Technology Risk · Resilience · Advisory

Understand
the risk.
Measure the impact.
Fix what matters.

Ashcairn works directly with leadership teams to identify what could go wrong, fix what needs fixing, and build the capability to handle what comes next.

Work with us → What we do →
Who we are

Boutique by design.
Senior by default.

Our team blends deep technical expertise and client service experience, gained from years of delivery in leading advisory firms.

What we do

Building long-term revenue
protection and operational resilience.

Understand
The threats you actually face

We identify the specific threats you face: who, how, and from where — whether from sophisticated cyber crime groups, insiders and accidents, through to changing regulations.

Measure
What impacts you could suffer

We translate technical risk into financial terms. What would an incident cost in operations, revenue, and recovery? We give leadership something concrete to work with.

Solve
Solutions built around reality

The right answer is one you can implement. We design solutions around your risk appetite and budget, not what looks good in a report.

Our team

The people behind the advice.

Careers built across the major advisory firms. When you work with Ashcairn, you work with us — directly.

Jano Bermudes
Jano Bermudes

Advises boards and executive teams on technology risk, cyber crime, insider threats, and operational resilience. Former Big Four advisory, insurance, and legal sector experience across critical infrastructure and security architecture.

Jano Bermudes
Technology Risk Critical Infrastructure Security Architecture
Cal McGuire
Cal McGuire

Quantifies the financial impact of cyber and operational risk for boards and senior leadership. Former Marsh, PwC, and KPMG. Deep expertise across financial services, retail, manufacturing, and PE-backed businesses.

Cal McGuire
Risk Quantification Risk Transfer M&A
Freddie Witzmann
Freddie Witzmann

Specialist in cyber readiness and regulatory compliance within financial services. Former Capgemini, Marsh, and CyXcel. Led hundreds of cyber exercises and simulations for major organisations as Head of Cyber Exercise and Preparedness at Marsh.

Freddie Witzmann
Operational Resilience Crisis Simulation Regulatory Compliance
Samuel Kudláč
Samuel Kudláč

Provides boards and senior leadership with intelligence-led assessments of the threats that matter. Translates geopolitical dynamics into actionable insight for executive decision-making. Professional background in threat intelligence and supply chain cyber risk management.

Samuel Kudláč
Threat Research Geopolitics Strategic Intelligence
Who we work for

Extensive experience across
industries and client challenges.

Critical National Infrastructure
CNI cyber risk assessments and architecture
UK Gas and Electricity Network
Financial Services
Cyber supply chain risk management
Central bank, leading G7 nation
Industrial Technology
Global OT security assessment programme
Swiss-based international industrial firm
Financial Services
Regulatory-driven business continuity framework
Multinational banking and financial services
Retail & Consumer
Data asset mapping and governance transformation
British multinational food and fashion retailer
Financial Services
Bespoke scenario creation for threat-led penetration testing
Global fintech and challenger banking group
Government
Intelligence-led attack simulation to test resilience
UK central government department
Financial Services
Outsourced cyber M&A due diligence service
Leading global insurance corporation
Energy & Infrastructure
Multi-year cybersecurity improvement programme
UK and European renewable energy asset manager
Telecommunications
Global post-breach assessment and remediation
Global telecommunications provider
Financial Services
Cyber insurance controls review and peer benchmarking
Leading South African banking group
Private Equity
Portfolio risk review and competitor benchmarking
London-based international private equity firm

A non-exhaustive selection of engagements · Further detail available on request

Featured case study

Supporting a renewable infrastructure asset manager to uplift cybersecurity across thermal electricity generating sites

The situation

The client was early in their security journey with no in-house expertise. Unable to secure cyber insurance at a workable price, they faced real financial exposure. Previous vendors had produced solutions that were technically coherent but commercially undeliverable. Too costly and too compliance-heavy to actually implement.

How we worked

We went to the sites and worked directly with the people running them. Using a business risk-based methodology, we worked out what an incident would actually cost — then designed a right-sized security approach built around what the client could genuinely deliver. We stripped back anything that existed to look good rather than to work.

What we delivered
Cyber maturity assessment and loss quantification model
High-level architecture for a full cybersecurity solution
Revised minimum viable design, built around what the client could afford
Vendor selection support for required technical products
Transformation delivery framework
What changed
Projected costs reduced from multiple millions of EUR over three years to commercially acceptable one-off and recurring values
Security responsibility moved from onsite engineers to specialist OT vendors, so the solution holds regardless of who leaves
Sites in a meaningfully stronger position to prevent or recover from an incident
Get in touch

If the problem
is complex,
we should talk.

info@ashcairn.com linkedin.com/company/ashcairn

Why Ashcairn

We take on a small number of engagements each year. If you are working through something that needs a clear head and a senior one, reach out.

Start a conversation →