SECFORCE
FeaturedCanary Wharf-based adversary simulation and CBEST-aligned penetration testing consultancy, delivering CREST-accredited offensive security to UK financial services and other organisations with the most demanding requirements.
Featured in: Best CREST Pen Testing Companies
Key facts
- CBEST-approved provider staffed by certified CCRTM and CCRTS consultants.
- Has delivered over 15 CBEST engagements for UK high street banks, major financial institutions, and other regulated entities.
- Works with a network of trusted, CBEST-approved threat intelligence partners, and can also work alongside any threat intelligence provider selected by the client or regulator.
- Independently audited against both ISO 27001 and SOC 2 for information security, data handling, and operational integrity.
- Runs a manual-first methodology: findings are validated and exploited by hand, not reported from scanner output.
- Specialises in CBEST and TIBER-EU threat-led testing for UK financial services.
- Engagements align to OWASP, OSSTMM, NIST, CREST, and CBEST frameworks.
- Team members speak at DEF CON, Black Hat, and 44CON.
- Founded in 2006.
- Headquartered in London, United Kingdom.
- Team of 11-50 security professionals.
- Holds CREST, CBEST, ISO 27001, SOC 2, and Cyber Essentials accreditation.
- Delivers 13 penetration testing services.
- Typical response time: 1-3 days.
- Operates globally, with delivery across the UK, Europe, APAC, and the Middle East.
- Compliance expertise across ISO 27001, SOC 2, PCI DSS, GDPR, and NIS 2.
About
SECFORCE is a Canary Wharf-headquartered offensive security consultancy founded in 2006, specialising in adversary simulation and CBEST-aligned testing for UK financial services and other large organisations with the most stringent and mature security appetites. Major enterprises trust SECFORCE to test their systems, upgrade their security programmes, and comply with their regulations.
SECFORCE holds CREST accreditation for penetration testing services alongside ISO 27001 and ISO 9001 certifications, demonstrating both technical excellence and robust quality management. Their testing capabilities span the full spectrum of offensive security: web application testing, API penetration testing, mobile application assessments, source code review, external and internal infrastructure testing, wireless assessments, cloud and firewall configuration reviews, VDI breakout evaluations, thick client testing, and embedded device and IoT security. SECFORCE's methodology aligns with established frameworks including OWASP, OSSTMM, NIST, and CBEST standards, though their team is known for deviating from standard approaches when strategically beneficial for clients.
Driven by a passion for security research and a hacker-focused culture, SECFORCE consistently operates at the cutting edge of the security industry. Their approach combines deep technical expertise with actionable, result-oriented reporting that gives clients clear next steps for improving resilience. SECFORCE is widely recognised as one of the strongest penetration testing providers in both the UK and Europe.
SECFORCE in Depth
FeaturedOverview
SECFORCE is a Canary Wharf-headquartered offensive security consultancy founded in 2006, specialising in adversary simulation and CBEST-aligned testing for UK financial services and other large organisations with mature security programmes. The firm works with major enterprises that need testing depth beyond a conventional point-in-time penetration test.
The consultancy holds CREST accreditation for penetration testing alongside ISO 27001, SOC 2, and ISO 9001 certification, evidencing both technical capability and the quality-management discipline that regulated financial clients expect. SECFORCE's engagement book spans regulated financial services work, enterprise infrastructure and application testing, and threat-led assessments aligned to CBEST and TIBER-EU.
SECFORCE is a research-driven firm with a hacker-focused culture. The team is known for going beyond standard methodology when it materially improves the outcome for a client, and for reporting that translates technical findings into clear, prioritised remediation steps a security leader can act on.
Approach
SECFORCE runs a manual-first methodology. Automated tooling is used for coverage and triage, but findings are validated, chained, and exploited by hand so that reports reflect real attacker capability rather than scanner output. Engagements align to OWASP, OSSTMM, NIST, CREST, and CBEST frameworks, with the team adapting scope and technique to the specific threat model of each client. For threat-led work, scoping is driven by current threat intelligence about the actors most likely to target the client's sector, and engagements are deliberately paced to test detection and response over time rather than to race to a single objective.
What They Test
Working with SECFORCE
Services
Accreditations
Best For
Methodologies
Team Activity
No reviews yet. Share your experience →
Is this your company?
Claim SECFORCE to verify the listing, update your services and pricing, respond to leads, and add the Verified badge to your profile. Free for companies, we just need to confirm your business email.
Claim This Profile