EHJ & SJ Consultancy, detail the range of Digital Security Services they offer, such as IT migration programmes involving data centres and Cloud environments
We are EHJ & SJ Consultancy Ltd and pride ourselves in offering a range of digital security services supporting a wide range of challenges business face, whether this is digital IT migration programmes involving both data centres and Cloud environments, deploying new Infrastructure or wishing to assess an existing IT environment.
From understanding and implementing SecDevOps and application security to performing security architecture reviews of your Cloud/data centre estate, we recognise the problems our customers face.
Our team of security consultants have an extensive history working in IT and software development combined with operational security experience allowing us to deliver tailored solutions or address challenges our clients face.
Regardless of the project size or challenge, we aim to ensure we listen to your concerns and provide you with a service that will provide protection from threats using innovative approaches in our methodology of delivery and ensure that infrastructure is secure.
Growing security issues within the IT landscape
We’ve been fortunate to work with clients in the finance, retail and e-commerce sectors who are undergoing digital transformations from migrating from data centres to the Cloud or expanding the ‘as-is’ infrastructure utilising multiple Cloud environments.
The growing trend we are currently seeing in the industry associated with digital security issues are:
- Lack of resources with the right skillsets to undertake security assurance reviews.
- Appropriate budgeting to address technical debt relating to both functional and security fixes.
- Awareness of the need to protect and manage data appropriate to the required criteria outlined under EU General Data Protection Regulation (GDPR) and data regulations.
- In-sufficient security protection mechanisms in place that are managed using a dedicated centralised security centre.
- Maturing of security operations teams to enhance the capability to detect and mitigate against attacks.
With these growing trends, we actively try and correlate our findings and experiences working with clients to ensure we can assess the best approaches to offering the right set of security services to new clients. We find that if an issue has been present in one or more of our clients from previous encounters, then there must be other clients facing the same issues. Our ability to learn from our experiences ensures we offer the best approach in providing a secure yet cost-effective solution to addressing challenges faced by many businesses.
How do we address these issues? By helping our clients move to the left!
Here at EHJ & SJ Consultancy, we have been working within the IT security field for the past five years with an approach that we wanted to be a consultancy that differed from many by offering a more tailored and specialist set of services to our clients. We do this by using the common approach of offering the mindset of trying to make clients to start thinking to the left, whereby security is embedded from the beginning of any transformation programme.
The benefits of ‘moving to the left’ are all about engagement from the word go with any project or upgrade and allow security requirements to be defined and to also assess potential security risks before any work has been undertaken. We specifically encourage this approach and have done so with many of our clients in previous and current engagements.
Moving to the left is also about education individuals from the executive board down to the developers writing code for business applications and there are many approaches here to begin changing the mindset to the left, by using some of tried and tested approaches we have applied:
- Undertake a security incident exercise with board members to simulate readiness to a cyber-attack.
- Undertake a workshop to do a basic threat model for developers or infrastructure architects on a simple design feature.
- Perform a gap assessment of an organisation’s infrastructure benchmarked against a set of security principles.
What services do EHJ & SJ Consultancy Ltd provide?
At EHJ & SJ Consultancy, we live and breathe cybersecurity daily and this allows us to maintain and continually challenge our knowledge of cybersecurity. We provide a number of services within the IT security sector that cover the following range of professional services:
Security Architecture Services: We offer our security architects for one-off project evaluations or for on-going long-term consultations in providing continuous technical knowledge on either securing your infrastructure or to assess and evaluate solutions requiring a security specialist review. We have a range of security architects that work specifically in certain domains such as network/telecoms, cloud systems and software applications ensuring we have a wide knowledge landscape to assist our clients.
Audit, Risk and Compliance: Whether a need is to assess alignment to ISO27001 or be compliant with PCI-DSS, we offer consultants to undertake and manage audits on organisations to perform assessments and provide gap analysis with recommendations to help organisations achieve their compliance needs.
Security Testing Management Services: We offer the complete end to end management of security testing by utilising our approved penetration providers who are CREST certified. The benefit of our testing service is that we examine the system before testing to understand technically the system to be tested. We define the test scope to ensure the penetration tester fully understands the system and then pair with the penetration tester to ensure we utilise the full attack surface of the system, providing value for money. We also undertake and manage vulnerability scanning of both external and internal systems covering web, API and network/OS infrastructure.
Digital Technology Solutions: Whilst we are predominantly a security consultancy, we believe in ensuring all systems should be designed and built securely. That’s why with our knowledge of how systems work and what makes them insecure, we offer Solution Architecture as a Service.
Application Security and SecDevOps: Continuing on the theme of moving to the left, we can offer our application security consultants to assist clients in building secure software applications. We also provide SecDevOps as a service whereby we can either build out a security-based pipeline for automated delivery of software with continuous security testing or advise clients about pushing an organisation to the left by automating security testing in their software development process.
Please note: This is a commercial profile