— Who it's for
We work with UK businesses of every shape and size: sole traders, growing SMEs, regulated industries, full enterprises. Microsoft 365, Google Workspace, AWS, GCP, or a mix. We really want to work with companies that want to change. Below: find your tier, who we work with, who we are, and the answers we get asked most.
— Find your tier
Answer below and we'll point you at the tier that matches the proof your audience is asking for. Nothing's saved. This is just a guide.
— Who we work with
Cybersecurity has spent decades pretending it's only for banks, defence contractors and tech giants. The truth: a plumber on Google Workspace and a multinational running AWS and Microsoft 365 face the same kinds of threats. We work with both, and everyone in between: accountants, law firms, manufacturers, charities, schools, agencies, healthcare practices, tradespeople. If you use a modern cloud, we can help.
Sole traders & micro
One-person consultancies, small studios, family firms. If you use any modern cloud (Microsoft 365, Google Workspace, AWS, GCP) and you care about doing things properly, we want to talk. Pricing starts from £50/month. No minimum size, no awkward conversations about whether you're 'big enough'.
Growing SMEs
Twenty people, a hundred, two hundred and fifty. The kind of business that's outgrown the IT-friend-of-a-friend setup but isn't ready (or willing) to pay big-firm consultancy rates. This is where most of our customers sit.
Enterprise
Multi-region teams, hundreds of identities, regulated industries, demanding customer security questionnaires. We run the same Foundry Cyber Benchmark at depth, with audit-grade evidence packs and the standards your enterprise audience asks for.
Not sure whether we're the right fit? Get in touch — we'll tell you straight.
— About us
Foundry Cyber is a Yorkshire-based cybersecurity company built on over a decade of hands-on experience across security operations, cyber assurance, and IT infrastructure. We've worked inside both private sector organisations and regulated public sector environments.
That experience exposed a gap: small and growing businesses deserve enterprise-level security thinking, delivered in a practical, accessible way, without the consultancy pricing or the jargon. So we built Foundry Cyber to close it.
We see security from both angles, the technical and the governance-driven, and give clear, actionable advice that reduces risk without unnecessary complexity.
— Founder's note
I started Foundry Cyber after a decade in security operations and assurance, across both private and public sector, because I kept seeing the same gap: enterprise-grade security thinking that small and growing businesses couldn't afford, couldn't access, or couldn't decode. We're closing that gap with sensible controls, plain-English reporting, and an engineering team that actually fixes things.
Will · Founder, Foundry Cyber
Practical, proportionate, aligned with your business.
— Frequently asked
It means our AI assistant, Forge, does a lot of the heavy lifting that most security companies charge a senior consultant for: turning raw technical findings into a plain-English summary, and helping our engineers analyse and apply fixes faster than a human team could on its own. Our engineers spend their time on the work that matters, not writing PDFs. You get senior-consultant quality without senior-consultant prices.
Wherever possible, we work with the tools you already have: whatever's native to your cloud first (Microsoft Defender, Google's security centre, AWS GuardDuty, etc.), then whatever else is in place. We want you to get value from what you already pay for. That said, our job is to give you the best service we honestly can, so if there's a genuine gap or a tool that's holding you back, we'll have an open conversation with you about new tooling. Never a hard sell, always with the trade-offs spelled out.
Microsoft 365 and Azure, Google Workspace, AWS, and Google Cloud. Same Foundry Cyber Benchmark across all of them. Most customers run a mix, and that's fine: we run one assessment, give you one set of findings, and one plain-English view of where you stand.
For Microsoft 365, we assume Business Premium or E3 as a starting point. These are the more business-grade plans, and most companies with 25 or more employees already have one. For Google Workspace, Business Standard or higher. For AWS and GCP, any active account with admin access works. Some advanced controls need higher-tier licences; those are flagged in your report as upgrade opportunities, never as failures.
Findings, reports and evidence live on our portal infrastructure, which runs in Microsoft Azure UK South and West Europe regions only. Where we can store evidence in your own cloud (such as SharePoint for Microsoft customers, or Google Drive for Workspace customers), we do. We are a UK company; your data stays within the UK and EEA, and does not leave those regions without your explicit consent.
Yes. If you're starting fresh (a new business, a spin-out, or a clean break from a legacy environment), we can set up a brand-new Microsoft 365, Google Workspace, AWS or GCP account for you and apply our security baselines from day one. You start clean, hardened by default, instead of inheriting years of historical drift.
Read-only access takes under an hour to set up. Your first plain-English report usually lands within 48 hours. We can start fixing things the same week.
CIS Controls and CIS Benchmarks are licensed content we've chosen not to redistribute. The NIST CSF, SP 800-53, and NCSC CAF cross-walks we do render cover ~90% of what a CIS-curious buyer is actually asking about: control coverage, evidence mapping, and audit-ready language for whoever's asking.
Onboarding new customers now
Tell us a bit about your business and what you're worried about. We'll come back with a plain-English view of where you stand and what we'd suggest doing first. Real people, real answers.
