A world class technical team
Helping you secure your digital assets
Our focus is always providing the best quality and highest standard of service available, while treating our client relationships more as partnerships than the traditional client/supplier model. We find this achieves more effective results through a mutual understanding of our clients’ security needs.
edgescanTM is a managed security service. Focusing on continuously discovering security vulnerabilities on your websites and servers.
Think of it as a continuous security assessment which you can schedule as much or as little as you want. edgescanTM helps level the Internet security playing field by assessing your systems as a hacker would.
Many of our services can be coupled together for deeper understanding of risks faced and better assurance. We found that a "one solutions fits all" approach does not work and often proves to be a more expensive option in the long term.
BCC Risk Advisory provide technical security and advisory services designed to assist you in achieving a more robust security posture. We have the experience and knowledge to assist with managing the risk and exposure to your systems, and ultimately your business.
We can assist you with your compliance, regulations and control challenges, such as the Payment Card Industry Data Security Standard (PCI DSS), COBIT, ISO 27001 (formerly 17799), GLBA, and many more.
We provide custom training and assessment solutions – from phased to hybrid approaches to development assistance and test solutions. We have the experience to assist your needs.
Risk based solutions
Our approach and scoping of any engagement is based on identifying the potential risk and impact of the item in question, mapping the system to business criticality and recommending an appropriate solution.
Our solutions can be used to drive down the cost of security. We believe our services can benefit any organisation and identify the root causes of insecurity in order to assist you focus your finite resources.
We provide world class penetration testing, security assessments, policy development, source code review and technical & executive security training. Based on OWASP, ISO and industry best practices. We provide managed security services (MSS), edgescan.com and support on demand.
Technical Training is aimed at development and security staff in areas such as:
Secure application development (Java, Web, .Net etc) and Web application pen testing.
Our training combines theory and practical labs in order to both learn by example and also understand the fundamental issues and causes of insecurity. Our training is based on OWASP best practice as our lead technical staff have contributed to OWASP books and guides such as OWASP Testing Guide and the OWASP Code Review Guide.
Our team have delivered such training to many large global organisations and can even customise the training to an individual organisations technology and the particular issues they face.
Our executive and management training is aimed at individuals such as Risk managers, CISO's & IT Security managers.
Its focus it to gain an understanding of the issues related to Internet Security and associated business risk. It covers off approaches to addressing common issues when managing the security of an organisation from an executive level and arms management with the knowledge to make informed decisions. It also assists executives with understanding what is required to be compliant with industry regulations (PCI-DSS, GLBA, HIPPA) and regional regulations such as data protection.
edgescanTM - Detects security weaknesses in your entire digital-asset-estate: websites, apps (mobile/web/cloud), software, servers and networks.
BCC Risk Advisory have developed edgescanTM, a digital security solution to improve your defence against cyber-attacks. edgescanTM detects security weaknesses in your entire digital-asset-estate: websites, apps (mobile/web/cloud), software, servers and networks.
edgescanTM allows for security assessments that are affordable for everyone and provide dramatically better value for money than traditional approaches to digital security. With edgescanTM you can maximise your time and get:
Upskilling our clients empowers them with better understandings of risk, technical security & preventative activities.
BCC Risk Advisory support The Open Web Application Security Project foundation (OWASP.org) and assist the foundation with resources and subject matter experts which helps drive the OWASP mission of addressing the causes of application insecurity.
OWASP was founded over a decade ago in response to the need for accurate and high quality security advice and resources delivered via open source licensing.
Check out our free OWASP training slides and papers: [e.g. OWASP Testing Project, OWASP Code Review Guide, OWASP Software Assurance, training slides on owasp.org etc.]
BCC Risk Advisory was founded by myself in 2011 out of frustration with the direction the security industry was taking.
Developing secure robust systems can be easier than one thinks assuming one knows what the potential security issues are. It's my view that there was always a disconnect with security folks and the people developing and maintaining systems. In order to help bridge this gap we instil a development culture in all our engineers and consultants; "Don't be afraid to experiment, fail, learn and repeat". Many of our staff have a development background and/or are certified developers of one kind or another. In order to help secure systems we need to embrace the "builder" (developer) mentality, understand pitfalls and also provide pragmatic advice and assistance. We are keen to empower developers and businesses alike with the correct knowledge and understanding of the risks associated with doing business on the Internet. Communication and a common language is of key importance when helping to address system security.
We believe our approach to web and software security is "bleeding edge" and a result of over 15 years of assisting organisations with system security. We assist organisations, both large and small, with managing technical, logical and business risk and believe security is based around understanding the fundamentals of how software and the Internet works.
We understand what real risk "looks like" and strive to help organisations understand what cyber attackers look for when attempting to breach corporate systems.
Our culture is all about being mature about risk and security; Understanding the bridge between technical vulnerability and business risk.
We pride ourselves in relation to upskilling our clients in terms of awareness and technical knowhow. We want our clients to undergo continuous improvement and learn from any mistakes which may (and do) occur when building software systems to enable and improve business process and productivity.
Our Delivery Approach
We understand the complexities and complications of managing and delivering security services in a variety of environments.
We are passionate about securing the Internet and support many non-profit groups to this goal. Our aim is to provide honest, pragmatic and robust solutions to our clients.
Skills: Director/Founder/CTO of BCC Risk Advisory & Chief Security Architect of edgescan
Eoin is the founder and heart of BCC Risk Advisory and the Principal Architect of the edgescan.com vulnerability service. He is a Global Board member of OWASP, a not-for-profit charitable organisation and open community dedicated to web application security.
Eoin has over 14 years of experience in software security and penetration testing. He led a global attack and penetration team for a “Big 4” professional services company for 4.5 years. He also has in-depth experience of application and network penetration testing and has worked in this area with many local and global institutions.
Eoin is a trained ISO27001 Lead Auditor, an experienced instructor and speaker at conferences. He has thought over 1000 developers in secure application development techniques since 2012, including delivering classes in Texas, San Francisco, Amsterdam, London and Dublin.
Position: Director and Chief Financial Officer
Skills: Software Development, Public Speaking
Alan is the Co-founder and Chief Financial Officer of BCC Risk Advisory. He is a qualified accountant and Fellow of the Institute of Chartered Certified Accountants. Alan has over 22 years’ experience within the financial sector and has gained a huge wealth of business knowledge and expertise as a partner in Byrne Clarke Connolly Accountants and Registered Auditors.
Position: Technical Principal &
Director of Information Security
Skills: Business, Ecomonics, Business Relations, Software Development
Rahim is the Technical Principal and Director of Information Security at BCC Risk Advisory. He has over 10 years of application development/code development experience, and over 8 years of information security and risk management experience.
Rahim worked as a Senior Security Consultant for Ernst & Young’s Risk Advisory Services. There he worked on multiple penetration testing, IT security and IT forensics engagements for a broad range of companies in Ireland, the UK, Europe, Middle East and the US. Rahim also worked as Head of Product & Operational Security for Fonality Inc., and was involved in security architecture, security management, application & network penetration testing, VOIP security and incident response.
Rahim has been involved with the OWASP community since 2007 as an Advisor and Board member of the Irish chapter, a reviewer for the OWASP Code Review Guide, and a contributor to the OWASP SAMM Project (Software Assurance Maturity Model).
Position: Lead Developer
Skills: Software Development, Public Speaking
Owen is the Lead Developer at BCC Risk Advisory and the edgescan.com vulnerability service. He has a background in mathematics, physics and real-time interactive development. In 2012, Owen completed an MSc in Computer Science from Trinity College with his thesis being on ‘Sparse Voxel Octrees and Realtime Illumination’. He has over two years of experience in developing and maintaining software with a large user base as well as over three years of teaching experience in web development and game programming.
Position: Vice President, Global Sales
Position: Director & Chief Operations Officer
Position: Marketing Administrator
Position: Solutions Architect
Position: Information Security Consultant
Position: Information Security Consultant
Position: Web Developer
Position: Security Engineer
Michael has a background in pure mathematics having completed an MSc in 2009 from Trinity College in the area of Operator Algebras. He has experience in teaching mathematics, IT consultancy and also the financial sector where he worked for two years as a risk analyst with a major Irish bank. In 2014, Michael completed an MSc from DCU in Security and Forensic Computing.
"The penetration testing services provided by BCC Risk Advisory and the quality of their associated reports, provided us with the security assurance that we required and also provided tangible information on the areas where security could be improved. Prior to using their services we relied upon inconsistent pen testing methodologies, which provided little in the way of supporting information and report interpretation proved difficult. In addition I will say that their support and service is beyond any expectations. Overall, BCC Risk Advisory have proven to be an excellent security partner."
Security Architect, AIB
Ballybin Rd, Ashbourne,
Tel: +353 (0)1 6815330