About Secrutiny

Secrutiny was founded by an experienced team that has built and sold numerous IT and security practises over the past 25 years. Each successive venture has been targeted with doing something progressive in a continuously changing environment.

As such, we became fascinated by the industry ‘threat-mania’ that has driven huge cycles of product development and enterprise adoption in the hunt for ‘perfect’ protection. It quickly became obvious that the hype of annual additions to the layers of the security onion was not sustainable.

The waves of publicised, high-profile breaches demonstrated that organisations cannot spend their way out of trouble or risk; even those with heavy cyber investment in protection and detection technologies fall foul to breaches on a daily basis.

To truly secure an organisation, visibility is essential; it enables recognition of anomalies and the potential risk the anomalies may pose. Visibility will inevitably reduce risk, whether it’s a case of noncompliance, bad practice, malware, misuse/insider or commodity/targeted attack.

On further investigation, it emerged that current buying behaviour is based on perceived threat, rather than actual business risk. If we could develop a technology, process and approach to determining risk, organisations could move spend to a fact-based model.

So, we developed a range of professional and managed services to help organisations focus cyber security efforts and resource on quantified, factual information rather than the wider ‘threat-mania’ industry view.

What we do

Cyber Risk Audit

Provides valuable insight into the IT operational risks relevant to the specific organisation. Learn More.

Patrol Managed Services

Provides protection, detection & control capabilities for both operational and technical cyber risks. Learn More.

Incident Response

By understanding the root cause of breaches, Secrutiny’s Incident Handlers focus Forensic Investigation on Hosts of Interest, providing quicker, more effective Incident Response results. Learn More.


Sometimes a risk cannot be mitigated with hygiene and good practice alone. When augmentation with product is required, the 5DIMENSIONS process helps businesses select solutions that provide the best fit functionally, operationally and commercially. Learn More.

Management Team

Simon Crumplin - Secrutiny Founder & CEO

Simon Crumplin
Founder & CEO

Simon has over 20 years’ experience in the cyber-security marketplace; having previously built, and successfully sold, two managed service security companies.

Just over two years ago, Simon launched Secrutiny. An organisation that is focused on becoming customers ‘Trusted Advisor’ by introducing helping organisations focus cyber security efforts and resource on quantified, factual information rather than the wider industry view.

Connect with Simon Crumplin

Ian Morris - Founder & Board Member

Ian Morris
Founder & Board Member

Ian is widely recognised as a specialist in ‘what next’ in cyber, with extensive knowledge of Silicon Valley and Tel Aviv startup communities.

His businesses have pioneered next-generational approaches and as such, have been the UK launch pad and channel for vendors such as 3Com, Ascend, Juniper, Netscreen, Neoteris, Fortinet, Juniper, Palo Alto, and FireEye. Ian’s third startup, VADition, now represents the largest global division of Exclusive Networks.

Connect with Ian Morris

Shane Shook - Principal Advisor to Secrutiny Board

Shane Shook
Principal Advisor to the Board

Shane has more than 30 years of information technology and risk management experience, including expert witness testimony information security, information management, and breach investigation forensics.

For more than 15 years, he served global Fortune 500 customers as a trusted advisor. This work has included industry-use technology, outsource IT advisory negotiation and dispute analysis, as well as data security, privacy and modelling.

Connect with Shane Shook 

What our customers say


Traditional Audits are based on paper exercises that give a generic view of risk based on the policy, process and controls in place. Secrutiny on the other hand, have been able to show exactly what is going on in my estate by developing a Cyber Audit that gives a comprehensive view of data loss and sabotage, network and user anomalies and comprehensive insights to installed software and hardware build and configuration.

Over nearly 30 years in Information Security, Secrutiny’s Cyber Risk Audit has given the most meaningful results by far.

Head of Information Security, Leading UK Construction Group



In 2017, we undertook Secrutiny’s Cyber Risk Audit to inform compliance issues, policy violation by privilege users, misuse of services, policy and system administration violations.

The results have provided insight into risks that we were not aware of and will be used to make informed decisions that embed security by design according to IT operations.

Information Security Manager, Prominent Investment Management Firm


Secrutiny Blog

Adobe Patches Security Vulnerabilities in Flash Player

Trouble strikes again as Adobe patches security vulnerabilities in Flash Player – including a zero-day vulnerability that has been spotted being exploited in the wild.

Juggling Security Risks and Balancing Priorities with Simon Crumplin, CEO of Secrutiny Ltd.

Whether you are the CIO, the CISO or a Business Engagement Manager, your life is a constant battle to ensure a reasonable security posture while balancing costs, usability, technology, user behaviour, transformation and agility. Suffering a breach is no longer a question of “if,” but “when” and “how big”.

Emotet Banking Trojan Seen Taking Advantage of Privileges of Local Administration Shares

In the month of November,  a UK law firm learnt the hard way the importance of limiting privileges of the local administration shares on their endpoints when the popular Emotet malware appeared in their estate.

Shodan: The Search Engine for the Internet of Things

Shodan is a free security tool helping defenders keep track of all the computers on their network that are directly accessible from the Internet. Shodan makes it easy to search a subnet or domain for connected devices, open ports, default credentials, even known vulnerabilities.

Same Old File Types, Brand New Spam Campaigns

Spam and phishing campaigns remain a firm favourite infection vector for malicious actors but cybercriminals appear to be expanding the file types they abuse in an effort to find more effective ways to distribute malware.

Researchers Report Vulnerability in Microsoft Word Online Video Feature

Researchers at Automated Breach and Attack Simulation solution provider Cymulate have reportedly found a vulnerability in Microsoft Word’s online video feature that allows threat actors to replace legitimate YouTube iframe code with malicious HTML/JavaScript code.