Lacuna Securities provides Human Centric Security™ that holistically fill your IT Risk, Data Protection and Cyber Security gaps. We offer Governance, Risk and Compliance (GRC) support from identification to technical security delivery including incident response and training. We also offer virtual services for data protection (vDPO) and information security (vCISO).
We are often asked to support our GRC services with technical delivery and we fulfil these requests through a network of trusted partners. Their values, experience and expertise complement ours to provide you with a holistic approach to Cyber Security.
Our team has an extensive IT Risk, Cyber Security and Governance background. We implemented well-received compliance processes and systems that make compliance evidencing easy. We can communicate with multiple stakeholders from technical admin, developers, managers and the Board.
Our cyber security professionals have more than 10 years of practical knowledge in Red team and penetration testing. In addition, our professionals have extended knowledge in IT corporate infrastructure, malicious activity simulation and social engineering.
We are value-driven, flexible and adaptable. We aim for your objectives and help your business to succeed.
At Lacuna Securities, we believe people, processes and technology work best together, with special focus on people at the core.
Our experience and expertise added value to industries within global Financial Services, Business Services, Software and Internet, Telecommunications, and Health. We are predominantly UK based though we do source highly skilled resources from Latvia depending on requirements.
From conversations about Data Protection and Cyber Security, we’ve learnt that these companies have three main challenges:
Compliance implementation, monitoring and reporting continuously takes additional time and resources. To assist, practical processes, suitable technologies and assigned accountabilities are crucial.
At Lacuna Securities, we always consider risk vs benefit analyses. We start by understanding the business, its’ information assets and how it operates. We identify security or compliance gaps and work with the business to establish the most suitable implementation plan. Together with the business, we will guide and help to operationalise this plan.
It doesn’t stop there. As compliance is ongoing, we help monitor, train and report on compliance to these implemented policies, processes, technologies and controls. When needed, we also liaise with the Information Commissioner’s Office on your behalf.
We offer practical solutions for operational processes, technologies that are suitable and assist in assignment of accountabilities to effectively make compliance part of your business.
What do we believe in
Lacuna Securities believe that People, Process and Technology work best together to provide a stronger, more secure environment for you and your company. If each is viewed in isolation, critical security and compliance gaps emerge that can lead to non-compliance and significant risks to the business.
My name is Sonya Stephens and I work in IT Risk and Cyber Security focussing on the Governance, Risk and Compliance (GRC).
I’ve spent over 20 years in big corporate companies building and improving Risk Management and Governance processes and controls. 15 of these years were within a large, global, financial services company. Here I held various senior positions such as Group Systems IT Security and Risk Manager, Senior IT Audit Manager and Product Development Senior Risk Manager.
One of the highlights in my career was the opportunity to be the Business Lead in designing, implementing, testing, rolling-out and the training of an in-house developed Sarbanes Oxley risk attestation software tool. This tool was extremely well received by the global user population for its practical methods and ease of use whilst being a compliance tool.
In today’s life and well into the future, there is so much of who we are living in the cyber world. This makes data privacy and protection hugely important. This includes effective user education and supplier assessments. For this reason, I welcome the Payment Services Directive (EU) 2015/2366 (PSD2), General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.
Yes, compliance is a pain for companies to implement, continuously monitor and report on. It is, however, a crucial activity to do and keep doing. There are many good people out there, but sadly there are also dangerous people living amongst us. Dangerous people that use our personal data, pretend to be us and to steal from us. As company owners we need to understand this and protect against it best we can.
Compliance in big corporates can be more complex than small-to-medium sized companies but all companies require scarce time and resources to manage this as the risks of non-compliance remain the same. When we share our own personal data with any company, we want to know it is kept safe, regardless of the size of the company.
I am a parent to a young boy. Amongst sporting activities, he enjoys watching YouTube and play online games such as World of Tanks and Fortnite. I educate him about the potential dangers of the online world and monitor his activities. But I am always cautious. I need to know that all companies take security of personal data seriously. I expect companies to protect the personal detail of my son, his friends, all other children and all people. I want companies to know that it is so much more important than a tick box exercise.
Being passionate about making compliance practical and easy, I promised myself I would do everything in my power to make it part of everyday, efficient business operations. That is why I am looking to get in front companies with a desire to improve their Data Protection and Cyber Security practices. Lacuna Securities can help with its practical implementation, monitoring and reporting.
I am an associate Chartered Accountant (Institute of Chartered Accountants in England and Wales) and completed my training at PwC. I also hold a Masters Degree in Computer Auditing, am a qualified Prince2 Practitioner and I passed the Certified Information Security Manager (CISM) exam within the top 20%.