We are EHJ & SJ Consultancy Ltd and pride ourselves in offering a range of digital security services supporting a wide range of challenges business face, whether this is digital IT migration programmes involving both data cen- tres and Cloud environments, deploy- ing new Infrastructure or wishing to assess an existing IT environment. From understanding and implementing SecDevOps and application security to performing security architecture reviews of your Cloud/data centre estate, we recognise the problems our customers face.

Our team of security consultants have an extensive history working in IT and software development combined with operational security experience allow- ing us to deliver tailored solutions or address challenges our clients face. Regardless of the project size or challenge, we aim to ensure we listen to your concerns and provide you with a service that will provide protection from threats using innovative approaches in our methodology of delivery and ensure that infrastructure is secure.

Growing security issues within the IT landscape

We’ve been fortunate to work with clients in the finance, retail and e-com- merce sectors who are undergoing digital transformations from migrat- ing from data centres to the Cloud or expanding the ‘as-is’ infrastructure utilising multiple Cloud environments. The growing trend we are currently seeing in the industry associated with digital security issues are:

• Lack of resources with the right skillsets to undertake security assurance reviews
• Appropriate budgeting to address technical debt relating to both functional and security fixes
• Awareness of the need to protect and manage data appropriate to the required criteria outlined under EU General Data Protection Regulation (GDPR) and data regulations
• In-sufficient security protection mechanisms in place that are managed using a dedicated centralised security centre
• Maturing of security operations teams to enhance the capability to detect and mitigate against attacks

How do we address these issues? By helping our clients move to the left!

Here at EHJ & SJ Consultancy, we have been working within the IT security field for the past five years with an approach that we wanted to be a con- sultancy that differed from many by offering a more tailored and specialist set of services to our clients. We do this by using the common approach of offering the mindset of trying to make clients to start thinking to the left, whereby security is embedded from the beginning of any transfor- mation programme.

The benefits of ‘moving to the left’ are all about engagement from the word go with any project or upgrade and allow security requirements to be defined and to also assess potential security risks before any work has been undertaken. We specifically encourage this approach and have done so with many of our clients in previous and current engagements.

Moving to the left is also about educa- tion individuals from the executive board down to the developers writing code for business applications and there are many approaches here to begin changing the mindset to the left, by using some of tried and tested approaches we have applied:

• Undertake a security incident exer- cise with board members to simulate readiness to a cyber-attack
• Undertake a workshop to do a basic threat model for developers or infrastructure architects on a simple design feature
• Perform a gap assessment of an organisation’s infrastructure benchmarked against a set of security principles

At EHJ & SJ Consultancy, we live and breathe cybersecurity daily and this allows us to maintain and continually challenge our knowledge of cyberse- curity. We provide a number of ser- vices within the IT security sector that cover the following range of profes- sional services:

Security Architecture Services:

We offer our security architects as a professional service to anyone needing technical evluation of your IT infrastructure, Cloud systems or design solutions. Our team of architects possess a broad range of certifications ensuring we can offer experienced individuals or teams to support you technical security needs. We have built in processes to ensure our architects provide formated artifacts that ensure security risk is highlighted and modelled as part of a solution we offer.

Security Test Management Services:

Security test management is a complete end to end management of various security test procedures ranging from scoping of penetration tests using our CREST certified penetration testers, undertake ad-hoc or continuous and automatic vulnerability scanning to meet your compliance needs or undertake piecewise ethical hacking sessions to test your web, API or Mobile applications. Our approach is to assess your needs and provide guidance on what method may suit your requirements. We also ensure the process is managed by us delivering you with key information in terms of business risk.

Audit, Risk & Compliance:

Pertaining an inventory or understanding what Assets an organisation possesses is often difficult, complex and hard to manage as part of a standard BAU lifecycle. EHJ & SJ Consultancy are an experienced consultancy that has worked with multiple \organisations to determine the best way to assess and audit organisations to ISO 27001, CIS, Cloud Security Alliance, Cyber Essentials, ISA 62443 and PCI-DSS. We perform gap analysis reviews on Security governance procedures and work to ensure organisations adopt a governance, risk & compliance processes in the management of security risks.

SecDevOps and Application Security:

Building security into the Software Development Lifecycle (SDL) is pivotal to ensuring vulnerabilities are mitigated from day zero and that an application conforms to best security practices. We offer services to any business wishing for us to consult on how best to design your applications whether this is mobile or web-based technology. We also offer a practical implementation on performing SecDevOps using our preferred approach to implementing security during continuous CI/CD pipeline deployments.

For those wishing to find out more about our services, get in touch or tag us on Twitter or message us on LinkedIn