// OVERVIEW

Security That Doesn't Get In the Way of Business

Most small businesses don't have an in-house security team — and most attackers know it. We give you the same defensive posture as a much larger company: an audit to find what's already broken, a pentest to see how an attacker would walk in, 24/7 monitoring so you don't find out about a breach from your customers, and the paperwork to pass Cyber Essentials when procurement asks.

// WHAT'S COVERED

Where We Look

Public Web SurfaceOWASP Top 10, SSL grade, security headers, exposed admin panels.
WordPress & CMSPlugin vulns, weak credentials, file-permission audit, brute-force exposure.
Server & InfraOpen ports, outdated services, weak TLS, missing patches.
Identity & AccessMFA gaps, leaked credentials in public dumps, stale admin accounts.
Detection & ResponseReal-time alerting on suspicious behavior — before it becomes incident.
Compliance PostureCyber Essentials, GDPR-relevant controls, written policies your insurer wants.

// OUR PROCESS

How an Engagement Runs

01

Scope & Authorize

Written authorization, target list, time window. We do not touch anything outside scope.

02

Discover

Recon, fingerprinting, vulnerability scanning — passive first, active with permission.

03

Test & Validate

Manual verification of every finding. No copy-pasted Nessus reports.

04

Report & Fix

Plain-English report with severity, proof, and a prioritized fix list. Re-test included.

// PRICING

One-Shot Engagements

Transparent project pricing. Custom scopes available on request.

Security Audit

^£799

one-time

OWASP Top 10 web scan
SSL / headers grading (A+ target)
WordPress / CMS hardening review
Written report with fix list
Manual exploit verification
Re-test after remediation

Book an Audit

Penetration Test

^£2499

one-time

Black-box external pentest
Authenticated app-layer testing
Manual exploit verification
Severity-scored findings (CVSS)
Remediation plan + re-test
Executive + technical reports

Request a Pentest

Cyber Essentials Prep

^£999

one-time

Cyber Essentials gap analysis
Self-assessment paperwork drafted
Technical controls hardening
Internal policy templates
Pre-submission review
Certification body fee (separate)

Get Cert-Ready

// MONTHLY — RECOMMENDED

Managed Threat Monitoring

24/7 endpoint & web monitoring powered by our in-house AI-MDR platform. Wazuh agent on your servers, AI-triaged alerts, real human on the response side. The difference between "we got hacked last night" and "we blocked them at 3 AM."

✓
Wazuh agent on every endpoint & server
✓
AI-triaged alerts — only the real ones reach you
✓
Auto-response playbooks (IP block, host isolate)
✓
Monthly threat-posture report

^£299

per month · up to 10 endpoints

Start Monitoring

Add'l endpoints from £15/mo each

// DELIVERABLES

What You Actually Receive

Every engagement ships with the following — readable by both your dev team and your board.

Executive summaryOne page, plain English. The risks, the impact, the priority. For decision-makers.

Technical findings reportEvery finding with CVSS score, reproduction steps, screenshots, and a concrete fix.

Prioritized remediation planWhat to fix first, what can wait. No 200-page PDF of "informational" noise.

Free re-testOnce you ship the fixes, we re-verify and update the report — no extra invoice.

Security headers configCSP, HSTS, X-Frame-Options drop-in — ready for your web server.

Credential exposure checkHIBP + paste-site sweep for leaked staff/customer emails & passwords.

Policy templatesAcceptable-use, incident-response, password policy. Copy, customise, sign.

Written authorization scopeEvery engagement signed off in writing — your legal team will sleep better.

// METHODOLOGY

Built on industry standards

We don't make security up as we go. Every engagement maps to recognised frameworks.

OWASP Top 10 Cyber Essentials NIST CSF CIS Controls PTES ISO 27001-aligned

// FAQ

Common Questions

Will testing take my website down?

No. We use safe, throttled testing methods on production and run intensive checks against a staging copy where one exists. We never run destructive payloads (DoS, mass deletion) without explicit written sign-off.

How long does an audit take?

A standard website audit takes 3–5 working days from authorization to report delivery. Penetration tests run 5–10 working days depending on scope. Managed monitoring is live the same day the agent is installed.

Are you Cyber Essentials certified?

We help businesses pass Cyber Essentials certification — we don't sell the certification itself (that comes from an IASME-licensed body). Our prep service gets your technical controls, paperwork and policies ready so the audit is a formality.

What if you find something serious mid-engagement?

We stop and call you the same day. Critical findings (active compromise, exposed credentials, exploitable RCE) are flagged immediately — not held until report delivery.

Do you do offensive work for third parties?

No. Every engagement requires written authorization from the legal owner of the target. We do not test systems you do not own, and we do not develop offensive tooling for sale.

Can monitoring integrate with our existing tools?

Yes. We can forward alerts to Slack, Microsoft Teams, PagerDuty, email, or a webhook of your choice. We also export SIEM-format logs if your team wants raw data.

Cybersecurity Services

Security That Doesn't Get In the Way of Business

Where We Look

How an Engagement Runs

Scope & Authorize

Discover

Test & Validate

Report & Fix

One-Shot Engagements

Managed Threat Monitoring

What You Actually Receive

Built on industry standards

Common Questions

Find out what an attacker would see.