MDSec Consulting Ltd

MDSec Consulting Ltd is a vendor-neutral technical security consultancy based in the UK, holding CREST accreditation since December 2012. The company provides a range of offensive and defensive cybersecurity services to organisations including FTSE100 companies across financial and insurance sectors. Their core service offerings include penetration testing across infrastructure, web application, and mobile disciplines, delivered by consultants holding multiple CREST certifications. MDSec also conducts intelligence-led penetration testing and red team engagements under frameworks such as CBEST (Bank of England), GBEST (UK Cabinet Office), TIBER-EU (European Central Bank), and STAR-FS, simulating advanced adversarial threats including phishing, physical security, browser and mail-based exploitation, and full Cyber Kill Chain assessments using custom tooling and proprietary tradecraft. Incident response services are offered on a retained 24/7/365 basis, as well as standalone engagements covering emergency response, compromise assessments, host forensics, incident response readiness assessments, tabletop exercises, and malware analysis. MDSec is also NCSC CIR and CHECK accredited. Beyond client services, MDSec develops training, tools, and methodologies used by other security consultancies, internal development teams, and end users in mobile, web application, and infrastructure security. The company employs between 1 and 100 staff.