From boardroom to classroom - we bring a wealth of experience to the table
25 year veterans of cyber-security – and having been on the front line: designing, building and running secure websites and applications to process business-critical and personal data for some of the most cyber-targeted organisations on the planet – we have a unique insight into the tactics, techniques and procedures (TTPs) used by cyber criminals today.
From the German and Japanese car industries, the global diamond industry, international and off-shore finance, through to the UK government – we have been pitched against everything from script kiddies to motivated and well-financed international gangs who have openly contacted our clients to annouce that they will be disrupting their operations.
With experience throughout the supply chain, we have worked as both poacher and game-keeper – both setting and delivering against standards and frameworks such as ISO27001 and 27005. This has given us a unique insight into the strengths and weaknesses of every part of the value chain from the consuming enterprises, through cloud and managed services providers right down to the micro-businesses and sub-contractors that are often the real providers.
Training and education services
Education is a key part of our services – and one which generally gives the biggest added value for our clients. From educating users about the dangers of phishing attacks to giving a heads up to development teams on secure coding – by leaving clients better informed, we reduce the need for constant interventions and hand-holding. We are not a managed services company looking to upsell you into big contracts – saving our clients money on services they don’t need.
At Brandfire, we love talking about cyber security so much we don’t normally charge for training – in fact to date we have only ever asked for a small contribution towards our travel and subsistence costs. How does this work in practice? A well-researched and interactive training course can be a great way for you to get to know us and for us to get to know you. It can be a successful start to a productive, long term relationship with a new client.
Supply chain auditing
We can provide auditing beyond the simple pen-and-paper self-assessment exercises often sent out to third party suppliers. We’ve been lucky enough to be behind the scenes when enterprises have created a set of standards that are closer to ‘wishful thinking’ than reality – usually met square on by third parties who have then ‘creatively’ assessed their capabilities to match.
We can ask the right questions and help move all parties on positively. This isn’t a witch-hunt designed to weed out suppliers – this is about understanding the constraints that supply chains work under and helping everyone to join the dots, creating an cyber security roadmap that everyone can subscribe to.