Security Consulting


Unrivalled talent and recognized world-class security expertise

At NCC Group we can boast unrivaled talent and recognized world-class security expertise.

Bringing together best in class security consultancies iSEC Partners, Intrepidus Group, Matasano, NCC Group and NGS to form a globally respected and vendor independent security consultancy.

Strategic Infrastructure Security

Comprehensive and Methodical

We help organizations protect themselves by providing expertly executed and meaningful services focused on assessing the underlying infrastructure of an organization. Composed of systems, servers, networks, buildings and people, infrastructure contributes the majority of an organization’s attack surface.

Application Security

Unrivaled Experience

We provide discerning clients with high-end application services including penetration testing, code review, design review, architecture review, threat modeling and Secure Development Lifecycle creation.

Mobile Security

Trusted Experts

We have deep a understanding of mobile architectures and application development, having assessed many mobile applications, assisted organizations in leveraging mobile development security best practices, and reviewed device-level security controls while working with OEMs and telecommunications providers.

Cryptography Services

Leading provider of security assessments

We have a wealth of experience building, breaking, fixing and deploying cryptographic solutions that our customers rely on for their core business, data protection, compliance and security needs.

Keyhole Service

Security Baseline for Applications

A light-touch, fast, analyst-driven web application penetration test geared towards those smaller applications that never get a full assessment but still represent a threat.

Bug Bounty Support Program

Triage Specialists

In response to popular demand, NCC Group is pleased to present our Bug Bounty Support Program.

Managed Security Services

How do you assure your security inbetween penetration tests?

Our Managed Security Services can dramatically improve your ongoing security posture through more frequent, cost effective security assessments, helping you to identify, assess and manage risk.

With most organisations still opting to conduct penetration tests once a year there are potentially significant periods for new vulnerabilities to be introduced.

Risk Management & Governance

Experience and Know-How

We deliver a systematic and strategic approach, essential in the modern compliance landscape. We are a PCI qualified security assessor and approved scanning vendor, as well as an ISO 27001 accredited organization.

Training Services

Security Experts

The moving target of computer security is hard to hit, even for seasoned security practitioners. Without good and relevant training that is continuously reinforced and updated, it is easy to get behind the threat curve and make mistakes.