About Secrutiny

Secrutiny was founded by an experienced team that has built and sold numerous IT and security practises over the past 25 years. Each successive venture has been targeted with doing something progressive in a continuously changing environment.

As such, we became fascinated by the industry ‘threat-mania’ that has driven huge cycles of product development and enterprise adoption in the hunt for ‘perfect’ protection. It quickly became obvious that the hype of annual additions to the layers of the security onion was not sustainable.

The waves of publicised, high-profile breaches demonstrated that organisations cannot spend their way out of trouble or risk; even those with heavy cyber investment in protection and detection technologies fall foul to breaches on a daily basis.

To truly secure an organisation, visibility is essential; it enables recognition of anomalies and the potential risk the anomalies may pose. Visibility will inevitably reduce risk, whether it’s a case of noncompliance, bad practice, malware, misuse/insider or commodity/targeted attack.

On further investigation, it emerged that current buying behaviour is based on perceived threat, rather than actual business risk. If we could develop a technology, process and approach to determining risk, organisations could move spend to a fact-based model.

So, we developed a range of professional and managed services to help organisations focus cyber security efforts and resource on quantified, factual information rather than the wider ‘threat-mania’ industry view.

What we do

Cyber Risk Audit

Provides valuable insight into the IT operational risks relevant to the specific organisation. Learn More.

Patrol Managed Services

Provides protection, detection & control capabilities for both operational and technical cyber risks. Learn More.

Incident Response

By understanding the root cause of breaches, Secrutiny’s Incident Handlers focus Forensic Investigation on Hosts of Interest, providing quicker, more effective Incident Response results. Learn More.


Sometimes a risk cannot be mitigated with hygiene and good practice alone. When augmentation with product is required, the 5DIMENSIONS process helps businesses select solutions that provide the best fit functionally, operationally and commercially. Learn More.

Management Team

Simon Crumplin - Secrutiny Founder & CEO

Simon Crumplin
Founder & CEO

Simon has over 20 years’ experience in the cyber-security marketplace; having previously built, and successfully sold, two managed service security companies.

Just over two years ago, Simon launched Secrutiny. An organisation that is focused on becoming customers ‘Trusted Advisor’ by introducing helping organisations focus cyber security efforts and resource on quantified, factual information rather than the wider industry view.

Connect with Simon Crumplin

Ian Morris - Founder & Board Member

Ian Morris
Founder & Board Member

Ian is widely recognised as a specialist in ‘what next’ in cyber, with extensive knowledge of Silicon Valley and Tel Aviv startup communities.

His businesses have pioneered next-generational approaches and as such, have been the UK launch pad and channel for vendors such as 3Com, Ascend, Juniper, Netscreen, Neoteris, Fortinet, Juniper, Palo Alto, and FireEye. Ian’s third startup, VADition, now represents the largest global division of Exclusive Networks.

Connect with Ian Morris

Shane Shook - Principal Advisor to Secrutiny Board

Shane Shook
Principal Advisor to the Board

Shane has more than 30 years of information technology and risk management experience, including expert witness testimony information security, information management, and breach investigation forensics.

For more than 15 years, he served global Fortune 500 customers as a trusted advisor. This work has included industry-use technology, outsource IT advisory negotiation and dispute analysis, as well as data security, privacy and modelling.

Connect with Shane Shook 

What our customers say


Traditional Audits are based on paper exercises that give a generic view of risk based on the policy, process and controls in place. Secrutiny on the other hand, have been able to show exactly what is going on in my estate by developing a Cyber Audit that gives a comprehensive view of data loss and sabotage, network and user anomalies and comprehensive insights to installed software and hardware build and configuration.

Over nearly 30 years in Information Security, Secrutiny’s Cyber Risk Audit has given the most meaningful results by far.

Head of Information Security, Leading UK Construction Group



In 2017, we undertook Secrutiny’s Cyber Risk Audit to inform compliance issues, policy violation by privilege users, misuse of services, policy and system administration violations.

The results have provided insight into risks that we were not aware of and will be used to make informed decisions that embed security by design according to IT operations.

Information Security Manager, Prominent Investment Management Firm


Secrutiny Blog

Microsoft Warns of Spike in Hard to Spot Info-Stealer Astaroth Fileless Malware Campaign

A fileless malware campaign is being abused by malicious actors to drop the information stealing Astaroth Trojan into the memory of infected computers.

Infographic: Insider Threats Remain a Major Risk to Organisations

Intentional or not, insider threats are on the rise. Don’t take the chance; gain a better understanding in our cyber security infographic.

Locking the Door Is No Longer Enough: Required Capabilities for Identity and Access Threat Prevention

In this blog, we will define the key requirements and capabilities of IATP solutions and the drivers they should support within an organisation.

RDP Exploits on the Rise: Tips for Mitigating Your Exposure

Malicious actors continue to exploit Remote Desktop Protocol (RDP) to gain access to the target computers. Mitigate your exposure now.

All You Need to Know About Microsoft’s Decision to Drop Password Expiration

Microsoft has officially dropped its 60-day password expiration policy from its security baseline, following May’s Window’s 10 updates.

Microsoft Patches Critical WannaCry-like Vulnerability, Including Legacy XP and Windows Server 2003

Microsoft has released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services.