Wightman Brown Limited

Independent • Pragmatic • UK‑based

Pragmatic information security & risk consulting within your means.

I help small organisations make informed, defensible decisions about information risk, systems architecture, and security controls—using clear language, not jargon. Based in Cheltenham; working across the UK and remotely.

Book a chat View services

Services

Fixed‑scope mini‑engagements and flexible advisory support. No nonsense, no vendor lock‑in.

Information Risk Assessment

Identify key information assets, rate impact & probability, and prioritise controls using a clear 5×5 model.

Security Architecture Review

Lightweight review of network, identity, logging and data flows; practical roadmap aligned to ISO 27001 / CIS v8.

Policy & ISMS Starter

Right‑sized policies (British English), SoA templates, and procedures that people will actually follow.

Supplier & Vendor Risk

Simple supplier questionnaires, proportionate due diligence, and clear pass/fail criteria.

Secure Foundations

Hardening baselines for Microsoft 365, endpoints and cloud services; practical monitoring & logging standards.

Fractional Security Advisor

Ongoing advice by the hour—budget‑friendly guidance for small teams without a full‑time specialist.

Approach

Plain‑English, outcomes‑first. Measured by decisions made and risks reduced.

  • Start with the business — map services, assets, and processes
  • Use a transparent 5×5 impact/probability model
  • Choose controls you can run sustainably
  • Document just enough to be repeatable
  • Implement feedback loops (Plan–Do–Check–Act)

Typical Outcomes

Within 2–6 weeks, clients often have:

  • A prioritised risk register & action list
  • A baseline set of policies & procedures
  • A simple supplier‑risk approach
  • Clear logging & monitoring standards

About

Independent consultant in information security, information risk and systems engineering, based in Cheltenham.

I work with small organisations, start‑ups and public‑sector teams to make sensible, defensible choices about security. I combine hands‑on technical experience (networking, logging, identity) with pragmatic governance (ISO 27001, CIS v8).

Engagements are short, focused and designed to leave you more capable than when we started.

Focus Areas

  • ISO 27001‑aligned ISMS (lightweight)
  • Security architecture & zero‑trust basics
  • Supplier due diligence & questionnaires
  • Logging, monitoring & event standards

Contact

Prefer email? Use the form or write to info@wightmanbrown.ltd.uk.




Opens your email client

Practicalities

How we’ll work

  • Week‑notes & a single shared action list
  • Short, focused workshops (60–90 minutes)
  • Transparent day‑rates & capped budgets
  • Remote‑first with optional on‑site days

Standards & Ethics

  • UK GDPR‑aware ways of working