Public sector digital services provider dxw is addressing the growing cyber security threat by launching a new company to help organisations ensure their digital services are secure and well protected against cyber-attack. dxw cyber will provide practical, hands-on expertise to help organisations improve their security culture and practices. The new company will work with leaders to improve risk awareness and governance, with assurers to help them better assess risk through high value penetration testing, and with implementers to increase their security capability and posture.
With nearly ten years of experience delivering digital services, dxw has developed an in-depth understanding of the practical security risks organisations face and how to mitigate them. This experience will now be used to benefit any organisation which is developing digital services and requires specialist security expertise to complement its in-house skills.
dxw cyber will be led by dxw founder and managing director Harry Metcalfe and CTO Glyn Wintle. Metcalfe has led dxw in the delivery of more than 45 public sector digital projects to date and is a well-known campaigner for a level playing field for SMEs on the government procurement frameworks. Wintle is a highly regarded penetration tester whose experience includes NHS, housing and central government organisations as well as private sector companies. His high degree of technical expertise ensures that testing leads to genuine security improvements, rather than being a ‘tick box’ based compliance exercise. He has worked closely with dxw for many years.
dxw cyber will be co-located with dxw in London’s Tech City and is building a new team of security experts to deliver its services. In creating dxw cyber, dxw will now trade as dxw digital.
With dxw cyber, Wintle hopes to encourage organisations to take a proactive approach to security rather than relying on remediation. “Just-in-time penetration testing is a back to front way to do security,” he says. “You end up trying to fix issues at a late stage, which is slow, disruptive, expensive and forces teams to make damaging trade-offs. It stems from an attitude where testing is seen as a formality and you hope that it won’t find any problems, whereas to be effective you should be proactively looking for vulnerabilities.
“We believe making a digital service secure from the start is much more efficient and manageable: this means working with leaders, assurers and implementers to develop a ‘security first’ culture.”
dxw cyber will tailor its services for each client but will typically include a combination of consultancy on risk and governance, a security expert embedded in a development, implementation or operations team and high value penetration testing, with regular progress reviews.
Metcalfe says the new company will approach security with the same attitude that it has used successfully to deliver digital services. “We intend to challenge the bad old ways of ‘don’t fix what isn’t broken’ by actually trying to break a few things or at least stress test them and in doing so bring a more contemporary mindset and culture to bear on cyber threats,” he says.
“We will help our clients to become more security aware and more self-sufficient, so that over time they need less support,” concludes Metcalfe. “If we can help them to make good security thinking a part of their culture, they’ll make better decisions and be able to design and deliver better, more secure services for users.”
Note to editors
1. Penetration testing at Thames Valley Housing Association
Thames Valley Housing Association (TVHA) has used Glyn Wintle to carry out the annual penetration test of its online payment and maintenance service (designed and implemented by dxw) for three years. He carried out white-box testing, where the tester is given access to the code and staging and consulted with developers to enable them to develop the most relevant tests. At TVHA Glyn discovered three zero-day vulnerabilities in third party services that TVHA depended on, and provided steps to reproduce these findings, which were then responsibly disclosed by dxw.
At the end of the testing, Glyn gave advice on several vulnerabilities in the service itself, as well as specific recommendations on application hardening and infrastructure changes to increase defence in depth. The entire dxw team received a thorough debrief with all of the findings and recommendations, enabling them to use the knowledge to improve the quality of their work across all their other projects.
Based in London’s Tech City, dxw provides user-centric digital services to the public sector via agile delivery. Founded in 2008 by Harry Metcalfe at the age of 25, the firm now has 35 staff, some 45 government digital projects to its name and a 40% growth plan in place for this year. The firm works with a wide range of public sector organisations in central and local government, the NHS and housing. Following the launch of dxw cyber in February 2018, dxw will now trade as dxw digital.
In 2017 dxw won an award for the Best Place to Work in Digital – SME and was shortlisted for the Digital Innovation in the Public Sector award at the Digital Entrepreneur Awards, while MD Harry Metcalfe won Young Leader of the Year in the Tech Leaders Awards.
For more information visit