Cyber Security & Penetration Testing

Who We Are

Offensive mindset. Defensive mission.

Hedgehog Security is a specialist cyber security consultancy based in the old Officers Mess at the historic RAF base at Duxford in the United Kingdom, and we can often be found working from the historic USAF base at Fowlmere, just 2 miles down the road. We provide penetration testing and Cyber Essentials certification services to organisations of all sizes — from startups handling their first compliance requirement to enterprise firms managing complex, multi-cloud estates.

We come from the DEFCON trenches — CTF winners, bug bounty hunters, and red team operators who've seen the worst the internet has to offer. We channel that knowledge into defending your organisation with the same creativity and tenacity the real adversaries use.

But we also speak your language. Our reports are clear. Our advice is practical. And our mission is simple: make you so hard to breach that attackers move on to easier prey.

Our Values

What we stand for.

Transparency

No hidden fees, no vague findings, no hand-waving. Every engagement comes with a fixed-price quote, a clear scope, and reporting you can actually understand and act on.

Depth Over Breadth

We don't run a scanner and call it a pen test. Our testers manually investigate, think creatively, chain vulnerabilities, and demonstrate real business impact — not just theoretical risk scores.

Partnership

We're not here to scare you into buying more services. We're here to make you genuinely more secure. If you don't need something, we'll tell you. If you do, we'll explain why.

Practise What We Preach

This very website uses no analytics, no tracking, one cookie, and a hardened WAF. We hold ourselves to the same standards we assess our clients against — and then some.

Clear Communication

Security is only useful if people understand it. We produce reports your board can read in 10 minutes and your engineers can action the same afternoon. No jargon for jargon's sake.

Integrity

We handle sensitive access to your systems. That trust is sacred. Every tester is vetted, every finding is confidential, and every engagement is governed by a signed agreement with clear rules of engagement.

Credentials

Certified. Accredited. Trusted.

We hold the certifications and accreditations that matter — not just for show, but because they reflect the standard of work we deliver.

Credential	What It Means
CREST Member	The international not-for-profit accreditation body for the cyber security industry. CREST membership means our processes, methodologies, and testers meet the highest professional standards.
CHECK Approved	The NCSC's scheme for approving companies to conduct authorised penetration testing of public sector systems through the CREST scheme. CHECK approval for penetration testing at local government level.
IASME Assessors	Accredited to assess and certify organisations under the Cyber Essentials and Cyber Essentials Plus schemes on behalf of the NCSC.
OSCP / OSCE Holders	Offensive Security Certified Professional and Certified Expert — rigorous, hands-on certifications that require passing a gruelling practical examination, not a multiple-choice test.
CREST CRT / CCT	CREST Registered Tester and Certified Tester qualifications — the industry standard for individual penetration testers in the UK.

The Name

Why Hedgehog?

Hedgehogs are small, unassuming, and easy to underestimate. But when threatened, they curl into an impenetrable ball of spines that makes predators think twice.

That's exactly what we do for your organisation. We help you present a defensive posture so thorough that attackers move on to softer targets. Small team, serious spines.

Or as we like to put it: keeping the pricks on the outside.

hedgehog.conf
species       = Erinaceus europaeus
defence       = 5,000+ keratin spines
strategy      = curl into impenetrable ball
predators     = discouraged
also_good_at  = eating bugs# the software kind too

Work With Us

Let's talk.

Every conversation starts with understanding your challenges. No hard sell, no obligation — just honest advice from people who've been doing this for a long time.

Get in Touch Pen Testing Cyber Essentials