcomes.

Can you help with specific standards or certifications, like Cyber Essentials or ISO 27001?

Yes. We regularly help organisations prepare for and maintain Cyber Essentials, and can support ISO 27001 and other frameworks where they are a good fit. Our focus is on making sure controls are practical and genuinely useful, not just box-ticking for an audit.

Do you work remotely, on-site, or a mix of both?

Most of our work is done remotely, which keeps costs down and allows us to respond quickly. Where it adds value, such as workshops, stakeholder sessions, or key reviews, we can also work on-site by agreement.

How do you price your services?

We prefer transparent, fixed-fee engagements wherever possible, based on clear scope and outcomes. For ongoing support, such as virtual CISO services, we typically agree a monthly retainer tied to a defined number of days and deliverables, rather than open-ended time and materials.

Can you help us use AI and generative AI safely?

Yes. We help you understand where AI is already in use, what new risks it introduces, and how to put sensible guardrails around prompts, data, and tooling. The goal is to let your teams benefit from AI while avoiding data leakage, abuse of tools, or unexpected attack paths.

How do you measure whether security improvements are working?

We focus on clear, testable outcomes. For example, how quickly you detect and respond to specific attack scenarios, whether key controls are operating as expected, and whether teams can follow agreed playbooks under pressure. Wherever possible we use small experiments and detection engineering to prove that changes work in practice, not just on paper.

Let's Create Something Together

Whether you're looking for a full-service cybersecurity solution or just need some guidance on how to improve your security posture, we're here to help. Contact us today to learn more about our services and how we can help you achieve your security goals.