top of page

Case Studies

We’re fortunate to work with some of the best clients around!

Our team includes experts who are ready to help find cyber solutions for your business.

Check out our case studies below and get in touch with questions.

We implemented Azure DevOps to deploy the agreed architecture as infrastructure as code, establishing Azure Landing zones to achieve the desired policy driven governance.

Beyond this we have also worked with Clarion in an advisory capacity to assist with various aspects of their journey towards a stronger and more effective security posture.

Clarion

Clarion is an international business based in London, with a portfolio of events and media brands across a range of vertical markets. Clarion has employees based in offices worldwide who specialized in delivering first class marketing, networking and information solutions in high value sectors, both in mature and emerging geographies.

By gaining an understanding of their business operations and risk appetite we were able to tailor a long term strategy that has significantly improved their overall security posture which we are constantly monitoring and improving to this day. 

In addition to this we have also suggested and implemented changes that have afforded savings of circa £20,000 per year.

JParker's

JParker’s is a one stop shop for garden plants and bulbs. They offer a comprehensive range of spring flowering bulbs, winter bedding plants, perennials, shrubs, roses and fruit.

Our team successfully delivered a compliant risk assessment to the ISA/IEC 62443 standard, identifying risks along with tangible economic solutions for the trains manufacturer to implement. The findings from our assessment not only highlighted areas of vulnerabilities, but also provided a roadmap for enhancing the security posture of the Class 196 train fleet. This comprehensive approach ensured that potential threats were mitigated, enhancing the safety and reliability of the fleet for both WMT and its passengers.

ISA/IEC 62443-3-2: Securing West Midlands Class 196 Train Fleet

Detailed security risk assessment resulting in risks identified and solutions provided to remediate the safety and security of the new Class 196 train fleet

As part of our support, we were able to ensure RSA’s Cyber requirements for achieving and maintaining compliance using various security protection was upheld when deploying a fleet of 20,000 laptops. We also undertook a security evaluation audit, ensuring the new O365 accounts were conforming to RSA’s Information Security requirements to ensure the program could continue with the Digital Migration. We also developed and managed the deployment of a combination of migration endpoint security metrics into a centralized SIEM platform using ELK configured to provide alerting in this area.

Travelex

Travelex International Limited is a foreign exchange company with main businesses are foreign currency exchange, issuing prepaid credit cards for use by travellers, supplying central banks with foreign currency and global remittance

As part of our support, we were able to ensure RSA’s Cyber requirements for achieving and maintaining compliance using various security protection was upheld when deploying a fleet of 20,000 laptops. We also undertook a security evaluation audit, ensuring the new O365 accounts were conforming to RSA’s Information Security requirements to ensure the program could continue with the Digital Migration. We also developed and managed the deployment of a combination of migration endpoint security metrics into a centralized SIEM platform using ELK configured to provide alerting in this area.

Royal Sun-Alliance

Royal Sun-Alliance are an established insurance Client within the City of London and had for many years struggled to support their large workforce

Within the space of 6 months, we had attributed an increase in the capability maturity score for Quintain improving areas such as, security governance and risk management, training and awareness and improved in areas of resilience. We also coordinated extensive security testing across the different operating companies, implementing a vulnerability management system to scan and triage vulnerabilities of different classifications. The overall outcome is that the business that operates a build-to-rent sector using extensive Digital systems was slowly becoming more secure at its infrastructure boundaries whilst addressing security controls internally.

Quintain

Quintain is an award-winning development and asset management company and also the team behind Wembley Park, one of London's most exciting new neighborhoods.

Whilst the project is ongoing, we have been able to support NR Telecoms in providing bespoke security solution development in the form of evaluating a number of options to achieve the desired outcome of a monitoring solution for security analysis. Producing a number of high/low-level designs, we have been able to evaluate the solution at a relatively low cost compared to outsourcing to vendors/suppliers.

Network Rail

Network Rail Limited is the owner and infrastructure manager of most of the railway network in Great Britain. Network Rail is a non-departmental public body of the Department for Transport with no shareholders, which reinvests its income in the railways.

Complete Cyber were able to assess the technical threat aspect to determine key risks that could be evaluated as part of the overall System Safety Assurance case. By building relationships with the suppliers, Complete Cyber were able to obtain the required information from the suppliers to perform baseline audits that indicated potential security risks with the suppliers systems. We also raised the profile of Cyber and its imposing threats across the project, specifically with the types of systems being deployed.

NRTMS Romford & Wales

We managed to identify a series of issues with the proposed architecture that could lead to potential malicious adversaries compromising the mobile app, should a particularl attack vectors be carried out. This resulted in our team working closely with the solution architects and developers to remediate our findings, such as leveraging native iOS and Kotlin libraries rather than using custom-built solutions for performing cryptographic and secrets management. We also reviewed the interaction between the mobile app and the backend infrastructure owned and managed by Tesco Banking and identified some issues around authentication of the app's microservices and addressed this by the introduction of introducing authentication methods for all calls made between the mobile app and backend IT Infrastructure.

Tesco Banking

Tesco Personal Finance plc, trading as Tesco Bank, is a British retail bank which was formed in July 1997.

Using our passion for driving security into a program, we actively built and supported continuous development pipelines that incorporated the latest security testing to perform SAST/DAST/SCA testing of all software developed by the teams. We also supported the as-is IT and Network architecture and built a solution that incorporated physical HSM’s to support storing of cryptographic material needed for compliance against PCI-DSS and PSD2 requirements whilst ensuring a highly scalable and reliable internal PKI solution to support the needs of the Banks zero-trust policy for microservices. We also supported the various teams overall Open Banking solution to ensure compliance to the Open Banking standards and
provided support in advising on security software solutions when required.

Open Banking

Open Banking Limited with more than 8 million active users - Implementation Entity described in the CMA Order – built the UK’s world-leading Open Banking Standard and industry guidelines to drive competition, innovation and transparency in UK retail banking.

We ensured that our team worked independently to support the team under the tight timescales to assist them in their development of a data broker for contract data in Google cloud. Evaluating edge defenses using technology such as: Next-Generation Firewalls and ensuring Intrusion Detection/reverse proxy systems were in place at the ingress/egress of the Cloud environment provided some edge protection. Our team of security architects ensured that the Cloud environments were hardened to CIS benchmarks, but introduced compliance scanning at Code as Infrastructure level to ensure configuration of the Google environment was secure. We also ensure that when evaluating the solution from an assurance aspect, we ensure compliance against the Clients' security policies by leveraging tooling designed to pull data to indicate the configuration of the environments.

Dixon’s Carphone Warehouse - iDmobile Contract Data Project

Carphone Warehouse is a mobile phone retailer founded in 1989 by Charles Dunstone and Julian Brownlie. In 2014, Carphone Warehouse merged with Currys to from a family of brands under Dixons Carphone PLC – now known Currys PLC.

bottom of page