About Secrutiny

Secrutiny was founded by an experienced team that has built and sold numerous IT and security practises over the past 25 years. Each successive venture has been targeted with doing something progressive in a continuously changing environment.

As such, we became fascinated by the industry ‘threat-mania’ that has driven huge cycles of product development and enterprise adoption in the hunt for ‘perfect’ protection. It quickly became obvious that the hype of annual additions to the layers of the security onion was not sustainable.

The waves of publicised, high-profile breaches demonstrated that organisations cannot spend their way out of trouble or risk; even those with heavy cyber investment in protection and detection technologies fall foul to breaches on a daily basis.

To truly secure an organisation, visibility is essential; it enables recognition of anomalies and the potential risk the anomalies may pose. Visibility will inevitably reduce risk, whether it’s a case of noncompliance, bad practice, malware, misuse/insider or commodity/targeted attack.

On further investigation, it emerged that current buying behaviour is based on perceived threat, rather than actual business risk. If we could develop a technology, process and approach to determining risk, organisations could move spend to a fact-based model.

So, we developed a range of professional and managed services to help organisations focus cyber security efforts and resource on quantified, factual information rather than the wider ‘threat-mania’ industry view.

What we do

Cyber Risk Audit

Provides valuable insight into the IT operational risks relevant to the specific organisation. Learn More.

Patrol Managed Services

Provides protection, detection & control capabilities for both operational and technical cyber risks. Learn More.

Incident Response

By understanding the root cause of breaches, Secrutiny’s Incident Handlers focus Forensic Investigation on Hosts of Interest, providing quicker, more effective Incident Response results. Learn More.


Sometimes a risk cannot be mitigated with hygiene and good practice alone. When augmentation with product is required, the 5DIMENSIONS process helps businesses select solutions that provide the best fit functionally, operationally and commercially. Learn More.

Management Team

Simon Crumplin - Secrutiny Founder & CEO

Simon Crumplin
Founder & CEO

Simon has over 20 years’ experience in the cyber-security marketplace; having previously built, and successfully sold, two managed service security companies.

Just over two years ago, Simon launched Secrutiny. An organisation that is focused on becoming customers ‘Trusted Advisor’ by introducing helping organisations focus cyber security efforts and resource on quantified, factual information rather than the wider industry view.

Connect with Simon Crumplin

Ian Morris - Founder & Board Member

Ian Morris
Founder & Board Member

Ian is widely recognised as a specialist in ‘what next’ in cyber, with extensive knowledge of Silicon Valley and Tel Aviv startup communities.

His businesses have pioneered next-generational approaches and as such, have been the UK launch pad and channel for vendors such as 3Com, Ascend, Juniper, Netscreen, Neoteris, Fortinet, Juniper, Palo Alto, and FireEye. Ian’s third startup, VADition, now represents the largest global division of Exclusive Networks.

Connect with Ian Morris

Shane Shook - Principal Advisor to Secrutiny Board

Shane Shook
Principal Advisor to the Board

Shane has more than 30 years of information technology and risk management experience, including expert witness testimony information security, information management, and breach investigation forensics.

For more than 15 years, he served global Fortune 500 customers as a trusted advisor. This work has included industry-use technology, outsource IT advisory negotiation and dispute analysis, as well as data security, privacy and modelling.

Connect with Shane Shook 

What our customers say


Traditional Audits are based on paper exercises that give a generic view of risk based on the policy, process and controls in place. Secrutiny on the other hand, have been able to show exactly what is going on in my estate by developing a Cyber Audit that gives a comprehensive view of data loss and sabotage, network and user anomalies and comprehensive insights to installed software and hardware build and configuration.

Over nearly 30 years in Information Security, Secrutiny’s Cyber Risk Audit has given the most meaningful results by far.

Head of Information Security, Leading UK Construction Group



In 2017, we undertook Secrutiny’s Cyber Risk Audit to inform compliance issues, policy violation by privilege users, misuse of services, policy and system administration violations.

The results have provided insight into risks that we were not aware of and will be used to make informed decisions that embed security by design according to IT operations.

Information Security Manager, Prominent Investment Management Firm


Secrutiny Blog

Surge in PowerShell Malware Infections from Phishing Campaign

10 octoBER 2018 A surge in PowerShell Malware Infections Through Phishing Campaign Last week Secrutiny Analysts investigated suspicious emails sent to multiple employees within an organisation. The phishing emails could easily have been mistaken for genuine emails...

Rig Exploit Kit Is Back and up to No Good Again

19 SEPTEMBER 2018 RIG Exploit kit is back and up to no good again RIG Exploit kit (currently the most used exploit kit) is now back, in its fourth upgraded version, and it’s up to no good again. Over the last few weeks, security analysts have been observing a rootkit...

Why Is An Audit Approach The Only Practical Approach To Cyber Security?

18 SEPTEMBER 2018 WHY IS AN AUDIT APPROACH THE ONLY PRACTICAL APPROACH TO CYBER SECURITY? For an industry barely 20 years old, cyber security has become more confusing and complicated each year thanks to competing vendors, resellers and ‘expert opinions’. The...

Microsoft September 2018 Patch Tuesday

12 SEPTEMBER 2018 MICROSOFT SEPTEMBER 2018 PATCH TUESDAY 61 updates were released in yesterday's September 2018 Patch Tuesday to address vulnerabilities in Mircosoft Windows and related programs. Including 17 critical bugs, several flaws already public knowledge and a...

Dark Tequila Malware Designed to Steal your Financial Details

Dark Tequila steals victims’ financial information from a long list of online banking sites, as well as login credentials to popular websites ranging from code versioning repositories to public file storage accounts and domain registrars.

A New Era of SSRF: Exploiting RFI and XSS to Bypass Website Security

Within this blog we will be exploring the use of SSRF by exploiting RFI and XSS methods to bypass website security and port scan webservers and services from a hosted site instead of our local machine.