We're not penetration testers.
We're friendly attackers.

We help organisations to become more secure by using the same techniques as criminal hackers to breach them, and then working with them over the long term to put right the problems we find.

Find out more

We're driven by our founding philosophy: that risk assessment alone doesn't work for security

While risk assessments are useful, they give a broad but uncertain view of security.

We help by supplementing this broad view with a narrow but certain one, describing vulnerabilities that we can prove exist and have impact.

We give our clients clear, actionable, objective information about their security.

Then, we help clients to use this information to create transformative improvement: not just to tick a compliance checkbox.

Attack Specialists

We're attack specialists

All of our work is grounded in attack, and that's the perspective that we bring. We'll help you to understand how attackers operate, what they care about, which controls are effective, and which aren't.

Find facts

We find facts

Better security decisions can be made when you have indisputable evidence to hand. Our work will give you insights about your organisation that you can trust. We're a speculation-free zone!


We think about the long term

The value in practical security work comes mostly from the remediations and improvement, not the breach: we engage with clients over the long term, helping them to extract maximum value from our work.

People First

We put people first

We believe that organisations can only be secure if their security approach respects and supports the needs of the people whose work it affects. We'll help you to design your security around the needs of your users.

“[The Tradecraft adversary simulation] was performed to an incredibly high standard and we were very pleased with the way in which it was run, along with the output presented to us; a detailed rundown of vulnerabilities with a clear understanding of how to prioritise them, presented in a clear and actionable manner.”

Greg Annandale
Web Platform Lead
Raspberry Pi Foundation

“Tradecraft were incredibly fast in identifying a vulnerability that a generation of previous security experts, consultants and companies had completely failed to spot. They provided a mature, confidence-inspiring summary of the situation, including options to fix, and worked sensitively alongside our team in making sure that change was carried out well.”

Jason Caplin
Director, Digital and Technology

“Previous tests have resulted in long lists of minor items that may or may not have a tangible impact on our information security. It's near-impossible for our team to prioritise which items on the list to address. Tradecraft's approach helped us to arrive at a far shorter list of items representing realistic attack scenarios. Tradecraft picked up on issues missed by numerous previous testers.”

Samuel Keating-Fry
Senior Systems Architect
Southbank Centre

Read case study

Our Values

Good security design is often counter-intuitive, and we're here to help organisations that want to challenge the status quo, complementing traditional approaches with new ones. Our principles of secure design are different, and our values guide everything we do.

Talk to Us

Talk to us about your security

Get in touch