We are EHJ & SJ Consultancy Ltd and pride ourselves in offering a range of digital security services
supporting a wide range of challenges business face, whether this is digital IT migration programmes
involving both data cen- tres and Cloud environments, deploy- ing new Infrastructure or wishing to
assess an existing IT environment. From understanding and implementing SecDevOps and application
security to performing security architecture reviews of your Cloud/data centre estate, we recognise
the problems our customers face.
Our team of security consultants have an extensive history working in IT and software development
combined with operational security experience allow- ing us to deliver tailored solutions or address
challenges our clients face. Regardless of the project size or challenge, we aim to ensure we listen
to your concerns and provide you with a service that will provide protection from threats using
innovative approaches in our methodology of delivery and ensure that infrastructure is secure.
Growing security issues within the IT landscape
We’ve been fortunate to work with clients in the finance, retail and e-com- merce sectors who are
undergoing digital transformations from migrat- ing from data centres to the Cloud or expanding the
‘as-is’ infrastructure utilising multiple Cloud environments. The growing trend we are currently seeing
in the industry associated with digital security issues are:
Lack of resources with the right skillsets to undertake security assurance reviews
Appropriate budgeting to address technical debt relating to both functional and security fixes
Awareness of the need to protect and manage data appropriate to the required criteria outlined
under EU General Data Protection Regulation (GDPR) and data regulations
In-sufficient security protection mechanisms in place that are managed using a dedicated
centralised security centre
Maturing of security operations teams to enhance the capability to detect and mitigate against
How do we address these issues? By helping our clients move to the left!
Here at EHJ & SJ Consultancy, we have been working within the IT security field for the past five
years with an approach that we wanted to be a con- sultancy that differed from many by offering a
more tailored and specialist set of services to our clients. We do this by using the common approach
of offering the mindset of trying to make clients to start thinking to the left, whereby security is
embedded from the beginning of any transfor- mation programme.
The benefits of ‘moving to the left’ are all about engagement from the word go with any project or
upgrade and allow security requirements to be defined and to also assess potential security risks
before any work has been undertaken. We specifically encourage this approach and have done so with
many of our clients in previous and current engagements.
Moving to the left is also about educa- tion individuals from the executive board down to the developers
writing code for business applications and there are many approaches here to begin changing the mindset
to the left, by using some of tried and tested approaches we have applied:
Undertake a security incident exer- cise with board members to simulate readiness to a cyber-attack
Undertake a workshop to do a basic threat model for developers or infrastructure architects on a simple design feature
Perform a gap assessment of an organisation’s infrastructure benchmarked against a set of security principles
At EHJ & SJ Consultancy, we live and breathe cybersecurity daily and this allows us to maintain
and continually challenge our knowledge of cyberse- curity. We provide a number of ser- vices within
the IT security sector that cover the following range of profes- sional services:
Security Architecture Services:
We offer our security architects as a professional service to anyone needing technical evluation of your IT
infrastructure, Cloud systems or design solutions. Our team of architects possess a broad range of certifications
ensuring we can offer experienced individuals or teams to support you technical security needs. We have built in
processes to ensure our architects provide formated artifacts that ensure security risk is highlighted and modelled
as part of a solution we offer.
Security Test Management Services:
Security test management is a complete end to end management of various security test procedures ranging from scoping
of penetration tests using our CREST certified penetration testers, undertake ad-hoc or continuous and automatic
vulnerability scanning to meet your compliance needs or undertake piecewise ethical hacking sessions to test your web,
API or Mobile applications. Our approach is to assess your needs and provide guidance on what method may suit your requirements.
We also ensure the process is managed by us delivering you with key information in terms of business risk.
Audit, Risk & Compliance:
Pertaining an inventory or understanding what Assets an organisation possesses is often difficult, complex and hard to
manage as part of a standard BAU lifecycle. EHJ & SJ Consultancy are an experienced consultancy that has worked with multiple
\organisations to determine the best way to assess and audit organisations to ISO 27001, CIS, Cloud Security Alliance,
Cyber Essentials, ISA 62443 and PCI-DSS. We perform gap analysis reviews on Security governance procedures and work to ensure
organisations adopt a governance, risk & compliance processes in the management of security risks.
SecDevOps and Application Security:
Building security into the Software Development Lifecycle (SDL) is pivotal to ensuring vulnerabilities are mitigated from
day zero and that an application conforms to best security practices. We offer services to any business wishing for us to
consult on how best to design your applications whether this is mobile or web-based technology. We also offer a practical
implementation on performing SecDevOps using our preferred approach to implementing security during continuous CI/CD pipeline
For those wishing to find out more about our services, get in touch or tag us on Twitter or message us on LinkedIn