🔒 Client Login

How We Engage

Every engagement is different. Rather than a single rigid methodology, we adapt to the type of support you need — from formal CE/CE+ certification through our Certification Body partners, to strategic retainers and technical assessments. Below are the five engagement models we typically operate under.

1

CE/CE+ Consultation & Advisory

Pre-certification and advisory support for organisations preparing for Cyber Essentials or Cyber Essentials Plus. This is a pure advisory engagement — we assess your readiness, identify gaps, guide technical remediation, and prepare your team to meet the scheme requirements.

  • Scope definition and boundary scoping guidance
  • Gap assessment against current CE/CE+ question set
  • Technical remediation guidance (patching, MFA, firewall rules, malware protection)
  • Evidence preparation and document review
  • Pre-assessment dry run and readiness sign-off
  • Suitable for organisations approaching CE for the first time or preparing for renewal
2

CE/CE+ Delivery via Trusted Certification Body Partners

Where formal CE or CE+ certification is required, we deliver assessments through our trusted Certification Body (CB) partners. Wayne holds CE Assessor and CE+ Lead Assessor status, with the ability to conduct DCC Level 0 assessments. Formal certification is issued by the CB once the assessment is complete.

  • Full CE or CE+ assessment conducted by Wayne as Lead Assessor
  • DCC Level 0 assessments available
  • Works alongside or independently of your internal IT team
  • Access to multiple CBs for independence and flexibility
  • IASME Governance assessed alongside CE+ where required
  • Suitable for MOD supply chain, publicly funded bodies, or commercially mandated CE+
3

Vulnerability Assessment

Structured, tool-assisted vulnerability assessments of your network perimeter, internal infrastructure, endpoints, or cloud estate. Results are triage and risk-ranked. Delivered as a standalone engagement or as part of a broader security programme.

  • Scope agreement (external, internal, cloud, or hybrid)
  • Authenticated and unauthenticated scanning using Tenable / Nessus and Nmap
  • Risk-ranked findings with CVSS context
  • Remediation guidance prioritised by exploitability and business impact
  • Executive summary and technical detail in the same report
  • Optional re-scan to verify remediation
4

Project-Based Consultancy

A defined-scope engagement to address a specific security challenge, initiative, or compliance requirement. Typical examples include a security architecture review, a new service build review, a governance framework assessment, or an NCSC-aligned cloud security evaluation.

  • Scoping session to define deliverables and acceptance criteria
  • Structured assessment or architecture review
  • Written findings and recommendations report
  • Optional debrief session with technical and leadership teams
  • Based on a fixed-price or capped day-rate depending on complexity
  • Aligned to NCSC CAF, CIS Controls, ISO 27001, or bespoke frameworks as appropriate
5

Draw-Down Retainer

For organisations that need reliable, senior security input on an ongoing basis without the overhead of a full-time hire. A monthly retainer gives you access to Wayne directly — for advisory calls, document reviews, incident guidance, supplier assurance, and security decisions as they arise.

  • Agreed monthly capacity (e.g. 1, 2, or 4 days per month)
  • Priority response for urgent queries
  • vCISO-style oversight including board reporting and stakeholder assurance
  • Covers governance, technical reviews, vendor questionnaires, policy review
  • Unused days can roll over (subject to agreement)
  • Ideal for SMBs, MSPs, and regulated organisations without in-house security leadership

Our Core Principles

🎯

Risk-Driven

We focus on material risks to your business. Recommendations are proportionate, not padded to justify fees.

🤝

Pragmatic

We work within your constraints — budget, team capacity, and existing technology. Advice is actionable, not theoretical.

📊

Evidence-Based

Every finding is backed by evidence. Every recommendation has a clear rationale mapped to risk or requirement.

??

Independent

No vendor affiliations. No conflicts of interest. You get objective advice based solely on your needs.

📙

Knowledge Transfer

We leave your team better equipped than when we arrived. Building internal capability is part of every engagement.

Principal-Led

Wayne delivers every engagement directly. No junior staff, no handover mid-project. One point of contact, consistent quality.

Not Sure Which Model Fits?

Get in touch and we’ll recommend the right engagement approach for your situation, budget, and timescales.

Get in Touch +44(0)7346 808791