WHO WE ARE

Specialist by design.

Our team combines deep technical expertise with proven client service delivery from leading advisory practices.

50+Years combined experience

WHAT WE DO

Understand your adversaries.
Measure the real impact.
Deploy solutions that work.

Three capabilities, deployed together or independently to translate risk insights into clear actions.

Understand

The threats you actually face

We identify the specific threats you face: who, how, and from where — whether from sophisticated cyber crime groups, insiders and accidents, through to changing regulations.

Learn more →

Measure

What impacts you could suffer

We translate technical risk into financial terms. What would an incident cost in operations, revenue, and recovery? We give leadership teams something concrete to work with.

Learn more →

Deploy

Solutions built around reality

The right answer is one you can implement. We design solutions around your risk appetite and budget, not what looks good in a report.

Learn more →

THE TEAM

Owner run and owner operated.

Jano Bermudes

Jano Bermudes

Security Architecture, OT

Deep technical background in security architecture and operational technology, having designed and assessed security programmes for some of the most complex industrial and critical infrastructure environments.

Cal McGuire

Cal McGuire

Strategy, Risk Quantification

Former Big Four adviser with extensive experience helping boards translate technology risk into commercial decisions, combining strategic advisory with quantitative risk modelling.

Freddie Witzmann

Freddie Witzmann

Crisis Exercising, Resilience

Specialist in crisis simulation and organisational resilience, designing and delivering exercises that test leadership response to high-impact cyber and technology events.

Samuel Kudláč

Samuel Kudláč

Threat Intelligence, Supply Chain Risk

Focuses on threat intelligence and supply chain risk, providing clients with an accurate picture of who poses a credible threat and how exposure moves through third-party relationships.

WHO WE WORK FOR

Trusted by organisations where the stakes are high.

Our clients span regulated industries, critical infrastructure and complex multinational environments. A non-exhaustive selection of representative engagements is shown below.

  • Critical National Infrastructure

    CNI cyber risk assessments and security architecture

    UK gas and electricity network

  • Financial Services

    Cyber supply chain risk management

    Central bank, leading G7 nation

  • Industrial Technology

    Global OT security assessment programme

    Swiss-based international industrial firm

  • Financial Services

    Regulatory-driven business continuity framework

    Multinational banking and financial services group

  • Retail & Consumer

    Data asset mapping and governance transformation

    British multinational food and fashion retailer

  • Financial Services

    Bespoke scenario development for threat-led penetration testing

    Global fintech and challenger banking group

  • Government

    Intelligence-led attack simulation to test organisational resilience

    UK central government department

  • Financial Services

    Outsourced cyber M&A due diligence service

    Leading global insurance corporation

  • Energy & Infrastructure

    Multi-year cybersecurity improvement programme

    UK and European renewable energy asset manager

  • Telecommunications

    Post-breach assessment and global remediation

    Global telecommunications provider

  • Financial Services

    Cyber insurance controls review and peer benchmarking

    Leading South African banking group

  • Private Equity

    Portfolio risk review and competitor benchmarking

    London-based international private equity firm

CASE STUDY

Designing a right-sized cybersecurity solution for thermal electricity generating sites at a price point that actually works.

Situation

A renewable infrastructure asset manager was early in their security journey with no in-house expertise. Unable to secure cyber insurance at an acceptable price, they faced real financial exposure. Engineering firms proposed solutions that were technically coherent but commercially unworkable, being too costly and too compliance-heavy to implement.

How We Worked

We went to the sites and worked directly with the people running them. Using a threat-informed business risk methodology, we established what an incident would cost the business, then designed a proportionate and scalable solution built around their risk and cost appetite. The result saved the client significant amount of money while delivering a step-change in their security posture.

What We Delivered
  • Cyber maturity assessment and loss quantification model
  • High-level architecture for a full cybersecurity solution
  • Revised minimum viable design, built around realistic threat scenarios and what the client could genuinely afford
  • Vendor selection support for required technical products
  • Implementation roadmap
What Changed
  • Projected spend reduced by two-thirds from millions of euros over three years to commercially acceptable one-off and recurring costs
  • Security responsibility transferred from onsite engineers to specialist vendors, so the solution holds regardless of staff turnover
  • Sites in a stronger position to prevent, contain and recover from an incident

Contact

If the problem is complex,
we should talk.

We work with a small number of senior leadership teams each year on high-value, high-stakes challenges. If yours is one of them, reach out.

info@ashcairn.comLinkedIn