Q&A: Bridewell on US expansion and Microsoft partnership

Cyber security services company Bridewell are going west on a US adventure, in response to new threats that require specialist cyber expertise

Bridewell is a cyber security services company that specialises in protecting the data and reputation of organisations in highly complex and regulated industries, such as critical infrastructure and financial services. Their services include cyber security, 24x7 managed detection and response, and penetration testing, with a team of over 110 cyber specialists.

One of the most important things about Bridewell, is their ambition to ensure that cyber security is seen as an enabler of transformation and business. They are focused on delivering large-scale cyber security transformation programmes and helping protect some of the largest organisations in the world, with some notable public cases such as Manchester Airport Group and the UK Census 2021.

In October 2021, they also became the UK’s first cyber security company to achieve carbon negative status, through a combination of initiatives, including a switch to renewable energy, offsetting and climate projects.

Co-CEO Scott Nicholson answers our questions on the recent US expansion and their Microsoft partnership…

Why has Bridewell made the decision to expand into the US market?

“The US has always been a key growth market for us, both in terms of our existing client base and the broader market opportunity. However, our strategy has always been to expand where there is a great need for our unique capabilities. With North American organisations increasingly realising the importance of improving their cyber security posture, Bridewell’s experience delivering cyber security consultancy and industry leading managed detection and response services across critical infrastructure makes us well positioned to serve their current and future needs.

We’re highly accredited and have deep technical experience with some of the world’s largest critical infrastructure organisations in industries such as transport and aviation, energy and financial services. We see a major opportunity to help US organisations reduce risk and build cyber resilience amid rising cyber threats. A higher volume of attacks and new, innovative attack vectors are significantly outpacing regulation, policy and strategies in the US, which requires that organisations in the region take appropriate measures to ensure they remain secure.”

Why is the cyber threat in the US so prominent today? 

“It’s a myriad of factors, including escalating geopolitical tensions such as the recent Russian aggression against Ukraine. This has given a renewed sense of urgency to the need to strengthen cyber defences against nation-state attacks, with Russia already possessing a track record in targeting critical infrastructure.

A greater number of US companies are pursuing digital transformation and need to ensure that these initiatives don’t come at the cost of security. Then there’s also the growing threat of ransomware with new methods like Human Operated Ransomware enabling criminals to infiltrate organisations for extended periods before launching devastating attacks.

Another key driver, I think, is that more companies are wanting to use cyber security as a differentiator. By achieving compliance with certain frameworks, they can provide customer assurance, digital transformation, cloud adoption and mitigate the increased threat from nation states.”

Are there any other cyber challenges facing US businesses?

“It’s a known fact that there’s a growing cyber skills shortage. This has been compounded by businesses migrating their data and applications to the cloud, which requires organisations find people with appropriate skills in securing these environments and using the relevant tools. Today, a traditional Security Operation Centre (SOC) typically requires at least 40 different tools to cover the cloud and every other possible vulnerability, each of which needs to be expertly configured, supported and importantly monitored effectively 24/7.

For critical infrastructure, there is also the challenge of blurring boundaries between IT and OT security. Increasing connectivity for their infrastructure that was previously air-gapped affords CNI organisations many benefits, but it can be hard to drive these initiatives while still meeting system uptime requirements.

Ultimately, organisations are struggling to recruit people with these much-in-demand skills which, in turn, constrains their ability to digitise and transform at scale. By providing our own expertise to the market, we’re hoping to help businesses in the region to overcome these challenges.” 

What makes Bridewell unique in the cyber security sector?

“I think there’s a few things that make us unique. First, our vertical focus on critical infrastructure and financial services sets us apart as cyber security innovators and leaders within the most complex and highly regulated sectors.

Secondly, the strategic insight, technical expertise, and deep experience of our people. They have a strong understanding of Operational Technology (OT), Information Technology (IT) and public cloud infrastructure, combined with significant industry experience that allows them to truly understand the needs of organisations. This means that we’re uniquely placed to bring robust and resilient cyber security solutions to North American organisations at a time when they need it most.

We also believe in contributing to the wider cyber community and inspiring positive change. We are strong advocates for sustainability, providing education and support to the next generation and the sharing of cyber threat intelligence. 

Finally, I believe our ethos makes us stand out in the market. Our clients trust us not just because of our depth of experience, but because of our purpose-driven, people-focused, and holistic approach to cyber security. Companies choose Bridewell because they want to deliver business impact and positive change.”

Which of your partners do you expect to bring to the US?

“One of our key partners is Microsoft. We’re part of the Microsoft Intelligent Security Association (MISA), with Cloud Security and Threat Protection advanced specialisations. Our competence with the Microsoft Security Stack is reflected in the fact that we were one of the first organisations to deploy and manage Azure Sentinel throughout EMEA within our 24/7 Security Operations Centre. Bridewell also has wider multi-cloud capability across a range of cloud service providers.

We’ve also supported numerous organisations to transition from multiple suppliers and products to one, unified approach by utilising Microsoft’s next-generation protective technology. This has included Microsoft Defender for Endpoint, Identity and Office 365, while also leveraging our expertise in these technologies to deliver high levels of automated response to security events and incidents.

It’s a proud distinction for us and we’re looking forward to working more closely with Microsoft in the delivery of security operations transformations for our US clients.”

Share

Featured Articles

Healthcare, finance and the impact of quantum computing tech

As quantum computing attracts worldwide attention, we explore how the healthcare and finance industries will benefit from this super-efficient technology

The drive for diversity and inclusion in the space industry

More women and ethnic minorities are joining the space industry, but the drive for D&I is not over. Here we look at the steps already taken in the industry

Trailblazer - Zendesk CTO, Matthias Goehler

As CTO EMEA at Zendesk, Matthias Goehler uses innovation to tackle future challenges. He shares more on Zendesk’s quest to understand their customers

What makes a great working culture?

Enterprise IT

‘It’s the era of no-code,’ says Smartsheet CEO

Enterprise IT

Exec Q&A with Steve Neat, GM EMEA, Alation Inc.

Data & Data Analytics