Welcome to EHJ & SJ Consultancy

Demystifying your
Cyber Security

Tailored ad-hoc, project and retainer based cyber security solutions.

At EHJ & SJ Consultancy Ltd we eat, sleep and breathe IT security!

Our range of flexible, digital security solutions include IT migration programmes, reviews on new or existing infrastructure, cloud-based risk assessments plus performing or co-ordinating security testing. We can also provide services to implement and undertake security DevOps.

We aim to demystify your cybersecurity issues by providing support, knowledge and practical hands-on assistance. We provide clients with a 360-degree security viewpoint and proactively encourage them to "shift to the left". This simple methodology ensures that robust security protocols are implemented from the start of any project, a critical step required to reduce risk and identify vulnerabilities.

Our services are delivered by experienced industry consultants with over 30 years of combined expertise in delivering security services to support IT and Critical Infrastructure and IT/software development. our personal and inclusive approach allows us to integrate effectively with both onsite teams and 3rd party suppliers.

State of the art project management tools support our inclusive project management process and allows us to respond contemporaneously to changes in scope whilst maintaining full visibility across any given project.

Simply put we love what we do!

What We Do

We’ve got everything you need to secure your business or organisation

Security Architecture Services

We offer a complete security architecture as a service to Clients wishing to know whether a current design has implemented procedures in-line with best security practices, or to ascertain whether your current Infrastructure requires a further assessment from a security domain specialist. We provide support in ensuring security design patterns are being utilised, perform threat modelling to determine security risks and assess whether the right controls are in place.

Security Test Management Services

Security test management is a complete end to end management of various security test procedures ranging from scoping of penetration tests using our CREST certified penetration testers, undertake ad-hoc or continuous and automatic vulnerability scanning to meet your compliance needs or undertake piecewise ethical hacking sessions to test your web or API applications. Our approach is to assess your needs and provide guidance on what method may suit your requirements. We also ensure the process is managed by us delivering you with key information in terms of business risk.

Audit, Risk & Compliance

Pertaining an inventory or understanding what Assets an organisation possesses is often difficult, complex and hard to manage as part of a standard BAU lifecycle. EHJ & SJ Consultancy are an experienced consultancy that has worked with multiple organisations to determine the best way to assess and audit organisations to ISO 27001, Cloud Security Alliance, Cyber Essentials, ISA 62443 and PCI-DSS. We perform gap analysis reviews on Security governance procedures and work to ensure organisations adopt a governance, risk & compliance processes in the management of security risks.

Security DevOps

Building security into the Software Development Lifecycle (SDL) is pivotal to ensuring vulnerabilities are mitigated from day zero and that an application conforms to best security practices. We offer services to any business wishing for us to consult on how best to design your applications whether this is mobile or web-based technology. We also offer a practical implementation on performing SecDevOps using our preferred approach to implementing security during continuous CI/CD pipeline deployments.

Recent Works

We love what we do, check out some of our latest works

Travelex Cloud Migration Programme

Cloud Security & Auditing

Working with Travelex Digital Transformation programme, EHJ & SJ Consultancy have been working with the Travelex teams to assess the current security posture of their cloud deployment, ensuring best practices are being adhered to based on a security risk assessing configurations and providing recommendations in the form of providing architecture solutions to ensure compliance with Financial regulations.

Santander PSD2: Open Banking

Application Security and SecDevOps

As part of Santanders Digital transformation to comply with the EU PSD2 programme, EHJ & SJ Consultancy were brought in to address security of the development lifecycle by adopting SAST/DAST principles into Santanders pipeline delivery methods. In addition to this, EHJ & SJ Consultancy provide solutions to the management and operation of the banks cryptography ensuring FCA compliance.

Tesco Banking

Web Security

As part of the on-going Security process for Tesco Banking, EHJ & SJ Consultancy were drafted in to undertake a threat model exercise to determine the security posture for Tesco Banks legacy Infrastructure. This resulted in providing an End-to-End security risk assessment to allow Tesco Bank to focus on potential areas prone to cybersecurity attacks.

Network Rail: TMS Project

Infrastructure Security Auditing

As part of the National Railway Infrastructure upgrade programme, Control centres required to be modernised with the latest technology to ensure the efficient running of the Railway is highly targeted by Hackers. Here at EHJ & SJ Consultancy, we were brought in to perform an audit to Network Rails Security Assurance Framework to determine whether the suppliers were providing systems which non-complaint to ISA 62443 and ISO 27002 standards. Performing this assessment against multiple suppliers ensured a complete supply risk assessment of the integrated design was undertaken in a timely manner.

Southern TMS ITT Bid

Security Architecture Services

Working with Stanway Consulting, EHJ & SJ Consultancy were invited to support Southern in their ITT Bid for a new Traffic Management System control centre. EHJ & SJ Consultancy were requested to define non-functional requirements for the invited suppliers of the bid, which involved drafting a Cyber Security strategy.

LUL Railway Control Systems

Security Architecture

Our previous involvement with London Underground Ltd was to create and implement a secure PLC system with system monitoring that was secure as part of the Train Describer upgrade programme on the SSL lines. We achieved this providing a fully-fledged TD system with real-time monitoring utilising some best practices taken from ISA 62443 to ensure overall compliance with LUL Security standards.

Our Clients

EHJ & SJ Consultancy has been honoured to work with these clients

Delivering quality whilst under time constraints is always a pressure, but EHJ & SJ Consultancy managed to do this whilst proactively promoting security as an organisational wide responsibility. Happy with the relationship we have with EHJ & SJ Consultancy and would recommend them on their ability to apply Application Security and Security Architecture services.

Author image
Eduardo Martinez Barrios Santander Payments & Industry Oversight - Open Banking

Ensuring security was taken seriously and implemented on a project that had no regard for cybersecurity was attributed to EHJ & SJ Consultancy's input on the TMS programme. We successfully managed to undertake a full security audit of our supplier's design and have the ability to assess the risks to the overall safety profile.

Author image
Network Rail TMS Programme Network Rail

EHJ & SJ Consultancy provided us with excellent input on how security can be built into a contract and what a security lifecycle looks like, something that has been missing for many years working on these types of Infrastructure projects.

Author image
Network Rail: Southern ITT Bid Stanway Consulting

Contact Us

Reach out for a new project or just say hello

Send Us A Message

Something went wrong. Please try again.
Your message was sent, thank you!

Contact Info

Where to Find Us

EHJ & SJ Consultancy, 2nd Floor Market Square, Aylesbury, HP20 1TN

Email Us At