FAQ

Frequently Asked Questions

Got a question before getting in touch? You’re not alone. Here are the things we’re asked most often.

About Blue Cipher

Do I need to already have a security team to work with you?

No — and most of our clients don’t. That’s often exactly why they come to us. We’re used to working with businesses where security is currently nobody’s job, or where it’s sitting on the desk of an IT manager who has ten other things to worry about.

We already have an IT provider or MSP. Do we still need you?

These are different things. An MSP manages your infrastructure — keeping systems running, handling helpdesk tickets, and maintaining your tools. We focus on strategy, risk, governance, and resilience — the questions your MSP typically isn’t set up to answer. In many cases we work alongside your existing provider, not instead of them.

Where are you based? Can you work with us if we’re not in Cambridge?

Blue Cipher is fully remote and works with clients across the UK. Location is never a barrier.

Are you just one person?

Blue Cipher is led by an experienced practitioner, but we draw on a trusted network of specialists depending on what each engagement needs. You’ll always have the right expertise for your situation.


Working Together

What does a typical engagement look like?

There’s no typical engagement — that’s intentional. We start with a discovery conversation to understand your business, then build a proposal around what you actually need. It might be a focused 4-week project, an ongoing fractional arrangement, or something in between. We’ll be specific in the proposal before any commitment is made.

How long does an engagement take?

It depends on the service and scope. A Fortify digital resilience assessment takes minutes to complete. A Secure Foundations engagement is typically 4–8 weeks. Fractional Leadership is ongoing by nature. We’ll always give you a clear timeline upfront.

Do you offer ongoing support or just one-off projects?

Both. Some clients bring us in for a specific project with a defined end point. Others retain us on an ongoing fractional basis. We’ll recommend what makes sense for your situation — and we won’t push you towards something you don’t need.

What happens at the end of an engagement?

Everything stays with you. Documentation, processes, decisions, and the reasoning behind them. We don’t build dependency on us — we build capability inside your business. If you never need us again, we’ve done our job.


Services & Scope

Can you help us pass a security questionnaire or achieve Cyber Essentials / ISO 27001?

Yes. This is one of the most common reasons clients come to us. Whether you’re losing deals because you can’t answer security questionnaires confidently, or you’re working towards a specific certification, we can help you get there practically and without unnecessary complexity.

We’re growing fast and security hasn’t kept pace. Is that something you can help with?

Exactly the situation we’re built for. Rapid growth typically creates gaps in access control, cloud configuration, data handling, and security ownership. We help you identify the most urgent risks and build a foundation that scales with the business.

Do you only work with tech companies?

No, though a significant portion of our clients are SaaS, FinTech, and professional services businesses. The underlying security and resilience challenges we address apply broadly to any growing UK business — sector matters less than situation.

We’ve had an incident. Can you help?

Yes. Contact us directly at admin@bluecipher.co.uk and we’ll respond promptly.


Fortify

What is Fortify?

Fortify is our digital resilience assessment platform. It uses an AI-guided conversation to assess your business across up to ten resilience areas and produces a scored report with prioritised recommendations. The free tier covers five core areas and takes 5–10 minutes.

Is Fortify just for technical people?

No — it’s specifically designed for founders, operations leads, and business owners who aren’t security specialists. The questions are written in plain language and the report explains findings clearly.

What’s the difference between using Fortify and hiring Blue Cipher directly?

Fortify is a structured starting point — it gives you and us a clear picture of where you stand. The paid tiers include a consultant-prepared report and follow-up sessions. For businesses that need ongoing hands-on support beyond an assessment, our consultancy services are the next step.


Pricing

How much do your consultancy services cost?

Consultancy services are scoped individually because every business is different. We don’t publish day rates or package prices because a number without context is rarely helpful. Contact us for a no-obligation conversation and we’ll give you a clear picture of what’s involved and what it would cost.

Why is Fortify priced separately to your consultancy services?

Fortify is a standalone product that can be used independently of any consultancy engagement. It’s designed to be accessible to any business, at any stage — including those not yet ready to engage a consultant.


Still have a question?

If something isn’t covered here, get in touch at admin@bluecipher.co.uk — we’re happy to answer before you commit to anything.

Scroll to Top