Understand your risk.
Fix what matters.

We help leadership teams make sound technology risk decisions, grounded in real threats and commercial reality.

Work with us → What we do →
Who we are

Specialist by design.

Our team combines deep technical expertise with proven client service delivery from leading advisory practices.

What we do

Understand your adversaries.
Measure the real impact.
Deploy solutions that work.

Three capabilities, deployed together or independently to translate risk insights into clear actions.

Understand
The threats you actually face

We identify the specific threats you face: who, how, and from where — whether from sophisticated cyber crime groups, insiders and accidents, through to changing regulations.

Measure
What impacts you could suffer

We translate technical risk into financial terms. What would an incident cost in operations, revenue, and recovery? We give leadership teams something concrete to work with.

Deploy
Solutions built around reality

The right answer is one you can implement. We design solutions around your risk appetite and budget, not what looks good in a report.

Our team

Owner run and owner operated.

Jano Bermudes
Jano Bermudes

Advises boards and executive teams on technology risk, cyber crime, insider threats, and operational resilience. Former Big Four advisory, insurance, and legal sector experience across critical infrastructure and security architecture.

Jano Bermudes
Technology Risk Critical Infrastructure Security Architecture
Cal McGuire
Cal McGuire

Quantifies the financial impact of cyber and operational risk for boards and senior leadership. Former Marsh, PwC, and KPMG. Deep expertise across financial services, retail, manufacturing, and PE-backed businesses.

Cal McGuire
Risk Quantification Risk Transfer M&A
Freddie Witzmann
Freddie Witzmann

Specialist in cyber readiness and regulatory compliance within financial services. Former Capgemini, Marsh, and CyXcel. Led hundreds of cyber exercises and simulations for major organisations as Head of Cyber Exercise and Preparedness at Marsh.

Freddie Witzmann
Operational Resilience Crisis Simulation Regulatory Compliance
Samuel Kudláč
Samuel Kudláč

Provides boards and senior leadership with intelligence-led assessments of the threats that matter. Translates geopolitical dynamics into actionable insight for executive decision-making. Professional background in threat intelligence and supply chain cyber risk management.

Samuel Kudláč
Threat Research Geopolitics Strategic Intelligence
Who we work for

Extensive experience across
industries and client challenges.

Critical National Infrastructure
CNI cyber risk assessments and architecture
UK Gas and Electricity Network
Financial Services
Cyber supply chain risk management
Central bank, leading G7 nation
Industrial Technology
Global OT security assessment programme
Swiss-based international industrial firm
Financial Services
Regulatory-driven business continuity framework
Multinational banking and financial services
Retail & Consumer
Data asset mapping and governance transformation
British multinational food and fashion retailer
Financial Services
Bespoke scenario creation for threat-led penetration testing
Global fintech and challenger banking group
Government
Intelligence-led attack simulation to test resilience
UK central government department
Financial Services
Outsourced cyber M&A due diligence service
Leading global insurance corporation
Energy & Infrastructure
Multi-year cybersecurity improvement programme
UK and European renewable energy asset manager
Telecommunications
Global post-breach assessment and remediation
Global telecommunications provider
Financial Services
Cyber insurance controls review and peer benchmarking
Leading South African banking group
Private Equity
Portfolio risk review and competitor benchmarking
London-based international private equity firm
Featured case study

Designing a right-sized cybersecurity solution for thermal electricity generating sites at a price point that actually works.

The situation

A renewable infrastructure asset manager was early in their security journey with no in-house expertise. Unable to secure cyber insurance at an acceptable price, they faced real financial exposure. Engineering firms proposed solutions that were technically coherent but commercially unworkable, being too costly and too compliance-heavy to implement.

How we worked

We went to the sites and worked directly with the people running them. Using a threat-informed business risk methodology, we established what an incident would cost the business, then designed a proportionate and scalable solution built around their risk and cost appetite. The result saved the client significant amount of money while delivering a step-change in their security posture.

What we delivered
Cyber maturity assessment and loss quantification model
High-level architecture for a full cybersecurity solution
Revised minimum viable design, built around realistic threat scenarios and what the client could genuinely afford
Vendor selection support for required technical products
Transformation delivery framework
What changed
Projected spend reduced by two-thirds from millions of euros over three years to commercially acceptable one-off and recurring costs
Security responsibility transferred from onsite engineers to specialist vendors, so the solution holds regardless of staff turnover
Sites in a stronger position to prevent, contain and recover from an incident
Get in touch

If the problem is complex,
we should talk.

info@ashcairn.com linkedin.com/company/ashcairn

Why Ashcairn

We work with a small number of senior leadership teams each year on high-value, high-stakes challenges. If yours is one of them, reach out.

Start a conversation →