Two Researchers.
One Shared Obsession.
Plaidnox didn't begin with a business plan. It began with two security researchers who couldn't stop pulling threads — and a question that wouldn't go away: why are organisations still getting breached in ways that are entirely preventable?
Protecting people is why we do it. Every engagement leaves an organisation genuinely safer than it was before.
How It Started
We Started in a Room With Two People and a Shared Obsession.
In the early days, it was just the two of us — working through nights, running assessments, documenting vulnerabilities, and asking the same question over and over: why are organisations still getting breached in ways that are entirely preventable? Not because the threats were new. Not because the fixes were complicated. But because nobody had sat with them long enough to help them understand what they were actually up against.
We weren't building a company at first. We were building knowledge. We were reverse engineering applications, mapping cloud misconfigurations, digging into mobile security, exploring API attack surfaces, and documenting everything we found — not to sell a service, but because security genuinely fascinated us and the gaps we kept finding genuinely concerned us.
The more we looked, the more we found. And the more we found, the harder it became to look away.
That concern is what turned two researchers into a business.
Word spread the way it does in security — quietly, through trust. One engagement turned into two. Two turned into a handful. Organisations started coming to us not just because we were technically capable, but because we communicated differently. We didn't hand over a PDF and disappear. We stayed. We explained. We came back.
“The more we looked, the more we found. And the more we found, the harder it became to look away.”
How We Grew
Growing Into Something Bigger Than Either of Us Expected
As the work grew, so did the team. We brought in penetration testers, cloud specialists, application security engineers, compliance experts, and analysts — people who shared the same foundational belief that security is only valuable when the organisation on the receiving end actually understands it. Every person who joined Plaidnox came in knowing that this wasn't going to be a firm that ran assessments by the volume and moved on.
Today we're a team of more than 20 people. And we're still growing — in headcount, in capability, and in the depth of experience we bring to every client engagement. We've learned things along the way that no certification teaches: how to communicate risk to a board that isn't technical, how to support an engineering team that is under pressure, how to build trust with organisations that have been burned before, and how to be genuinely useful rather than just technically correct.
We're still learning. That's not a caveat — it's something we're proud of. The threat landscape doesn't stand still, and neither do we.
Our Values
What We Believe
Security Is a Practice, Not a Product
Security isn’t a compliance checkbox. It isn’t something you buy once and file away until the next audit cycle. It’s a continuous, evolving practice — and for most organisations, especially small and mid-sized ones, it’s a practice they don’t have the internal capacity to build and sustain on their own. That’s the gap Plaidnox exists to close. We believe that every organisation — regardless of size, sector, or budget — deserves to operate with genuine security capability. Not a certificate on a wall. Not a scan result in a shared drive. Actual capability: the knowledge, the processes, the controls, and the confidence to understand their risk and manage it over time.
Data Privacy Is a Right, Not a Regulation
We believe that data privacy is not a regulatory obligation to be managed minimally. It is a fundamental right that the organisations we work with have a responsibility to protect on behalf of every customer, employee, and partner who has trusted them with their information. We take that seriously. We take it personally. And we work with our clients as if it’s their customers’ data we’re helping to protect — because it is.
Enablement Over Dependency
The firms that make themselves indispensable by keeping clients in the dark are not acting in their clients’ interests. We measure our success by how capable our clients become, not by how much they need us. If we’ve done our job properly, your team understands your security posture, owns your security programme, and can make informed decisions without us holding your hand through every one. We’ll still be there — but you won’t need us to be.
Our Approach
Our Goal Is Guardrails, Not Gatekeeping
We want every organisation we work with to have guardrails. Not restrictions. Not a list of things you can't do. Guardrails — a structural foundation of controls, policies, and awareness that means when something goes wrong, and something always eventually goes wrong, the blast radius is contained, the response is swift, and the recovery is real.
Every service we offer, every assessment we conduct, every report we write, and every workshop we run is pointed at the same outcome: an organisation that is genuinely safer than it was before it worked with us.
Penetration Testing
Find what attackers would find before attackers find it
DLP Programmes
Protect data without obstructing the people who work with it
Cloud & Infrastructure
Surface the misconfigurations that cause the most damage
CSaaS for SMEs
An entire embedded security function without building from scratch
VETA Platform
Transparent, version-controlled security documentation
Security Enablement
SIEM, SOC, PAM, Firewall, Identity, Endpoint, Zero Trust
Every engagement is delivered via VETA — our platform for transparent, accessible, version-controlled security documentation — so your team has a clear, permanent record of your security posture and how it has evolved.
Why We're Here
We Don't Do This Because of Contracts.
We do it because of what we think is right.
There is no clause in a statement of work that obligates us to care about the outcome after we hand over a report. The contract is done. The invoice is paid. Most firms move on.
We don't, because that's not why we're here.
We got into security because we believe in it. We believe that the organisations we work with — the businesses behind them, the people who work in them, the customers who depend on them — deserve to be protected. Not adequately. Not sufficiently for compliance purposes. Actually protected, to the fullest extent that good security practice and honest, expert guidance can achieve.
That's an ethical position, not a commercial one. It means we tell clients things they don't always want to hear. It means we push back when we think a decision increases risk even if it's within scope. It means we stay engaged through remediation when we could have technically delivered on our obligations already.
It means we treat every organisation's security — and every person whose data sits behind it — as something that genuinely matters.
Security is what we do. But protecting people is why we do it.
The Road Ahead
Where We're Going
We're still growing. The team is expanding, the services are deepening, and the platform we've built around VETA is becoming the backbone of how we deliver, track, and continuously improve security outcomes for every organisation we work with.
But the ambition hasn't changed since it was two researchers in a room pulling threads. We want to make security accessible to every organisation that takes its responsibilities seriously. We want to be the firm that organisations grow with — not the firm they call once and forget. We want to leave every client more capable, more confident, and more genuinely secure than they were before we arrived.
That goal doesn't have a finish line. And we wouldn't have it any other way.
Ready to Work With Us?
Whether you need a penetration test, a DLP programme, a cloud security assessment, or a full embedded security function — Plaidnox is here to help your organisation get genuinely safer.
All engagements delivered and managed via veta.plaidnox.com