Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Let’s get one thing out there from the get-go. Being a Bulletproof consultant is awesome. I haven’t been coerced to say that. I mean, let’s start with that brand name. How cool is it to say I work for Bulletproof? I have several T-shirts with the logo emblazoned across the chest. Sometimes, I even wear them on a non-work day.
Since starting the role, the most common question I get asked is ‘what exactly do you do?’ Mainly by my friends and family who don’t quite understand what compliancy is.
A lot of people think that compliance is boring, entailing little more than reading long, complicated documents and then going out and telling people about them. The reality is much different. Well, I do actually do those things, but it’s more exciting than it sounds.
I get to travel up and down the UK (and will soon be venturing into other countries once our plans for world domination come to fruition) meeting new people that are carrying out some really interesting work. I attend cyber security conventions (like the IP Expo), and learn new things each and every day. It turns out I occasionally write blogs too.
So, what do Bulletproof compliance consultants do?
The world of cyber security is an exciting, ever-changing industry that’s only going to get bigger. There is now so much sensitive data flying about the place, seemingly beyond our control, that it can be scary at times. So, it’s no surprise then that compliance has become a big business too. People are starting to take data protection seriously and rightfully so. The arrival of GDPR is testament to that, adding several other branches of compliance to an already broad and varied area. Bulletproof were already helping businesses become compliant in the likes of PCI DSS and ISO 27001, so naturally, we added GDPR and DPO services to our repertoire.
This of course, meant more reading and more qualifications. The GDPR legislation alone boasted a whopping 88 pages. Other materials around this soon flooded in, along with webinars and all manner of talks. All this reading of course means we get more letters after our names. Among our qualifications we have: CIIP (Certified ISO Implementation Practitioner), GDPR EU F and P (Foundation and Practitioner), BSc degrees in the likes of Forensic Computing, and more. With a Bulletproof compliance officer, you get a wealth of practical experience and a vast amount of knowledge.
But how do we put that knowledge to use?
The real test for a compliance consultant comes when you find yourself face-to-face with a client who looks to you for all the answers. If a client asks what they need to do in order to meet the requirements of GDPR’s Article 5, you can’t ask them to standby whilst you frantically Google. We’re the experts after all.
One service Bulletproof provides is a gap analysis. A company needing to meet or maintain compliance with a certain standard need to know where they are in comparison to where they need to be. GDPR has a been a big one in the last few years and my GDPR gap analysis engagements have involved heading out to client sites and speaking with a variety of people. Everyone from frontline staff to Directors need to give various levels of input along the way. Personally, this is my favourite part of the job: travelling and meeting new people.
Once I’m there, I must find out what’s going on, what data is stored and where, what controls are in place, what policies are available to the public and what is in them. We get right down to the nitty-gritty. We have to pick up on anything and everything. Why is that USB on that desk out in the open? What’s stored on it? Is it encrypted? That USB could be what causes a company to be considered non-compliant. In some respects, we could be considered professional pedants, but when non-compliance could lead to extremely hefty fines, it pays to be pedantic. No one wants to live my recurring nightmare of being fined £20 million by the ICO.
For some, a gap analysis is all they need and that’s fine. However, there are businesses that need that little bit of extra support. That’s where implementation comes in. In a nutshell, implementation is designed to help create the documents needed to be enforced across a business to help achieve compliance. We can provide advice on what controls need to be in place in terms of security, what policies and procedures should be implemented and even help with data mapping. Just having these documents and processes doesn’t automatically make you 100% compliant, but it certainly gives you a significant push on the way to achieving it.
The scale of the work involved largely depends on the findings of the gap analysis, but I usually end up putting together and providing a combination of:
Naturally, there’s a lot of things only members of the business can decide and put together, but by providing the above, it gives them a pretty good starting to point. Combine this with the gap analysis report and you’ll have a detailed and accurate to-do list.
Throughout my working life, I’ve always looked for the opportunity to pass on knowledge. I get a real kick out of seeing someone go on to bigger and better things as a result of the training that I’ve given them. It’s just as well then that part of a compliance officer’s job is to arrange and host training sessions. We can cover a wide variety of topics from GDPR (I know I keep mentioning that, but it’s still new and companies are still struggling to get to grips with it), Cyber Essentials and even general cyber security training.
The key thing for me is, if the trainer doesn’t give it their all, then the trainees won’t get the most out of the session. Our training is upbeat, involved and delivered in ways that help everyone, no matter their position, come out knowing everything they need to know. For training to be effective, it needs to be engaging. When it comes to something like GDPR, Cyber Essentials or other security training, a simple PowerPoint will not be enough. If a customer is paying for a training scheme, I feel it needs to be something different. It needs to be something only we can provide. If it’s just reading through a few work sheets that can be sent as attachments, is it really training?
Data breaches are often caused by human error, and how that aftermath is handled will really impact how lenient the regulatory bodies are going to be. Good training will lower the risk of the former and improve the latter.
A relatively new job that has emerged on the compliance landscape is the Data Protection Officer (DPO). Not every company needs to have a DPO, but everyone would benefit from appointing one. Their role is to manage and oversee all things data protection. They’ll ensure the data is kept as securely as possible, regularly update the relevant policies and procedures, liaise with data subjects (the likes of you and me) and manage any fallout should a breach occur. They will be the first point of contact for anything relating to personal data (of both customers and employees) and will ensure all other staff members are aware of their responsibilities and duties regarding such.
Whilst an existing member of staff can be appointed a DPO (providing there’s no conflict of interest with their main role), or a specific person can be hired to fulfil this role, many companies are finding it far more cost effective to outsource this role. We provide DPO services for numerous companies and ensure we know everything we need to know to ensure peace of mind.
Being a DPO for multiple companies requires a few of things:
I could go on and on about being a DPO, and we've already written a couple of blogs about appointing a DPO and being a DPO.
On top of GDPR and DPO consultancy, we offer Cyber Essentials packages and can oversee other cyber security projects, such as PCI DSS compliance or ISO 27001. All our services are related in the sense that they’re all about keeping data secure through a mix of technical components, management processes and documentation.
These services do differ slightly in terms of implementation and practice and they serve different purposes. They warrant a blog post themselves, which I’ve already started, so I won’t go into too much detail here.
So here we are. Back where we started, with that question ‘What exactly do you do?’
In short, we help companies achieve their goals through an interesting blend of documentation, on-site interaction and training, and lending our technical expertise. We strive to make our engagements interesting, effective and low cost in order to help small to medium-sized businesses get through that obstacle course that is compliancy. Overall, the job of a compliance consultant is very rewarding. It makes you feel like you’ve not only made a difference to that company, but you’ve played a key role in protecting everyone that works for and uses that business.
As you can see, there’s a lot to it. No project is the same and we have worked with businesses from just about every industry. So, if you’re struggling with compliance, be it GDPR or Cyber Essentials, get in touch.
p.s. Yes, that is me in the banner picture of this blog. Hi.
Luke is Bulletproof’s Head of Compliance, and can often be found coming up with new, innovative, and entertaining ways to evolve our compliance services portfolio. His passion for compliance and business insights always comes through in his articles.
Find out how to secure your business in 10 steps with our free best practice infographic.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.