Cyber security assurance since 2013
Danielyan Consulting is a UK-based specialist provider of cyber security assurance services including penetration testing, security engineering, AI security assurance and incident response since 2013.
As businesses increasingly integrate AI into their operations and products, the attack surface is changing. Danielyan Consulting helps organisations understand and manage the security risks that come with AI adoption-from data exposure through LLM integrations to adversarial threats targeting machine learning pipelines. The approach combines traditional security engineering discipline with practical knowledge of how AI systems fail.
All services are personally provided by a senior accredited consultant with over 20 years of experience, who is also an accredited expert witness and published author.
Cyber Security Assurance Services
Web app penetration testing
Penetration testing of Web applications involves the identification of security weaknesses and vulnerabilities caused by insecure coding practices, misconfiguration and bugs. It is usually performed on a test instance of the application but can also be performed on live instances if required.
Infrastructure penetration testing
Infrastructure penetration testing identifies vulnerabilities and misconfigurations that can be exploited to obtain unauthorised access to data, systems or hosted applications. Specific testing activities and methodologies may differ depending on the scope and objectives of the infrastructure testing engagement.
API penetration testing
More and more applications depend on publicly accessible Application Programming Interfaces (APIs) to provide their core functionality as well as to integrate with or extend other applications and data sources. With all the versatility and features of APIs come potential security weaknesses and vulnerabilities.
Security engineering & design
Security engineering is the methodological identification and specification of security requirements and their design and implementation in a given system or application taking into account its environment, users and business objectives.
Incident response & investigations
Incident response is a coordinated effort to rapidly respond to a security incident in the most efficient, cost-effective manner. The goal of incident response is to quickly identify an attack, minimise its effects, contain the damage, as well as identify and remediate the root cause of the incident to reduce the risk of future incidents.
AI security assurance
Independent assurance that your AI systems are secure, compliant and resilient to misuse, from LLM integration reviews and prompt injection testing to data governance and third-party AI risk assessments.
Free initial consultation
A free initial consultation is available to all clients. This session provides an opportunity to understand your unique security posture, discuss your concerns, adapt the approach to meet your specific needs and provide a tailored and competitive quote.
Free retesting of identified findings
Following the testing, assessment and identification of any weaknesses and vulnerabilities, the commitment to your cyber security extends to a free retest of any identified findings. This ensures that any vulnerabilities discovered during the initial assessment are effectively addressed, reinforcing the security of your systems and providing evidence-based assurance at the end of the engagement.
Free remote remediation consultancy
Recognising the importance of not just identifying but also remedying security weaknesses, complimentary remote remediation consultancy is provided to help your IT or development team to address them. This service is designed to support your team in implementing the necessary changes, providing expert advice and guidance every step of the way.
Free certificate of testing
Upon completion of penetration testing, where no critical or high-risk findings are identified, or upon the full remediation and retesting of such findings, a certificate of testing is issued alongside the detailed report. This certificate can be shared with third parties, such as clients and partners, as a tangible demonstration of your commitment to cyber security without sharing the confidential details in the report.
Securing AI in Your Business
AI introduces risks that traditional security testing does not usually address. Whether you are integrating LLMs, adopting AI-powered SaaS tools or building intelligent features into your product, you need confidence that these systems are as secure and compliant as possible.
- AI integration security reviews
- LLM prompt injection testing
- Security reviews of AI vendors and APIs you depend on
- Good practices for AI adoption across your organisation
- Secure AI integration advice
Danielyan Consulting in numbers
What clients say
Codat has engaged Danielyan Consulting as our third party security consultant since the business first started in 2017. Danielyan Consulting have been a consistently excellent partner, taking the time to fully understand our systems and providing testing and advice tailored to our specific needs. They simultaneously make sure we have all the industry-standard boxes ticked, providing us with certificates and reports that are invaluable to our sales and compliance processes. We would not hesitate to use Danielyan Consulting again for our security testing, and regularly recommend them to other companies.
WorkInConfidence engaged Danielyan Consulting to carry out penetration testing on both our SpeakInConfidence and ReferenceInConfidence products. This took the form of an initial test to baseline where we were and then a second test after we had implemented recommendations from their report. Edgar was very good at explaining the process that was to take place and providing support as we got to grips with the outcome of his initial report. It was a very worthwhile exercise and we would definitely use Danielyan Consulting again for our future security testing.
Edgar was hired to perform a penetration test on the Derivitec Risk Portal in December 2014. I found Edgar to be very professional and diligent in his work and we were very happy with his analysis and follow-up report. I will continue to use his services in the future and would highly recommend him to other companies.
Edgar was recommended to me by a friend and colleague, as a knowledgeable and trustworthy advisor and consultant on security matters. Edgar has helped Elbi Digital advance the security of its platform by providing security consultation and expert external application penetration testing. As part of his consultancy he educated and advised the whole tech team on processes and software solutions to make the platform as secure as possible against the OWASP Top 10 at launch, and to remain as secure as possible in the future.
Edgar possesses a fantastic depth of knowledge in both theoretical and practical aspects of cybersecurity. His ability to translate complex technical information into clear and understandable terms highlights his exceptional communication skills. His professionalism is exemplary, as he consistently approaches tasks with diligence, attention to detail, and integrity. Edgar's ability to identify vulnerabilities and provide actionable insights to enhance cybersecurity defences effectively.
Highly professional service. A great comfort to have Edgar's support.
Edgar is a consummate security professional. He goes above and beyond when explaining and executing processes and strategies for identifying threats and attack vectors. Then, when explaining the identified security issues he is super helpful in guiding teams through what is deemed as an appropriate/acceptable response.
Edgar has made an enormous difference to security at the institute, bringing not only wide experience and knowledge but also the rigour and discipline this area requires, though always coupled with a willingness to discuss and explain issues and see things from multiple perspectives.
Principal Consultant
Experience
Senior cyber security specialist with over 20 years of experience in security engineering, penetration testing, security management, intrusion analysis and security audit at organisations such as Microsoft, Skype, Citigroup, Deloitte, the Institute of Cancer Research and the Royal Bank of Scotland. Elected Chartered Fellow of the British Computer Society in 2006 and left Microsoft to set up Danielyan Consulting in 2013. Registered with the Council of Registered Ethical Security Testers (CREST) and regulated by BCS, the Chartered Institute for Information Technology. Accredited as an expert witness by the Cardiff University Law School since 2022.
Publications
Internationally published author of books and articles on computer security since 2001.
Qualifications
- CREST Practitioner Security Analyst (CPSA, 2021)
- CREST Practitioner Intrusion Analyst (CPIA, 2021)
- CREST Registered Penetration Tester (2014)
- AWS Certified Cloud Solutions Architect (2014)
- CREST Registered Technical Security Architect (2013)
- BSI ISO 27001 ISMS Lead Auditor (2007)
- Certified Information Security Manager (CISM, 2006)
- Chartered IT Professional (CITP, 2006)
- Information Systems Security Management Professional (ISSMP, 2005)
- Information Systems Security Architecture Professional (ISSAP, 2004)
- Certified Information Systems Auditor (CISA, 2004)
- Certified Information Systems Security Professional (CISSP, 2003)
"Security is a process, not a product."
"Testing leads to failure, and failure leads to understanding."
"To know how things really work, study them when they are coming apart."
"There is a difference between trusting an AI and an AI being trustworthy."