Security Faculty


Professional Information Security Management is still in its infancy with new business and technical challenges continually needing new thinking.

Through strong links with universities, industry bodies such as I-4, corporations and the research labs of IT vendors, Security Faculty have set themselves the mission of making a difference in how well security problems are solved and security risk is managed.

Good security needs to have clear goals defined and measured. Security processes, technologies and teams need to demonstrate they are meeting effective and efficient performance targets. We therefore run benchmarking and 'essential practice' studies to help organisations measure themselves, as well as developing security metrics and executive dashboards.


We are also committed to helping our customers, be they end users companies or vendors, understand emerging security and risk issues in business terms, looking at both the risks and also best practice in security management for both effectiveness and efficiency. Applied research areas include:

  • Leading research - evaluating and articulating some of the bigger challenges for security as a whole. These are often worked together with universities, or are public sector sponsored.
  • Strategic research - helping clients look ahead in their organisational or product/service strategies (in the case of vendors) to determine what forward-looking decisions need to be made in terms of capability and priorities.
  • Current Market research - looking at how current or immediately planned products and services will land in the marketplace, including how to build a client business case and overcome inhibitors.


We are very experienced in establishing security organisations and knowledge-sharing networks for federated corporate organisations or vendors wishing to establish deeper working relationships with their customers and undertaking targeted benchmarking exercises:

  • Devolved/Distributed Security - We help set up distributed security organisations where policy heads have 'dotted line relationships' to other security professionals in their enterprise. We know how to make these work and thrive even where direct line reporting is not in place. Our track record covers many organisations that achieved world-class capability.
  • Client Communities - We work with IT and security service suppliers to help them set up and run communities of customers to operate as 'advisory councils' and supportive communities of interest. We know how to build successful communities and have a track-record of success that overcome the barriers often experienced by vendors.
  • Benchmarking - Both IT suppliers and their customers are faced with the challenge of knowing what their security priorities should be and how much security is 'enough'. The expectations of regulators, clients and society as a whole are very much set by what industry as a whole is actually doing. But most attempts at comparative benchmarks are dismal failures as they end up not properly comparing 'apples with apples' and asking irrelevant or superficial questions. By using our unique network of experienced senior security practitioners, Security Faculty has proved that a good benchmark can only be performed by those who truly understand the security problem from a view based on real life experience.

Examples of our research work can be found at our information site