Partners and technology we work with
We are a consulting firm, not a software reseller. Our revenue comes from the advisory and implementation work we deliver, never from the tools we recommend. When we put a platform in front of you, it is because it fits your environment, your framework, and your stage, not because it pays us to.
We stay tool-agnostic by default. Where the market has a clear leader, we say so, and we work with that platform directly so our clients get the benefit. Any partner or MSP pricing we can access is passed through to you in full. We do not mark it up and we do not take margin on licensing.
Every organization on this page has earned its place through delivery, not marketing. We work with partners who meet the standard we hold ourselves to: technical depth, operational reliability, and a track record we can verify.
Delivery and MSP partners
When an engagement needs hands-on managed IT, infrastructure, or security operations, we work with established managed service providers rather than stretching outside our remit. These are the partners we trust to deliver.
Aztek (UK)
A UK-based managed service provider delivering managed IT, network security, and infrastructure support, with security operations aligned to ISO 27001. We work with Aztek to extend hands-on managed services to our UK clients.
GXA (US)
A US-based managed service provider headquartered in Richardson, Texas. We work with GXA to deliver managed IT and security operations to our clients across the United States.
Security and compliance platforms
We implement and operate the leading security and compliance platforms. There is no single right answer. The platform we recommend depends on your framework, your tech stack, and your auditor. We have hands-on experience across all of these.
Vanta
Compliance automation for SOC 2, ISO 27001, HIPAA, GDPR, and more. We use Vanta to automate evidence collection and continuous control monitoring.
Drata
Compliance automation and continuous control monitoring across major frameworks. We deploy and operate Drata where it is the right fit for the client program.
Secureframe
Compliance automation covering SOC 2, ISO 27001, PCI DSS, HIPAA, and GDPR. We use Secureframe to stand up and maintain control evidence at speed.
JumpCloud
Cloud directory platform for identity, access, and device management. We use JumpCloud to enforce the access controls and endpoint posture that compliance frameworks require.
Prowler
The leading cloud security posture management for AWS, Azure, GCP, and Kubernetes. We use Prowler to continuously monitor our clients cloud security configuration and posture.
HostedScan
External vulnerability scanning and attack-surface monitoring. We run HostedScan as part of vCISO delivery to track external exposure continuously.
usecure
Security awareness training and phishing simulation. We run usecure to manage human risk across the client workforce as part of vCISO delivery.
Industry membership
Cloud Security Alliance
We are a member of the Cloud Security Alliance, the body that sets best-practice standards for cloud security. Our work draws on CSA frameworks including the Cloud Controls Matrix.
ISACA
Members of our team hold professional certifications from and maintain active membership with ISACA.
ISC2
Our consultants hold ISC2 certifications and maintain active ISC2 membership.
IAPP
Our privacy practitioners hold IAPP certifications and maintain active IAPP membership.