Protecting organizations that refuse to compromise on cybersecurity

Experience the highest standard of manual penetration testing and security assurance

Drawing on experience from enterprise environments and highly-regulated industries such as banking, healthcare, national defence, and aerospace, our senior cybersecurity consultants turn findings into refinements your team can implement immediately.

Talk to our experts

All certifications conferred upon AMR CyberSecurity Limited remain valid under its current legal entity. The SOC 2 attestation applies to Infinum only.

Why security-focused teams choose us

Independently verified expertise

We hold NCSC CHECK, CREST, and STAR accreditations. We’re also a Cyber Essentials and Cyber Essentials Plus certification body, a PCI Qualified Security Assessor company certified to ISO27001 and ISO9001, and we maintain a SOC 2 attestation. This ensures our methods, reporting, and internal processes meet strict, internationally recognised security standards.

Experts who think like attackers

All testing is carried out by highly vetted consultants with extensive backgrounds in offensive security and secure software development. Our team holds recognised certifications, including CISSP, CHECK CTL, CHECK CTM, CREST, OSCP, CSTL, and CSTM, and has delivered CSAS-approved red-team engagements.

Clear reporting, immediate implementation

Our approach focuses on what attackers actually exploit, not theoretical checklists. You get a well-structured process from scoping to reporting, with reliable timelines and no surprises. Every finding includes clear remediation guidance and a plain-language explanation of business impact.

Cybersecurity services that strengthen your systems end-to-end

Penetration testing

Our certified experts mimic real attackers to uncover vulnerabilities across your systems and provide clear, actionable guidance to help you remediate them.

Certified experts

Industry-standard methodology

Practical remediation steps

Manual, tailored assessment

Clear, prioritised set of findings

Expert support through mitigation

Web pentest
Mobile pentest
API pentest
External infrastructure pentest
Internal infrastructure pentest

Cloud environment pentest
Wireless (Wi-Fi) pentest
Container/Kubernetes security assessment
Database pentest

Find out what a manual assessment uncovers

Red teaming

Exposing vulnerabilities in your organisation’s people, processes, and technology, providing intelligence-driven remediation strategies.

We develop tailored attack scenarios based on the risks your organisation is most likely to face, assess relevant threat actors and their access levels, and turn complex technical activity into a clear, prioritised report with practical guidance to help you reduce vulnerabilities.

Asset and threat identification
Custom attack scenario development
Comprehensive reporting
Alternative solution development
Actionable remediation guidance
Post-engagement support

Start your red team engagement

Secure Software Development Life Cycle (SSDLC)

Build secure software from the ground up or strengthen the security of systems already in production. Our team combines decades of deep development and security expertise to integrate security across every stage of your software lifecycle.

Talk to our experts

PRE-PRODUCTION

Requirements and planning

Threat modeling, secure requirements, secure architecture

Design and development

SCA, SAST, container scanning

Secure code review and testing

DAST, vulnerability scanning, penetration testing

PRODUCTION

Release and deployment support

Secrets management, secure transfer, and access management of package repositories

Maintenance and monitoring

Monitoring, incident response, patching

Secure architecture

Our experts assess existing and planned architecture, identify weaknesses, define security controls and patterns, and ensure that IT, cloud, and OT systems are designed and implemented securely.

Whether you need a single component reviewed or a full end-to-end architecture defined, we ensure security is built in from the first diagram through day-to-day operations, keeping your critical information and operations protected.

Security architecture design
Security architecture assessment
Security architecture implementation
Compliance and best practice alignment (standards such as ISO 27001, NIST CSF, PCI DSS, CIS Controls)

Talk to our experts

Governance, risk, and compliance (GRC) services

From core GRC support to specialised accreditation consultancy, our team helps you build a mature, resilient security framework that protects your organisation and meets the demands of modern regulation.

We embed security into everyday operations and give you the confidence that your governance, risk, and compliance obligations are fully covered. Whether you need hands-on policy work, certification support, regulatory compliance, or incident readiness, our experts bring clarity, structure, and practical guidance that lasts.

GOVERNANCE & RISK MANAGEMENT

Core GRC services
ISO 27001 compliance and certification support
GDPR compliance and DPO-as-a-Service

REGULATORY, INDUSTRY, AND UK GOVERNMENT COMPLIANCE

NIS2 compliance
PCI DSS compliance
SWIFT CSP consultancy
UK Government & CNI accreditation

RESPONSE & RESILIENCE

Incident response
Post-incident review and recovery support

Talk to our experts

PCI DSS compliance

Partner with a leading PCI QSA company in the UK and Europe and get expert, end-to-end guidance through the full assessment process.

We simplify the complexity, validate your security controls, and help you achieve compliance quickly and cost-effectively. If you need architecture guidance, documentation support, or full Level 1 assessments, our team will provide the clarity, expertise, and hands-on help to protect cardholder data and meet PCI requirements with confidence.

Pre-assessment support
SAQ & AoC assessment
RoC & AoC assessment
Security architecture

Talk to our experts

Operational technology (OT) security

We provide dedicated security assurance and testing services for organisations running OT environments, including ICS and SCADA systems, as well as those designing or supporting OT products.

Our specialists help you secure mixed IT–OT systems, validate controls, meet industry frameworks, and maintain long term operational resilience.

Risk assessment
OT product and component design assurance and security testing
System design assurance for IT and OT environments
Security testing of IT and OT implementations, including validation of control effectiveness
Compliance audits against ISA/IEC 62443 and NIST frameworks
Support for ongoing compliance with ISA/IEC 62443 and NIST frameworks
Bespoke training

Talk to our experts

MEET THE TEAM LEADING YOUR SECURITY PROGRAMME

Martin Walsham

DIRECTOR OF CYBERSECURITY, UK

A recognized cybersecurity leader with deep expertise in risk management, security architecture, policy development, accreditation, and security leadership. He has built strong relationships across industry, government, and regulators, and has helped shape security standards through research and his role on the UK CREST Executive Board.

Rachel Bi

SALES DIRECTOR, UK

Rachel is an experienced cybersecurity account director with a strong track record in delivering penetration testing, GRC, security architecture, and incident response services. With 15 years supporting UK and international clients across finance, government, telco, health, tech, and critical national infrastructure, she is a trusted partner to organisations seeking reliable assurance and high-quality service delivery.

Neven Matas

CYBERSECURITY TEAM DIRECTOR, EU

Neven is the Cybersecurity Team Director at Infinum, where he has spent 10 years building high-performing teams and establishing new security-focused services. He focuses on ensuring digital products are resilient against modern threats and aligned with best practices in secure software development.

Make security proactive, not reactive

Don’t risk getting compromised.