How We Work

Each engagement is tailored to the needs of the client. This results in flexible engagement scenarios whether design consultations, penetration tests, vulnerability assessments or audits.

Esqo uses an in-house security framework. This is based upon current best practice and knowledge. The framework is leveraged by staff who are expert in their field. Our work is performed by hand and all reports are hand written, we do not believe in using automated commercial security scanning software.

Reporting takes prime significance in each engagement, our reports are high quality documents describing the engagement, risks and mitigation information. Risks are classified according to criticality and appropriate mitigation steps are proposed.

As reports will be read by technical and non technical audiences they contain a mix of high level summaries and low level technical information to suit all.

During engagements a holistic approach is taken, organisational issues such as policy, standards and processes are considered along with technological and human factors. Organisational factors can be used to keep risks in check.