My name is Tim Stamp. For more than 10 years I worked as a Software Engineer, Security Engineer, and most recently Security Architect, and throughout that period I was employed full-time within the Civil Service and private sector businesses.
Over the past few years I have come to realise that small businesses have very mixed experiences and approaches to security, but one common pattern has become apparent:
Small businesses cannot justify the cost of hiring full-time staff exclusively in a security role.
And nor should they have to!
In my experience, one week of investigation typically raises enough issues that it takes weeks if not months to resolve them all - and during this time the security engineer is mostly uninvolved, as the issues need to be fixed by those who built or maintain the systems.
Instead, the security engineer spends their time undertaking tasks that are often only necessary for large organisations, such as account auditing, installing and maintaining security appliances, traffic analysis, and working with operations staff to maintain a secure infrastructure.
Consequently, many small companies operate with little to no input from someone with security experience.
For this reason, I’m setting up a Security Consultancy based in Brighton, initially only for Brighton and Sussex-based small-businesses. The intention is to offer my time in 1-week blocks to local companies, where I can advise on a range of issues and work closely with developers to raise the level of security and awareness of their products, and of their company.